The Kerberos login feature allows you to maintain a single user ID and password for database connections, operating system, and network logins. The Kerberos login is more convenient for users and permits a single security system for database and network security. Its advantages include:
The user does not need to provide a user ID or password to connect to the database.
Multiple users can be mapped to a single database user ID.
The name and password used to log in to Kerberos do not have to match the database user ID and password.
Kerberos is a network authentication protocol that provides strong authentication and encryption using secret-key cryptography. Users already logged in to Kerberos can connect to a database without providing a user ID or password.
Kerberos can be used for authentication. To delegate authentication to Kerberos you must:
configure the server and database to use Kerberos logins.
create mapping between the user ID that logs in to the computer or network, and the database user.
SAP Sybase IQ does not include the Kerberos software; it must be obtained separately. The following components are included with the Kerberos software:
SSPI can only be used by SAP Sybase IQ clients in the Kerberos connection parameter. SAP Sybase IQ database servers cannot use SSPI—they need a supported Kerberos client other than SSPI.
SAP Sybase IQ supports Kerberos authentication from DBLib, ODBC, OLE DB, and ADO.NET clients, and Sybase Open Client and jConnect clients. Kerberos authentication can be used with SAP Sybase IQ transport layer security encryption, but SAP Sybase IQ does not support Kerberos encryption for network communications.
Windows uses Kerberos for Windows domains and domain accounts. Active Directory Windows Domain Controllers implement a Kerberos KDC. A third-party Kerberos client or runtime is still required on the database server computer for authentication in this environment, but the Windows client computers can use the built-in Windows SSPI interface instead of a third-party Kerberos client or runtime.