Chapter 1: System Procedures

sp_serveroption

Description

Displays or changes remote server options.

Syntax

sp_serveroption [server, optname, optvalue]

Parameters

server: is the name of the remote server for which to set the option.

optname

is the name of the option to be set or unset. Table 1-20 lists the option names.

**Table 1-20: sp_serveroption options**
Option	Meaning
mutual authentication	Valid for “rpc security model B” only – this option specifies that the local server authenticates the remote server by retrieving the credential of the remote server and verifying it with the security mechanism. With this service, the credentials of both servers are authenticated and verified.
external engine auto start	Specifies that EJB Server starts up each time Adaptive Server starts up. The default is true; starting Adaptive Server also starts up EJB Server.
net password encryption	Specifies whether to initiate connections with a remote server with the client side password encryption handshake or with the normal (unencrypted password) handshake sequence. The default is false, no network encryption.
readonly	Component Integration Services only – specifies that access to the server named is read only.
rpc security model A	The default model for handling RPCs. This model does not support mutual authentication, message integrity, or message confidentiality between the local server and the remote server.
rpc security model B	This model results in a single, secure physical connection established between the local and remote servers. Logical connections for each RPC that is executed are multiplexed over the single, secure, physical connection. This model supports mutual authentication, message confidentiality via encryption, and message integrity.
security mechanism	Valid for “rpc security model B” only – this option specifies the security mechanism for the remote server. You must set this option to true to use security model B.
server cost	Component Integration Services only – specifies the cost of a single exchange under the user’s control, on a per-server basis. See Chapter 2, “Understanding Component Integration Services” in Understanding CIS for more information.
server logins	Component Integration Services only – to fully support remote logins, Client-Library provides connection properties that enable CIS to request a server connection. This connection is recognized at the receiving server as a server connection (as opposed to an ordinary client connection), allowing the remote server to validate the connection through the use of sysremotelogins as if the connection were made by a site handler. When enabled, Omni connects to the specified server using the CS_LOGIN_TYPE connection property, with type set to LREMUSER. Also, if the remote server is an Adaptive Server, the CS_LOGIN_REMOTE_SERVER property is set to the value of the local server name, and remote passwords are set using ct_remote_pwd().
negotiated logins	Component Integration Services only – this option is necessary if CIS connections to XP server or Backup Server are required. When enabled, Omni connects to the specified server using the CS_SEC_CHALLENGE property, and establishes a callback handler that can respond appropriately to login challenges from XP Server and Backup Server.
timeouts	When unset (false), disables the normal timeout code used by the local server, so the site connection handler does not automatically drop the physical connection after one minute with no logical connection. The default is false.
use message confidentiality	Valid for “rpc security model B” only – this option specifies that messages are encrypted when sent to the remote server, and results from the remote server are encrypted.
use message integrity	Valid for “rpc security model B” only – this option specifies that messages between the servers are checked for tampering.
cis hafailover	Component Integration Services only – if enabled, instructs Open Client to use automatic failover when connections fail. In this case, CIS connection failures automatically failover to the server specified in directory services (such as the interface file and ldap server) as the failover server.

Adaptive Server accepts any unique string that is part of the option name. Use quotes around the option name if it includes embedded blanks.

optvalue

is true (on) or false (off) for all options except the security mechanism option.

For the security mechanism option, specify the name of the security mechanism. To see the names of the security mechanisms available on a server, execute:

select * from syssecmechs

Examples

Example 1

Displays a list of the server options:

sp_serveroption

Settable server options.

 ------------------------ 
 cis hafailover
 external engine auto start 
 mutual authentication 
 negotiated logins 
 net password encryption 
 readonly 
 rpc security model A 
 rpc security model B 
 security mechanism 
 server cost 
 server logins 
 timeouts 
 use message confidentiality 
 use message integrity

Example 2

Tells the server not to time out inactive physical connections with the remote server GATEWAY:

sp_serveroption GATEWAY, "timeouts", false

Example 3

Specifies that when connecting to the remote server GATEWAY, GATEWAY sends back an encryption key to encrypt the password to send to it:

sp_serveroption GATEWAY, "net password encryption", true

Example 4

Specifies that the EJB Server SYB_EJB starts up each time Adaptive Server starts up:

sp_serveroption SYB_EJB, "external engine auto start", true

Example 5

Specifies that the security model for RPCs for the server “TEST3” is security model B.

sp_serveroption TEST3, "rpc security model B", true

Example 6

Specifies that the security model to use for RPCs for “TEST3” is DCE:

sp_serveroption TEST3, "security mechanism", dce

Example 7

Specifies that the local server will check the authenticity of the remote server “TEST3”. With security model B, the remote server will check the authenticity of the local server, whether or not this option is set:

sp_serveroption TEST3, "mutual authentication", true

Example 8

Disables automatic startup, where SYB_EJB is the logical name of the EJB Server:

sp_serveroption 'SYB_EJB', 'external engine auto start', 'false'

To enable automatic startup, enter:

sp_serveroption 'SYB_EJB', 'external engine auto start', 'true'

See “Starting EJB Server automatically” in Chapter 2, “Getting Started” of the EJB Server User’s Guide for more information about using external engine auto start.

Usage

To display a list of server options that can be set by the user, use sp_serveroption with no parameters.
Once timeouts is set to false, the site handlers will continue to run until one of the two servers is shut down.
The net password encryption option allows clients to specify whether to send passwords in plain text or encrypted form over the network when initiating a remote procedure call. If net password encryption is true, the initial login packet is sent without passwords, and the client indicates to the remote server that encryption is desired. The remote server sends back an encryption key, which the client uses to encrypt its passwords. The client then encrypts its passwords, and the remote server uses the key to authenticate them when they arrive.
To set network password encryption for a particular isql session, you can use a command line option for isql. For more information, see the Utility Programs manual for your platform.
You cannot use the net password encryption option when connecting to a pre-release 10.0 SQL Server.
The options security mechanism, mutual authentication, use message confidentiality, and use message integrity do not apply to security model A.
To use security model B, both the local server and the remote server must use model B and both must use the same security mechanism.

Permissions

Only a System Administrator can execute sp_serveroption to set the timeouts option. Any user can execute sp_serveroption with no parameters to display a list of options.

Only a System Security Officer can set the net password encryption, security mechanism, mutual authentication, use message confidentiality, and use message integrity options.

Auditing

Values in event and extrainfo columns from the sysaudits table are:

Event	Audit option	Command or access audited	Information in extrainfo
38	exec_procedure	Execution of a procedure	Roles – Current active roles Keywords or options – NULL Previous value – NULL Current value – NULL Other information – All input parameters Proxy information – Original login name, if set proxy in effect