Understanding Vector Security Mechanisms
Vector provides a variety of security methods. The default method is DBMS Authentication.
• Access control methods, which include Kerberos and user authentication
• User authentication methods, which include DBMS Authentication, INGRES mechanism, and NULL mechanism
• Encryption methods, which include Kerberos and AES.
Kerberos
Allows access through private key and requires a trusted third party. Kerberos is a dynamic mechanism because it uses third-party software and is loaded into the Vector executable image at runtime. Kerberos is a highly secure alternative to OS security, and optionally allows encryption of the entire data stream between the DBMS Server and the client.
DBMS Authentication
(Default) Allows user authentication against the DBMS users and passwords defined in the installation, without having to use any external or OS security mechanism. The DBMS Server provides the authentication.
INGRES mechanism
Allows user authentication against the operating system.
NULL mechanism
Allows users to authenticate without providing passwords or other types of authentication. Use of the Null security mechanism is strongly discouraged.
AES
Provides encryption of the network data stream between the DBMS Server and the client. This mechanism does not provide user authentication. AES is a dynamic mechanism because it uses OS encryption libraries and is loaded into the Vector executable image at runtime.
Except for DBMS Authentication, all these methods are performed before the connection is made to the DBMS Server.
The NULL, INGRES, KERBEROS, and AES mechanisms are listed under the Security component in Configuration-By-Forms (or Configuration Manager, if available). The default configuration setting for security mechanisms rarely needs to be changed. Multiple mechanisms are supported concurrently.
The DBMS Authentication method is controlled in Configuration-By-Forms, DBMS Server component, dbms_authentication.