Sybase Event Stream Processor is designed to integrate with your existing
authentication framework whether you
are
using Kerberos, RSA, LDAP, or your operating system's native credential management
system.
The type of server authentication you use is determined at install time, but you can
configure the server to use a different authentication type if necessary.
When a user connects to a cluster on the
ESP server, his or her credentials are
verified with the active security provider. If authentication succeeds, the server
considers the user a valid client, and login is completed. The user receives a session ID
and, in subsequent communication, the client uses the session ID to verify itself.
Options
for server authentication include:
- Kerberos - ticket-based authentication
- RSA - requires a key alias, a keystore containing a private key, and the password of
the keystore
- Username/password, implemented using one of the following:
- LDAP credentials
- Native operating system credentials
(native
OS)
- Preconfigured
username/password
(in csi_local.xml)
Note:
Do not confuse server authentication–enforced when users connect to remote clusters–with
authentication on the local cluster–enforced when using the
Run
Project option within Studio. Server authentication is enforced across
your network and is designed for use in a production environment. Local cluster
authentication is enforced only on a user's local machine and, like the local cluster
itself, is intended for a test environment. Authentication on the local cluster is
limited to username/password authentication and is based on the fixed username
studio . Users can enter any password for this username to
maintain a secure connection with the local cluster for the duration of the Studio
session. The password is maintained in memory and is not written to a disk. When the
Studio session is terminated, the password is discarded from memory. When connecting to
the local cluster in a subsequent Studio session, users are once again required to
provide a password for the fixed username
studio. This password
does not have to be the same password set during the previous Studio session.
Authentication on the local cluster is provided automatically; there is
no additional configuration required.
For
details on the local cluster password,
see
the Studio Users Guide.