Specifies whether Kerberos authentication can be used when connecting to the database server.
All platforms except Windows CE and NetWare.
YES, NO, SSPI, or GSS-API-library-file
The Kerberos [KRB] connection parameter has the following settings:
YES A Kerberos authenticated login is attempted.
NO No Kerberos authenticated login is attempted. This is the default.
SSPI A Kerberos authenticated login is attempted, and the built-in Windows SSPI interface is used instead of a GSS-API library. SSPI can only be used on Windows platforms, and it cannot be used with a Key Distribution Center (KDC) other than the Domain Controller Active Directory KDC. If your Windows client computer has already logged in to a Windows domain, SSPI can be used without needing to install or configure a Kerberos client.
GSS-API-library-file A Kerberos authenticated login is attempted, and this string specifies the file name of the Kerberos GSS-API library (or shared object on Unix). This is only required if the Kerberos client uses a different file name for the Kerberos GSS-API library than the default, or if there are multiple GSS-API libraries installed on the computer.
The UserID and Password connection parameters are ignored when using a Kerberos authenticated login.
To use Kerberos authentication, a Kerberos client must already be installed and configured (nothing needs to be done for SSPI), the user must have already logged in to Kerberos (have a valid ticket-granting ticket), and the database server must have enabled and configured Kerberos authenticated logins.
Kerberos=YES Kerberos=SSPI Kerberos=c:\Program Files\MIT\Kerberos\bin\gssapi32.dll