|
Creates a Kerberos authenticated login mapping from one or more Kerberos principals to an existing database user ID.
GRANT KERBEROS LOGIN TO client-Kerberos-principal, ... AS USER userid
The GRANT KERBEROS LOGIN statement creates a Kerberos authenticated login mapping from one or more Kerberos principals to an existing database user ID. This login mapping allows users who have successfully logged in to Kerberos (users who have a valid Kerberos ticket-granting ticket) to connect to a database without having to provide a user ID or password.
To use the GRANT KERBEROS LOGIN statement:
You must already have Kerberos configured to use SQL Anywhere.
You must already have your SQL Anywhere database configured to use Kerberos.
The database user and the Kerberos principal must already exist.
The database user ID the Kerberos login is mapped to must have a password.
The client-Kerberos-principal must have the format user/instance@REALM, where /instance is optional. The full principal, including the realm, must be specified, and principals that differ only in the instance or realm are treated as different.
Principals are case sensitive and must be specified in the correct case. Mappings for multiple principals that differ only in case are not supported (for example, you cannot have mappings for both jjordan@MYREALM.COM and JJordan@MYREALM.COM).
If no explicit mapping is made for a Kerberos principal, and the Guest database user ID exists and has a password, then the Kerberos principal connects using the Guest database user ID (the same Guest database user ID as for integrated logins).
You must have the MANAGE ANY USER privilege.
Automatic commit.
Not in the standard.
The following SQL statement grants database login privilege to a fictitious Kerberos user pchin.
GRANT KERBEROS LOGIN TO "pchin@MYREALM.COM" AS USER "kerberos-user";