You can force a login to use a specific authentication process by using these parameters for alter login and create login:
ASE – use Adaptive Server internal authentication using passwords from syslogins table.
LDAP – use external authentication with an LDAP server.
PAM – use external authentication with PAM.
ANY – by default, users are authenticated using this authentication method. A user with ANY authentication means that Adaptive Server checks if there is any external authentication mechanism defined, and if there is, it is used. Otherwise, it uses Adaptive Server authentication.
Adaptive Server checks for external authentication mechanisms in the following order:
LDAP.
Pluggable Authentication Modules (PAM). If both LDAP and PAM are enabled, PAM authentication is never attempted for a user.
If neither PAM nor LDAP is enabled, Adaptive Server uses syslogins to authenticate the login.
Login accounts such as “sa” continue to be validated using the syslogins catalog. Only the SSO role can set authenticate for a login.
For example, the following authenticates the login with alter login:
alter login nightlyjob modify authenticate with ASE sp_displaylogin "nightlyjob"
Displays output similar to:
Suid: 1234 Loginname: nightlyjob Fullname: Batch Login Default Database: master . . . Date of Last Password Change: Oct 2 2003 7:38 PM Password expiration interval: 0 Password expired: N Minimum password length: Maximum failed logins: 0 Current failed login attempts: Authenticate with: ASE
