Security Guide > Security Guide > A. Configuring Ingres to Use Kerberos > Ingres Configuration Options for Kerberos > vnode Connection Attributes--Configure Client in a Heterogeneous Kerberos Environment
Was this helpful?
vnode Connection Attributes--Configure Client in a Heterogeneous Kerberos Environment
Heterogeneous Kerberos environments are those in which both Kerberos and non-Kerberos connection targets exist in the enterprise. In such an environment, the Name Server settings in Configuration-By-Forms must remain at their default values. The local client behavior must change, depending on the connection target.
To configure the client in a heterogeneous Kerberos environment, specify connection attributes for a vnode using the netutil utility.
Here is a sample vnode configuration in netutil:
Connection data for vnode 'newyork'
Type
Net Address
Protocol
Listen Address
Global
newyork-xp1.
tcp_ip
TS
 
Other attribute data for vnode 'newyork'
Type
Attr_Name
Attr_Value
Private
authentication_mechanism
kerberos
Notes:
The login/password entry for a Kerberos target should remain blank. A login/password entry is not required because the local Kerberos user principal is used for authentication, and the KDC authenticates using the ticket cache of the local user, rather than the system password on the remote connection target.
Kerberos authentication requires a TCP/IP-compatible network protocol on the local installation. On Windows, tcp_ip or win_tcp are acceptable protocol settings. On VMS, dec_tcp is the TCP/IP specifier, and will work if TCP/IP is supported through Multinet, TCP/IP, or TCP/IP over DECnet. Non-TCP/IP protocols, such as DECnet, are not supported.
Last modified date: 08/28/2024