Understanding Ingres Security Mechanisms
Ingres security methods (mechanisms) are listed under the Security component in Configuration-By-Forms (or Configuration Manager, if available). The default configuration setting for security mechanisms rarely needs to be changed. Multiple mechanisms are supported concurrently.
Valid mechanisms are:
Null
Allows users to authenticate without providing passwords or other types of authentication. Use of the Null security mechanism is strongly discouraged.
System
Allows authentication through user name and either OS-level passwords or installation passwords. The System security mechanism is provided for backward compatibility with pre-Ingres 9.0 releases.
Ingres
(Default) Allows user authentication against the operating system. The Ingres security mechanism is the preferred standard (static) mechanism. It provides better protection against malicious servers, and employs a more secure encryption mechanism than the System security mechanism.
Kerberos
Allows access through private key and requires a trusted third party. Kerberos is a dynamic mechanism because it uses third-party software and is loaded into the Ingres executable image at runtime. Kerberos is a highly secure alternative to OS security, and optionally allows encryption of the entire data stream between the DBMS Server and the client.
AES
Provides encryption of the network data stream between the DBMS Server and the client. This mechanism does not provide user authentication. AES is a dynamic mechanism because it uses OS encryption libraries and is loaded into the Ingres executable image at runtime.
All these settings are GCF mechanisms, which are performed before the connection is made to the DBMS Server. In addition to these mechanisms, DBMS authentication can be used, in which the DBMS Server itself authenticates the user and password against the DBMS users and passwords defined in the installation, without having to use any external or OS security mechanism.