Verifying your login to Adaptive Server using Kerberos authentication

To verify your login to Adaptive Server using Kerberos authentication, assume that:

• $SYBASE refers to your release and installation directory

• $SYBASE_ASE refers to the Adaptive Server version directory that contains your server binary.

• $SYBASE_OCS refers to the Open Client/Server version directory.

Example 1 If a client’s principal name is user@REALM, and the corresponding entry in syslogins table is user_REALM, then sybmapname can be coded to accept the input string user@realm and to convert the input string to the output string user_REALM.

Example 2 If the client principal name is user, and the corresponding entry in syslogins table is USER, then sybmapname can be coded to accept the input string user and convert this string to uppercase string USER.

sybmapname is loaded by Adaptive Server at runtime and uses its logic to do the necessary mapping.

The following actions and output further illustrate the sybmapname function described in Example 2. The sybmapname.c file containing the customized definition for syb__map_name() should be compiled and built as a shared object (or DLL), and finally placed in the appropriate path location. Adaptive Server should be started with the Kerberos security mechanism enabled.

To initialize the TGT:

$ /krb5/bin/kinit johnd@public
Password for johnd@public:
$

To list the TGT:

$ /krb5/bin/klist
   Cache Type: Kerberos V5 credentials cache
   Cache Name: /krb5/tmp/cc/krb5cc_9781
Default principal: johnd@public

Login as “sa” and verify user login for ‘johnd’:

$ $SYBASE/$SYBASE_OCS/bin/isql -Usa -P 
      -Ipwd`/interfaces
1>

1> sp_displaylogin johnd
2> go
No login with the specified name exists.
(return status = 1)

1> sp_displaylogin JOHND
2> go
Suid: 4
Loginame: JOHND
Fullname:
Default Database: master
Default Language:
Auto Login Script:
Configured Authorization:
Locked: NO
Password expiration interval: 0
Password expired: NO
Minimum password length: 6
Maximum failed logins: 0
Current failed login attempts:
Authenticate with: ANY
(return status = 0)

Successful Kerberos authentication, which maps lower case johnd to uppercase JOHND using the sybmapname utility and allows user johnd to login to Adaptive Server:

$ $SYBASE/$SYBASE_OCS/bin/isql -V -I`pwd`/interfaces
1>

---

Copyright © 2006. Sybase Inc. All rights reserved.

View this book as PDF