The value of the CS_SEC_MECHANISM connection property determines the name of the security mechanism to be used to establish a connection. The default depends on the Sybase security driver configuration for your system.
Client-Library uses a driver configuration file to map security mechanism names to security driver file names. On most platforms, this file is named libtcl.cfg. For a full description of the driver configuration file, see the Open Client and Open Server Configuration Guide for Microsoft Windows or Open Client and Open Server Configuration Guide for UNIX.
The default security mechanism name corresponds to the first entry in the [SECURITY] section of the libtcl.cfg driver configuration file. This section has entries of the form:
[SECURITY] mechanism_name = driver_file_name init_string mechanism_name = driver_file_name init_string
where mechanism_name specifies a possible value for the CS_SEC_MECHANISM property, driver_file_name is a file name for the driver, and init_string specifies start-up settings for the driver.
If no driver configuration file is present on the system, or the file lacks a [SECURITY] section, the CS_SEC_MECH property defaults to NULL.
For a full description of the driver configuration on your system, see the Open Client and Open Server Configuration Guide for Microsoft Windows or Open Client and Open Server Configuration Guide for UNIX.
If an application does not request a driver by name, Client-Library loads the default security driver (if any) when needed. If a security driver is not loaded, ct_con_props or ct_config load the default driver when called with action as CS_SET or CS_SUPPORTED and any of the following values for property:
CS_SEC_CHANBIND (only when setting to CS_TRUE)
CS_SEC_CONFIDENTIALITY (only when setting to CS_TRUE)
CS_SEC_CREDTIMEOUT
CS_SEC_DATAORIGIN (only when setting to CS_TRUE)
CS_SEC_DELEGATION (only when setting to CS_TRUE)
CS_SEC_DETECTREPLAY (only when setting to CS_TRUE)
CS_SEC_DETECTSEQ (only when setting to CS_TRUE)
CS_SEC_INTEGRITY (only when setting to CS_TRUE)
CS_SEC_KEYTAB
CS_SEC_MECHANISM (CS_CLEAR always loads the default driver. CS_GET loads the default driver if no driver is loaded yet. CS_SET loads the requested driver.
CS_SEC_MUTUALAUTH (only when setting to CS_TRUE)
CS_SEC_NETWORKAUTH (only when setting to CS_TRUE)
CS_SEC_SESSTIMEOUT
The security mechanism names in the driver configuration file are local names that may vary from system to system. For the client and the server to both determine the identity of the connection’s security mechanism, they require invariant global names for security mechanisms.
When setting the CS_SEC_MECHANISM property or when loading the default security driver, Client-Library reads a configuration file, the global object identifiers file, to map local security mechanism names to object identifier (OID) strings. On most platforms, this file is called objectid.dat. Client-Library looks for security mechanism OIDs in the section [SECMECH]. The entries in this section have the form:
[SECMECH] mechanism_oid = local_name1, local_name2, ...
where mechanism_oid is the OID string that globally identifies the security mechanism and local_name1, local_name2, and so forth are local security provider names from the libtcl.cfg file. For more information on the global object identifiers file, see the Open Client and Open Server Configuration Guide for Microsoft Windows or Open Client and Open Server Configuration Guide for UNIX.