Choosing a network security mechanism

The value of the CS_SEC_MECHANISM connection property determines the name of the security mechanism to be used to establish a connection. The default depends on the Sybase security driver configuration for your system.

Client-Library uses a driver configuration file to map security mechanism names to security driver file names. On most platforms, this file is named libtcl.cfg. See your Open Client and Open Server Configuration Guide for a full description of the driver configuration file.


Determining the default security mechanism

The default security mechanism name corresponds to the first entry in the [SECURITY] section of the libtcl.cfg driver configuration file. This section has entries of the form:

[SECURITY]
 mechanism_name = driver_file_name init_string
 mechanism_name = driver_file_name init_string

where mechanism_name specifies a possible value for the CS_SEC_MECHANISM property, driver_file_name is a file name for the driver, and init_string specifies start-up settings for the driver.

If no driver configuration file is present on the system, or the file lacks a [SECURITY] section, the CS_SEC_MECH property defaults to NULL.

See the Open Client and Open Server Configuration Guide for a detailed description of driver configuration for your system.


Loading the default security driver

If an application does not request a driver by name, Client-Library loads the default security driver (if any) when needed. If a security driver is not loaded, ct_con_props or ct_config load the default driver when called with action as CS_SET or CS_SUPPORTED and any of the following values for property:


Global mechanism names

The security mechanism names in the driver configuration file are local names that may vary from system to system. For the client and the server to both determine the identity of the connection’s security mechanism, they require invariant global names for security mechanisms.

When setting the CS_SEC_MECHANISM property or when loading the default security driver, Client-Library reads a configuration file, the global object identifiers file, to map local security mechanism names to object identifier (OID) strings. On most platforms, this file is called objectid.dat. Client-Library looks for security mechanism OIDs in the section [SECMECH]. The entries in this section have the form:

[SECMECH]
 mechanism_oid = local_name1, local_name2, ...

where mechanism_oid is the OID string that globally identifies the security mechanism and local_name1, local_name2, and so forth are local security provider names from the libtcl.cfg file. See the Open Client and Open Server Configuration Guide for more information on the global object identifiers file.