Authentication

Sybase Event Stream Processor is designed to integrate with your existing authentication framework whether you are using Kerberos, RSA, LDAP, or your operating system's native credential management system.

The type of server authentication you use is determined at install time, but you can configure the server to use a different authentication type if necessary.

When a user connects to a cluster on the ESP server, his or her credentials are verified with the active security provider. If authentication succeeds, the server considers the user a valid client, and login is completed. The user receives a session ID and, in subsequent communication, the client uses the session ID to verify itself.

Options for server authentication include:

Kerberos - ticket-based authentication
RSA - requires a key alias, a keystore containing a private key, and the password of the keystore
Username/password, implemented using one of the following:
- LDAP credentials
- Native operating system credentials (native OS)
- Preconfigured username/password (in csi_local.xml)

Note: Do not confuse server authentication–enforced when users connect to remote clusters–with authentication on the local cluster–enforced when using the Run Project option within Studio. Server authentication is enforced across your network and is designed for use in a production environment. Local cluster authentication is enforced only on a user's local machine and, like the local cluster itself, is intended for a test environment. Authentication on the local cluster is limited to username/password authentication and is based on the fixed username studio . Users can enter any password for this username to maintain a secure connection with the local cluster for the duration of the Studio session. The password is maintained in memory and is not written to a disk. When the Studio session is terminated, the password is discarded from memory. When connecting to the local cluster in a subsequent Studio session, users are once again required to provide a password for the fixed username studio. This password does not have to be the same password set during the previous Studio session.

Authentication on the local cluster is provided automatically; there is no additional configuration required. For details on the local cluster password, see the Studio Users Guide.

Configuring Kerberos Authentication
Sybase Event Stream Processor supports Kerberos ticket-based authentication. Configuring ESP for Kerberos authentication requires that you both configure the server and set values for certain environment variables.
Configuring RSA Authentication
RSA authentication requires a set of private and public keys with an alias that functions as a user name.
Username-Password Authentication
Sybase Event Stream Processor provides different options for implementing username-password authentication, namely LDAP, the operating system's native credential management system (native OS), and a preconfigured username-password option.
Configuring Cascading Authentication Methods
Configure Event Stream Processor to cascade through the list of authentication methods to automatically enable the first available method.

Parent topic: Configure Security

Related concepts

Access Control

Secure Sockets Layer (SSL) Connections

Password Encryption on Configuration Files

Related tasks

Generating the Java Keystore

Generating Pem Format Private Keys