The [SECURITY] section lists security drivers. The syntax for a security driver entry is:
provider=driver init-string
where:
provider is the local name for the security mechanism. The local name of the security mechanism is listed in the object identifiers file, $SYBASE/config/objectid.dat.
See “The objectid.dat file” for information about objectid.dat.
The default local name for the Kerberos security mechanism is “csfkrb5.” If you use a local mechanism name other than the default, you must add an alias for the name in the object identifiers file, after the default name. (See “An objectid.dat example” for an example.)
driver is the name of the driver. The default location of all drivers is in $SYBASE/$SYBASE_OCS/lib.
Table B-2 lists the supported security drivers for each platform:
Platform |
Security type |
Security driver |
Service compatibilities |
---|---|---|---|
Solaris 2.x 32-bit |
Kerberos |
libsybskrb.so |
CyberSafe TrustBroker 2.1 MIT Kerberos 1.4.1 |
Solaris 2.x 64-bit |
Kerberos |
libsybskrb64.so |
CyberSafe TrustBroker 2.1 MIT Kerberos 1.4.1 |
Sun Solaris 10 x64 (Opteron) 32-bit |
Kerberos |
libsybskrb.so |
MIT Kerberos 1.4.2 |
Sun Solaris 10 x64 (Opteron) 64-bit |
Kerberos |
libsybskrb64.so |
MIT Kerberos 1.4.2 |
IBM RS/6000 32-bit |
Kerberos |
libsybskrb.so |
CyberSafe TrustBroker 2.1 MIT Kerberos 1.4.1 |
IBM RS/6000 64-bit |
Kerberos |
libsybskrb64.so |
CyberSafe TrustBroker 2.1 MIT Kerberos 1.4.3 |
HP-UX 32-bit |
Kerberos |
libsybskrb.sl |
CyberSafe TrustBroker 2.1 MIT Kerberos 1.4.1 |
HP-UX 64-bit |
Kerberos |
libsybskrb64.sl |
MIT Kerberos 1.4.3 |
HP Itanium 32-bit |
Kerberos |
libsybskrb.so |
MIT Kerberos 1.4.1 |
HP Itanium 64-bit |
Kerberos |
libsybskrb64.so |
MIT Kerberos 1.4.1 |
Linux 32-bit |
Kerberos |
libsybskrb.so |
MIT Kerberos 1.4.1 |
Linux on POWER 32-bit |
Kerberos |
libsybskrb.so |
MIT Kerberos 1.4.1 |
Linux on POWER 64-bit |
Kerberos |
libsybskrb64.so |
MIT Kerberos 1.4.1 |
init-string is an initialization string for the driver. Its value varies by driver.
For the Kerberos driver, the syntax for init-string is:
secbase=@realm [libgss=<gss api V1 compatible library>]
where:
realm is the default Kerberos realm name.
(Optional) libgss is the full path to a GSS API version 1 compliant library.
The following [SECURITY] sections show entries for CyberSafe Kerberos drivers on Sun Solaris:
Kerberos
[SECURITY]
csfkrb5=libsybskrb.so secbase=@ASE libgss=/krb5/lib/libgss.so
where libgss=/krb5/lib/libgss.so, which means that the default Kerberos realm is ASE, and that the GSS library to load is /krb5/lib/libgss.so
Be aware that the
libgss=<gss shared
object path>
that specifies the GSS API library is to be used.
It is important that you distinctly locate the Kerberos Client libraries
being used, especially when multiple versions are installed on a
machine.