Kerberos connection parameter [KRB]

Specifies whether Kerberos authentication can be used when connecting to the database server.

Usage

All platforms except Windows Mobile.

Values

YES, NO, SSPI, or GSS-API-library-file

Default

NO

Remarks

The Kerberos [KRB] connection parameter has the following settings:

  • YES   A Kerberos authenticated login is attempted.

  • NO   No Kerberos authenticated login is attempted. This is the default.

  • SSPI   A Kerberos authenticated login is attempted, and the built-in Windows SSPI interface is used instead of a GSS-API library. SSPI can only be used on Windows platforms, and it cannot be used with a Key Distribution Center (KDC) other than the Domain Controller Active Directory KDC. If your Windows client computer has already logged in to a Windows domain, SSPI can be used without needing to install or configure a Kerberos client.

  • GSS-API-library-file   A Kerberos authenticated login is attempted, and this string specifies the file name of the Kerberos GSS-API library (or shared object on Unix). This is only required if the Kerberos client uses a different file name for the Kerberos GSS-API library than the default, or if there are multiple GSS-API libraries installed on the computer.

The UserID and Password connection parameters are ignored when using a Kerberos authenticated login.

To use Kerberos authentication, a Kerberos client must already be installed and configured (nothing needs to be done for SSPI), the user must have already logged in to Kerberos (have a valid ticket-granting ticket), and the database server must have enabled and configured Kerberos authenticated logins.

See also
Examples
Kerberos=YES
Kerberos=SSPI
Kerberos=c:\Program Files\MIT\Kerberos\bin\gssapi32.dll