Following is the syntax for a security driver entry:
provider=driver init_string
where:
provider is the local name for the security mechanism. The local name of the security mechanism listed in the object identifiers file, %SYBASE%\ini\objectid.dat.
See “The objectid.dat file” for information about the objectid.dat file.
driver is the name of the driver. The default location for drivers is in %SYBASE%\%SYBASE_OCS%\dll. The options for driver for Windows 2000, Windows 2003, and Windows XP are:
Driver name |
Description |
---|---|
libsybsdce.dll |
Gradient DCE driver |
libsybsmssp.dll |
Windows LAN Manager driver |
libsybskrb.dll |
Kerberos security driver |
init_string is an initialization string for the security driver. This element is optional. The value for init_string varies by driver.
For the Kerberos driver, init_string specifies the optional qualifier for the security principal names. The syntax for init_string is as follows, where realm is the value to append to a principal name if the realm information is not available. If the realm name does not start with an “at” sign (@), a forward slash (/) is inserted between the principal name and the realm information.
secbase=realm
Support for the Kerberos security driver has been added to Open Client and Open Server. To use the Kerberos security driver, you must do one of the following:
Use the ocscfg utility to make an addition to the Security Services.
Edit the libtcl.cfg directly in the %SYBASE%\%SYBASE_OCS%\ini directory.
To use ocscfg, navigate to the Security Services tab and click Add. Complete the dialog box:
Local Name: Enter csfkrb5, or the name you assigned to the Kerberos driver in the objectid.dat file.
Security Service Driver: Choose LIBSYBSKRB from the Security Service Init String menu.
When you have entered these two items, click OK. The entry should now appear in the dialog box on the Security Services tab.
If you prefer to edit the libtcl.cfg file directly, set the provider value for the Kerberos security driver to csfkrb5, or to the value you assigned to the Kerberos security driver in the objectid.dat file. Set the driver value to LIBSYBSKRB. You need to provide an initialization string in the libtcl.cfg of the form:
secbase=@your_realm_name
where your_realm_name is the realm where your Kerberos principal is located. This entry is required on Windows. For example:
[SECURITY]
csfkrb5=LIBSYBSKRB secbase=@SYBASE_CYBER_REALM
See Appendix C, “Localization,” for information on the objectid.dat localization file.
If you use DCE security service, initialization string information in the libtcl.cfg file uses this syntax:
secbase=/.../dce_cell_name
For example:
secbase=/.../dsatestcell