The purpose of sybmapname is to convert external user principal names used in Kerberos environment to the name space of Adaptive Server user logins. sybmapname is a user customizable shared object that can map names given on its input buffer to a name suitable for Adaptive Server login on its output buffer.
The sybmapname shared object can be used to do the custom mapping between the user principal name and the Adaptive Server login name. This shared object is optionally loaded at server startup, and the function syb__map_name contained in the shared object is called after a successful Kerberos authentication and just before the user principal is mapped to a login in the syslogins table. It can be customized to suit the users needs. This function is useful when the user principal name and the login name to be mapped are not identical.
The customizable logic is the function:
syb__map_name(NAMEMAPTYPE *protocol, char *orig, int origlen, char *mapped, int *mappedlen)
where:
NAMEMAPTYPE *protocol refers
to a structure reserved for usage of this function.
char *orig is
an input buffer that is not null terminated.
int origlen is
the input buffer length. It should be less than or equal to 255
characters.
char *mapped is
an output buffer that should not be null terminated.
int *mappedlen is
an output buffer length. It should be less than or equal to 30.
The function returns a value greater than 0 if the mapping succeeds, it returns a value of 0 if no mapping occurred, and it returns a value less than 0 when an error occurs in syb__map_name(). When an error occurs, a message displays in the Adaptive Server errorlog to report the mapping failure.
For example, to authenticate a Kerberos user on Adaptive Server, first you must configure Adaptive Server to use the Kerberos security mechanism. For information on Kerberos configuration, see the Adaptive Server System Administration Guide and Open Client/Server documentation, and the white paper titled “Configuring Kerberos for Sybase” the Sybase Web site
A sample sybmapname.c file is located in $SYBASE/$SYBASE_ASE/sample/server/sybmapname.c
Modify the file to implement your logic using simple
error free logic. Take precautions while coding as it may interfere
with the proper running of Adaptive Server. See the “Precautions when using sybmapname”.
Build the shared object or DLL using the generic platform specific makefile supplied. The makefile may need to be modified to suit your platform specific settings.
Place the resulting shared object generated in a location specified in your $LD_LIBRARY_PATH on UNIX machines, and PATH variable on Windows machines. The file should have read and execute permissions for the ‘sybase’ operating system user.
Sybase recommends that only the ‘sybase’ user
is allowed read and execute permissions, and that all other access
should be denied.
