Configuring Kerberos security services

Once the Kerberos security mechanism is enabled for connections to a remote SAP ASE, you can use a number of security services provided by Kerberos.

Including:

Message confidentiality

Data is encrypted over the network to protect against unauthorized disclosure.
Message integrity

Verifies that communications have not been modified during transport.
Mutual authentication

Verifies the identity of the client and the server. The local server initiating the remote connection can request mutual authentication for all remote connection requests to target an SAP ASE. This allows the client to verify the identity of the remote server.

Note: The optional security services provided by Kerberos are not enabled by default.

This command, executed on local server S1, sets mutual authentication for all connections to remote server S2 using Kerberos authentication.

sp_serveroption s2, "mutual authentication", true

The following command executed on local server S1 sets message confidentiality for all connections to remote server S2 using Kerberos authentication:
```
sp_serveroption s2, "use message confidentiality", true
```
This command, executed on local server S1, sets message integrity for all connections to remote server S2 using Kerberos authentication
```
sp_serveroption s2, "use message integrity", true
```
This command, executed on local server S1, sets mutual authentication for all connections to remote server S2 using Kerberos authentication:
```
sp_serveroption s2, “mutual authentication”, true
```