Establishing a secure default login

When a user with a valid credential from LAN Manager logs in to Adaptive Server, the server checks to see whether the name is listed as a user in master..syslogins. If it is, Adaptive Server accepts that user name.

For example, a user logs in to LAN Manager as “ralph”, and “ralph” is listed in master..syslogins. Adaptive Server uses all roles and authorizations as defined for “ralph” on that server.

As an alternative example, a user with a valid credential logs in to Adaptive Server, but is unknown to the server. Adaptive Server accepts the login only when a secure default login has been defined with sp_configure. Adaptive Server uses the default login for any user who is not defined in master.syslogins, but who is validated by LAN Manager.

To set up a secure login, use the following syntax:

sp_configure "secure default login", 0, login_name

where login_name is a user name. The default value for the secure default login parameter is “guest”.

The login used for this parameter must be a valid login in master..syslogins. For example, to set the login “gen_auth” to be the default login.

  1. Use sp_addlogin to add the login as a valid user in Adaptive Server:

    sp_addlogin gen_auth, pwgenau
    

    This procedure sets the initial password to “pwgenau”.

  2. Use sp_configure to designate the login as the security default:

    sp_configure "secure default login", 0, gen_auth
    

    Adaptive Server then uses this login for a user who, although validated by LAN Manager, is unknown to Adaptive Server.

NoteThis user does not have a unique identity in Adaptive Server. That is, more than one user can assume the suid (system user ID) associated with the secure default login. You might want to activate auditing for all activities of the default login. Instead of using the secure default login, consider using sp_addlogin to add all users to the server.

For more information about adding logins, see “Adding logins to support unified login”.