10. Understanding ODBC Connectivity : ODBC Programming : ODBC User Authentication : Kerberos
 
Share this page                  
Kerberos
User name or password specifications are not required in a Kerberos authentication environment, as shown in the following example:
SQLConnect( hdbc,                /* Connection handle */
       (SQLCHAR *)"myDSN",       /* The ODBC DSN definition */
        SQL_NTS,                 /* This is a null-terminated string */
       (SQLCHAR *)NULL,          /* No username required */
        SQL_NTS,                 /* This is a null-terminated string */
       (SQLCHAR *)NULL,          /* No password required */
        SQL_NTS );               /* This is a null-terminated string */
For Kerberos authentication to succeed, the following requirements must be met:
Kerberos must be installed and configured on the Kerberos client and Kerberos KDC (Kerberos Domain Controller).
The current login session must have valid Kerberos tickets obtained via the "kinit" command or from a Kerberos authorization utility such as Leash on Windows.
An Ingres service principal name must be defined with keytabs defined in a Kerberos keytab file.
Kerberos must be configured for Ingres via the "iisukerberos" command and possibly the CBF utility.
The ODBC DSN definition "myDSN" must reference a vnode definition, regardless of whether the connection is to a local or remote database.
The vnode definition must define the "authentication_mechanism" attribute as "kerberos".
For a full discussion of Kerberos authentication in an Ingres environment, see the Security Guide.
SQLConnect() authenticates the application according to the Kerberos principal. The user name of the Kerberos principal is passed to the DBMS as the owner of the connection; otherwise, no authentication information is passed between the client and server when SQLConnect() is invoked. Authentication is performed by the Ingres Service Principal of the server-side Name Server.