Server-Library versions 11.1 and later support Kerberos security features for applications that need a high level of security when communicating over a network. By installing the required Kerberos software and performing the appropriate configuration tasks, your Server-Library applications can take advantage of the following Kerberos security features that are supported in this version:
Network authentication
Mutual authentication
Out-of-sequence authentication
Replay detection
Confidentiality
Integrity
To develop and run Server-Library applications that take advantage of Kerberos features, perform the tasks listed in Table 3-6:
Tasks |
For more information |
|---|---|
Install the following Kerberos software on your system. Be sure that the GSS library support is available as a shared library. |
Refer to your Kerberos documentation and to the Open Client and Open Server Configuration Guide for UNIX. |
Extract keys for the desired server principal(s) into a key table file using the Kerberos utility called kadmin. |
Refer to your Kerberos documentation. |
Configure the security section of the libtcl.cfg configuration file. |
See the Open Client and Open Server Configuration Guide for UNIX. |
Link your Client-Library application with the Sybase re-entrant libraries. |
See “Kerberos support”. |
|
Refer to your Kerberos documentation. Default credential cache directory location varies by platform.
|
Use srv_props to set the server principal name if it is different from the server name passed to srv_init. |
See the Open Server Server-Library/C Reference Manual. |
To avoid compromising security, Sybase suggests that
the key table files be owned by the user id
that runs Open Server, and that all other users be restricted from
accessing this file. Sybase also suggests that each Open Server be
run using a unique user id that is not used by interactive processes.
