The following considerations apply specifically to client applications that use CyberSafe Kerberos security services:
Install the CyberSafe Kerberos software on your system for Open Client and Open Server 12.5 or later.
The GSS library, gssapi32.dll, must be specified in the libtcl.cfg file using the libgss keyword. Sybase recommends providing the full path to the Kerberos driver.
The gssapi32.dll file must be in the library path while running your Client-Library application. Sybase does not provide this DLL, but it is included with some CyberSafe Kerberos products. If this DLL is not included with your CyberSafe Kerberos product, contact CyberSafe Kerberos to obtain their GSS-API library.
Set the desired security features using ct_con_props. If you want to use the default credentials, do not set any credential properties.
Configure the security section of the libtcl.cfg configuration file.
Verify that the application has a preexisting user credential to connect to the server. In other words, the user of the application must log in to CyberSafe Kerberos before running the client application. To do so, use authentication tools such as the single sign-on feature or the CyberSafe authentication utility.
If a user name is supplied, it must match the user’s preexisting credential. If a user name is not supplied, Client-Library connects to the server using the user name associated with the user’s CyberSafe Kerberos credential.
The following environment variables set the paths to the credentials cache file, configuration file, and realms file. If the corresponding file is located in a non-default directory, set the environment variable to the file’s full path:
CSFC5CCNAME – credentials cache file
CSFC5CONFIG – configuration file
CSFC5REALMS – realms file
For more information, refer to your CyberSafe Kerberos documentation.
No extra flags are required when compiling your Client-Library applications to use CyberSafe Kerberos security services.
After you have configured Open Client and Open Server and CyberSafe Kerberos, use any of the following isql commands (without -U and -P arguments) to test your configuration:
If DSQUERY is set to the server name that you want to connect to:
isql -V
If DSQUERY is not set:
isql -V -S server_name
If server_name is different from the Sybase Kerberos server principal name:
isql -V -R kerberos_server_principal_name [-S server_name]
Use -S server_name if
DSQUERY is not set to server_name.
