|
Enables Kerberos-authenticated connections to the database server.
{ dbsrv10 | dbeng10 } -krb ...
All operating systems except NetWare and Windows CE.
This option enables Kerberos authentication to the database server. You must specify one or more of the -krb, -kl, and -kr options for the database server to be able to authenticate clients using Kerberos.
Before you can use Kerberos authentication, a Kerberos client must already be installed and configured on both the client and database server computers. Additionally, the principal server-name@REALM must already exist in the Kerberos KDC, and the keytab for the principal server-name@REALM must already have been securely extracted to the keytab file on the database server computer. The database server will not start if the -krb option is specified, but this setup has not been performed.
NoteThe database server name cannot contain any of the following characters: /, \, or @, and database server names with multibyte characters cannot be used with Kerberos. |
The login_mode database option must be set to allow Kerberos logins, and Kerberos client principals must be mapped to database user IDs using the GRANT KERBEROS LOGIN statement.
For a Kerberos principal for the database server named my_server_princ@MYREALM, the following command starts a database server named my_server_princ.
dbsrv10 -krb -n my_server_princ C:\kerberos.db