Server-Library supports Kerberos security features for applications that need a high level of security when communicating over a network. By installing the required Kerberos software and performing the appropriate configuration tasks, your Server-Library applications can take advantage of these Kerberos security features:
Network authentication
Mutual authentication
Out-of-sequence authentication
Replay detection
Confidentiality
Integrity
Tasks |
For more information |
|---|---|
Install the following Kerberos software on your system. Be sure that the GSS library support is available as a shared library. |
See your Kerberos documentation and see the Open Client and Open Server Configuration Guide for UNIX. |
Extract keys for the desired server principal(s) into a key table file using the Kerberos utility called kadmin. |
See your Kerberos documentation. |
Configure the security section of the libtcl.cfg configuration file. |
See the Open Client and Open Server Configuration Guide for UNIX. |
Link your Client-Library application with the Sybase reentrant libraries. |
See “Kerberos support”. |
|
See your Kerberos documentation. Default credential cache directory location varies by platform.
|
Use srv_props to set the server principal name if it is different from the server name passed to srv_init. |
See the Open Server Server-Library/C Reference Manual. |
To avoid compromising security, Sybase suggests that
the key table files be owned by the user ID
that runs Open Server, and that all other users be restricted from
accessing this file. Sybase also suggests that you run each Open Server using
a unique user id that is not used by interactive processes.
