When a user with a valid credential from a security mechanism logs in to Adaptive Server, the server checks whether the user name exists in master..syslogins. If it does, that user name is used by Adaptive Server. For example, if a user logs in to the DCE security mechanism as “ralph,” and “ralph” is a name in master..syslogins, Adaptive Server uses all roles and authorizations defined for “ralph” in the server.
However, if a user with a valid credential logs into Adaptive Server, but is unknown to the server, the login is accepted only if a secure default login is defined with sp_configure. Adaptive Server uses the default login for any user who is not defined in master..syslogins, but who is pre-authenticated by a security mechanism. The syntax is:
sp_configure "secure default login", 0, login_name
The default value for secure default login is “guest.”
This login must be a valid login in master..syslogins. For example, to set the login “gen_auth” to be the default login:
Use sp_addlogin to add the login as a valid user in Adaptive Server:
sp_addlogin gen_auth, pwgenau
This procedure sets the initial password to “pwgenau”.
Use sp_configure to designate the login as the security default.
sp_configure "secure default login", 0, gen_auth
Adaptive Server will use this login for a user who is pre-authenticated by a security mechanism but is unknown to Adaptive Server.
More than one user can assume the suid associated with the secure default login. Therefore, you might want to activate auditing for all activities of the default login. You may also want to consider using sp_addlogin to add all users to the server.
For more information about adding logins, see “Adding logins to support unified login” and “Adding logins to Adaptive Server”.