SECURITY section

The [SECURITY] section lists security drivers. The syntax for a security driver entry is:

provider=driver init-string

where:

• provider is the local name of the security mechanism. The local name of the security mechanism is listed in the object identifiers file, $SYBASE/$SYBASE_OCS/config/objectid.dat.

  See “The objectid.dat file” for information about objectid.dat.

  The default local name for the Kerberos security mechanism is csfkrb5. If you use a local mechanism name other than the default, you must add an alias for the name in the object identifiers file, after the default name. (See “An objectid.dat example” for an example.)

• driver is the name of the driver. The default location of all drivers is in $SYBASE/$SYBASE_OCS/lib.

Table B-2 lists the supported security drivers for each platform:

• init-string is an initialization string for the driver. Its value according to the driver.

  For the Kerberos driver, the syntax for init-string is:

   secbase=realm
  

  where:

  • realm is the value to append to a principal name if the realm information is not available. If the realm name does not start with an “at” sign (@), a forward slash (/) is inserted between the principal name and the realm information.

  • (Optional) libgss is the full path to a GSS API version 1 compliant library.

The following [SECURITY] section shows an entry for CyberSafe Kerberos driver on Sun Solaris:

[SECURITY]

 csfkrb5=libskrb.so secbase=@ASE libgss=/krb5/lib/libgss.so

where libgss=/krb5/lib/libgss.so, which means that the default Kerberos realm is ASE, and that the GSS library to load is /krb5/lib/libgss.so.

---

Copyright © 2005. Sybase Inc. All rights reserved.

View this book as PDF