{ dbeng12 | dbsrv12 } -krb ...

All operating systems except Windows Mobile.

This option enables Kerberos authentication to the database server. You must specify one or more of the -krb, -kl, and -kr options for the database server to be able to authenticate clients using Kerberos.

Before you can use Kerberos authentication, a Kerberos client must already be installed and configured on both the client and database server computers. Additionally, the principal server-name@REALM must already exist in the Kerberos KDC, and the keytab for the principal server-name@REALM must already have been securely extracted to the keytab file on the database server computer. The database server will not start if the -krb option is specified, but this setup has not been performed.

The login_mode database option must be set to allow Kerberos logins, and Kerberos client principals must be mapped to database user IDs using the GRANT KERBEROS LOGIN statement.

• -kl dbeng12/dbsrv12 server option
• -kr dbeng12/dbsrv12 server option (deprecated)
• Kerberos (KRB) connection parameter
• Kerberos authentication
• GRANT statement
• login_mode option

For a Kerberos principal for the database server named my_server_princ@MYREALM, the following command starts a database server named my_server_princ.

dbsrv12 -krb -n my_server_princ C:\kerberos.db