Kerberos (KRB) connection parameter

Specifies whether Kerberos authentication can be used when connecting to the database server.

Syntax

{ Kerberos | KRB }= { YES | NO | SSPI | GSS-API-library-file }

Allowed values

YES A Kerberos authenticated login is attempted.
NO No Kerberos authenticated login is attempted. This is the default.
SSPI A Kerberos authenticated login is attempted, and the built-in Windows SSPI interface is used instead of a GSS-API library. SSPI can only be used on Windows platforms, and it cannot be used with a Key Distribution Center (KDC) other than the Domain Controller Active Directory KDC. If your Windows client computer has already logged in to a Windows domain, SSPI can be used without needing to install or configure a Kerberos client.

Note

SSPI can only be used by SQL Anywhere clients in the Kerberos connection parameter. SQL Anywhere database servers cannot use SSPI—they need a supported Kerberos client other than SSPI.
GSS-API-library-file A Kerberos authenticated login is attempted, and this string specifies the file name of the Kerberos GSS-API library (or shared object on Unix). This is only required if the Kerberos client uses a different file name for the Kerberos GSS-API library than the default, or if there are multiple GSS-API libraries installed on the computer.

Remarks

The UserID and Password connection parameters are ignored when using a Kerberos authenticated login.

To use Kerberos authentication, a Kerberos client must already be installed and configured (nothing needs to be done for SSPI), the user must have already logged in to Kerberos (have a valid ticket-granting ticket), and the database server must have enabled and configured Kerberos authenticated logins.

Example

Discuss this page in DocCommentXchange.