Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
Specifies whether Kerberos authentication can be used when connecting to the database server.
All platforms except Windows CE and NetWare.
YES, NO, SSPI, or GSS-API-library-file
The Kerberos [KRB] connection parameter has the following settings:
YES A Kerberos authenticated login is attempted.
NO No Kerberos authenticated login is attempted. This is the default.
SSPI A Kerberos authenticated login is attempted, and the built-in Windows SSPI interface is used instead of a GSS-API library. SSPI can only be used on Windows platforms, and it cannot be used with a Key Distribution Center (KDC) other than the Domain Controller Active Directory KDC. If your Windows client computer has already logged in to a Windows domain, SSPI can be used without needing to install or configure a Kerberos client.
GSS-API-library-file A Kerberos authenticated login is attempted, and this string specifies the file name of the Kerberos GSS-API library (or shared object on Unix). This is only required if the Kerberos client uses a different file name for the Kerberos GSS-API library than the default, or if there are multiple GSS-API libraries installed on the computer.
The UserID and Password connection parameters are ignored when using a Kerberos authenticated login.
To use Kerberos authentication, a Kerberos client must already be installed and configured (nothing needs to be done for SSPI), the user must have already logged in to Kerberos (have a valid ticket-granting ticket), and the database server must have enabled and configured Kerberos authenticated logins.
Kerberos=YES Kerberos=SSPI Kerberos=c:\Program Files\MIT\Kerberos\bin\gssapi32.dll