Security Guide : 9. Configuring Vector to Use Kerberos
 
Share this page                  
Configuring Vector to Use Kerberos
 
Kerberos
Kerberos Configuration in the Enterprise
The Vector Service Principal--Authorize Client Connections
Prerequisite Kerberos Software on Windows
How to Configure Vector to Use Kerberos
iisukerberos Command--Perform Basic Kerberos Configuration
Vector Configuration Options for Kerberos
Service Principal Host Name Resolution
How to Configure Kerberos to Authenticate against Active Directory on Windows
Kerberos
The Kerberos authentication mechanism can be used as an alternative to the INGRES or SYSTEM security mechanisms. Kerberos is a network authentication and encryption protocol that provides a highly secure alternative to operating system-level password authentication, and optionally allows encryption of the entire data stream exchanged between the DBMS server and client.
The INGRES and SYSTEM security mechanisms are called “static” mechanisms, because they are embedded in Vector. The Kerberos security mechanism is called a “dynamic” mechanism, because it depends on third-party software that is dynamically loaded into Vector executable images at runtime.
Kerberos is available as freeware from the Massachusetts Institute of Technology at http://web.mit.edu/kerberos/. Kerberos is also available commercially or may be available natively on certain operating systems, such as Linux. The MIT site contains extensive documentation on Kerberos installation and configuration.
The Vector Kerberos driver references authentication and encryption routines in the Kerberos environment, most notably, the shared library or DLL containing GSS API authentication routines.