Displays or changes remote server options.
sp_serveroption [server, optname, optvalue]
is the name of the remote server for which to set the option.
is the name of the option to be set or unset. Table 1-36 lists the option names.
Option |
Meaning |
---|---|
mutual authentication |
Valid for “rpc security model B” only – this option specifies that the local server authenticates the remote server by retrieving the credential of the remote server and verifying it with the security mechanism. With this service, the credentials of both servers are authenticated and verified. |
external engine auto start |
Specifies that EJB Server starts up each time Adaptive Server starts up. The default is true; starting Adaptive Server also starts up EJB Server. |
net password encryption |
Specifies whether to initiate connections with a remote server with the client side password encryption handshake or with the normal (unencrypted password) handshake sequence. The default is false, no network encryption. |
net password encryption reqd |
Adaptive Server allows the use of asymmetric encryption to securely transmit passwords from client to server using the RSA public key encryption algorithm. Adaptive Server generates the asymmetric key pair and sends the public key to clients that use the new login protocol. The client encrypts the user’s login password with the public key before sending it to the server. The server, decrypts the password with the private key to begin the authentication of the client connecting. Configures Adaptive Server to require clients to use this protocol. Set the Adaptive Server configuration parameter net password encryption reqd to require all username- and password-based authentication requests to use RSA asymmetric encryption. The valid values for net password encryption reqd are:
|
allow password downgrade |
|
readonly |
Component Integration Services only – specifies that access to the server named is read only. |
rpc security model A |
The default model for handling RPCs. This model does not support mutual authentication, message integrity, or message confidentiality between the local server and the remote server. |
rpc security model B |
This model results in a single, secure physical connection established between the local and remote servers. Logical connections for each RPC that is executed are multiplexed over the single, secure, physical connection. This model supports mutual authentication, message confidentiality via encryption, and message integrity. |
security mechanism |
Valid for “rpc security model B” only – this option specifies the security mechanism for the remote server. You must set this option to true to use security model B. |
server cost |
Component Integration Services only – specifies the cost of a single exchange under the user’s control, on a per-server basis. See Chapter 2, “Understanding Component Integration Services” in Understanding CIS for more information. |
server logins |
Component Integration Services only – to fully support remote logins, Client-Library provides connection properties that enable CIS to request a server connection. This connection is recognized at the receiving server as a server connection (as opposed to an ordinary client connection), allowing the remote server to validate the connection through the use of sysremotelogins as if the connection were made by a site handler. When enabled, Omni connects to the specified server using the CS_LOGIN_TYPE connection property, with type set to LREMUSER. Also, if the remote server is an Adaptive Server, the CS_LOGIN_REMOTE_SERVER property is set to the value of the local server name, and remote passwords are set using ct_remote_pwd(). |
negotiated logins |
Component Integration Services only – this option is necessary if CIS connections to XP server or Backup Server are required. When enabled, Omni connects to the specified server using the CS_SEC_CHALLENGE property, and establishes a callback handler that can respond appropriately to login challenges from XP Server and Backup Server. |
timeouts |
When unset (false), disables the normal timeout code used by the local server, so the site connection handler does not automatically drop the physical connection after one minute with no logical connection. The default is false. |
use message confidentiality |
Valid for “rpc security model B” only – this option specifies that messages are encrypted when sent to the remote server, and results from the remote server are encrypted. |
use message integrity |
Valid for “rpc security model B” only – this option specifies that messages between the servers are checked for tampering. |
cis hafailover |
Component Integration Services only – if enabled, instructs Open Client to use automatic failover when connections fail. In this case, CIS connection failures automatically failover to the server specified in directory services (such as the interface file and ldap server) as the failover server. |
Adaptive Server accepts any unique string that is part of the option name. Use quotes around the option name if it includes embedded blanks.
is true (on) or false (off) for all options except the security mechanism option.
For the security mechanism option, specify the name of the security mechanism. To see the names of the security mechanisms available on a server, execute:
select * from syssecmechs
Displays a list of the server options:
sp_serveroption
Settable server options. ------------------------ cis hafailover external engine auto start mutual authentication negotiated logins net password encryption readonly rpc security model A rpc security model B security mechanism server cost server logins timeouts use message confidentiality use message integrity
Tells the server not to time out inactive physical connections with the remote server GATEWAY:
sp_serveroption GATEWAY, "timeouts", false
Specifies that when connecting to the remote server GATEWAY, GATEWAY sends back an encryption key to encrypt the password to send to it:
sp_serveroption GATEWAY, "net password encryption", true
Specifies that the EJB Server SYB_EJB starts up each time Adaptive Server starts up:
sp_serveroption SYB_EJB, "external engine auto start", true
Specifies that the security model for RPCs for the server “TEST3” is security model B.
sp_serveroption TEST3, "rpc security model B", true
Specifies that the security model to use for RPCs for “TEST3” is DCE:
sp_serveroption TEST3, "security mechanism", dce
Specifies that the local server will check the authenticity of the remote server “TEST3”. With security model B, the remote server will check the authenticity of the local server, whether or not this option is set:
sp_serveroption TEST3, "mutual authentication", true
Disables automatic startup, where SYB_EJB is the logical name of the EJB Server:
sp_serveroption 'SYB_EJB', 'external engine auto start', 'false'
To enable automatic startup, enter:
sp_serveroption 'SYB_EJB', 'external engine auto start', 'true'
See “Starting EJB Server automatically” in Chapter 2, “Getting Started” of the EJB Server User’s Guide for more information about using external engine auto start.
To display a list of server options that can be set by the user, use sp_serveroption with no parameters.
Once timeouts is set to false, the site handlers will continue to run until one of the two servers is shut down.
The net password encryption option allows clients to specify whether to send passwords in plain text or encrypted form over the network when initiating a remote procedure call. If net password encryption is true, the initial login packet is sent without passwords, and the client indicates to the remote server that encryption is desired. The remote server sends back an encryption key, which the client uses to encrypt its passwords. The client then encrypts its passwords, and the remote server uses the key to authenticate them when they arrive.
To set network password encryption for a particular isql session, you can use a command line option for isql. For more information, see the Utility Programs manual for your platform.
You cannot use the net password encryption option when connecting to a pre-release 10.0 SQL Server.
The security mechanism, mutual authentication, use message confidentiality, and use message integrity options do not apply to security model A.
See the section “Establishing security for remote servers” in Chapter 16, “External Authentication” in the System Adminitration Guide, Volume 1 for usage information about security model A and B.
Only a System Administrator can execute sp_serveroption to set the timeouts option. Any user can execute sp_serveroption with no parameters to display a list of options.
Only a System Security Officer can set the net password encryption, security mechanism, mutual authentication, use message confidentiality, and use message integrity options.
Values in event and extrainfo columns from the sysaudits table are:
Event |
Audit option |
Command or access audited |
Information in extrainfo |
---|---|---|---|
38 |
exec_procedure |
Execution of a procedure |
|
Documents See the System Administration Guide for more information on server options.
System procedures sp_helpserver, sp_password