The fundamental security service is login authentication, or confirming that users are who they say they are. Login authentication involves user names and passwords. Users identify themselves by their user name, then supply their password as proof of their identity.
In Sybase applications, each connection between a client and a server has one user name associated with it. If the application uses a security mechanism, then Sybase uses the mechanism to authenticate this user name when the connection is established. The advantage of this service is that the user name/password pairs can be managed in a central repository, and not in the system catalogs of individual servers.
When an application requests to connect to a server using network-based authentication, Client-Library queries the connection’s security mechanism to confirm that the given user name represents an authenticated user. This means that users do not have to supply a password to connect to the server. Instead, users authenticate themselves to the network security system before the connection attempt is made. When connecting, Client-Library obtains a credential token from the security mechanism and sends it to the server in lieu of a password. The server then passes the token to the security mechanism again to confirm that the user name has been authenticated.
The following properties are related to login authentication:
Property |
Description |
|---|---|
CS_USERNAME |
Specifies the user name to connect with. |
CS_SEC_ NETWORKAUTH |
Enables network-based user authentication. |
CS_SEC_ CREDTIMEOUT |
Tells whether the user’s credentials have expired. |
CS_SEC_ SESSTIMEOUT |
Tells whether the session between the client and the server has expired. |
CS_SEC_ MUTUALAUTH |
Set by client applications to request that the server authenticate itself to the client. |
CS_SEC_ DELEGATION |
Set by client applications to permit a gateway server to connect to a remote server by using the client’s delegated credential token. |
CS_SEC_ CREDENTIALS |
Used by gateway applications to forward a delegated credential token from the gateway’s client to a remote server. |
Network-authentication is supported by all security mechanisms. Credential and session timeouts are supported by some but not all security mechanisms. See the Open Client and Open Server Configuration Guide for information on which services are supported by which security mechanisms.
See the Open Client Client-Library/C Reference Manual for more information about these security services, and about use of security services in client applications.
