Configuring CyberSafe Kerberos

The following considerations apply specifically to client applications that use CyberSafe Kerberos security services:

• Install the CyberSafe Kerberos software on your system for Open Client and Open Server 12.5 or later.

• The gssapi32.dll file must be in the library path while running your Client-Library application. Sybase does not provide this DLL, but it is included with some CyberSafe Kerberos products. If this DLL is not included with your CyberSafe Kerberos product, contact CyberSafe Kerberos to obtain their GSS-API library.

• Configure the security section of the libtcl.cfg configuration file.

• Set the desired security features using ct_con_props. If you want to use the default credentials, do not set any credential properties.

• Verify that the application has a preexisting user credential to connect to the server. In other words, the user of the application must log in to CyberSafe Kerberos before running the client application. To do so, use the single sign-on feature or the CyberSafe kinit utility.

• If a user name is supplied, it must match the user’s preexisting credential. If a user name is not supplied, Client-Library connects to the server using the user name associated with the user’s CyberSafe Kerberos credential.

• The following environment variables set the paths to the credentials cache file, configuration file, and realms file. If the corresponding file is located in a non-default directory, set the environment variable to the file’s full path:

  • CSFC5CCNAME – credentials cache file

  • CSFC5CONFIG – configuration file

  • CSFC5REALMS – realms file

  For more information, refer to your CyberSafe Kerberos documentation.

• No extra flags are required when compiling your Client-Library applications to use CyberSafe Kerberos security services.

• Once you have configured Open Client and Open Server and CyberSafe Kerberos, use the following command (without -U and -P arguments) to test your configuration:

  isql -V