The principal name is the name the server uses to authenticate with the Kerberos Key Distribution Center (KDC). When you have multiple instances of Adaptive Server running, you must have different principal names for each Adaptive Server.
In Adaptive Server version 12.5.4, you can use a new dataserver option
and a new environment variable to specify a principal name different
from the Adaptive Server name. Adaptive Server name is specified
by environment variables DSLISTEN and DSQUERY, or the dataserver command-line
option "-s servername".
You can set the principal name either the setenv command or the -k dataserver option.
By default, the principal name is the name of Adaptive Server. To specify a different name, set SYBASE_PRINCIPAL before starting Adaptive Server to use Kerberos:
setenv SYBASE_PRINCIPAL <name of principal>
Once you have set an Adaptive Server principal name, Adaptive Server uses the value of this variable to authenticate itself with Kerberos.
You can use the following command-line option to specify an Adaptive Server principal name, when starting Adaptive Server:
-k <server principal name>
When you start an Adaptive Server with the Kerberos security mechanism enabled, Adaptive Server first uses the principal name specified with the -k option for Kerberos authentication. If the -k option is not specified, Adaptive Server looks for the principal name in the environment variable SYBASE_PRINCIPAL. If neither is specified, Adaptive Server uses the server name for authentication.
In this example, the Adaptive Server name is “ase1254” and realm name is “MYREALM.COM,” the Adaptive Server name is specified on the command line with -s parameter to the dataserver. The current realm is specified in libtcl.cfg by a secbase attribute value:
[SECURITY] csfkrb5=libskrb.so libgss=/krb5/lib/libgss.so secbase=@MYREALM.COM
The default Adaptive Server principal name is “ase1254@MYREALM.COM.” If the principal name defined in the Adaptive Server keytab file is “aseprincipal@MYREALM.COM,” you can override the default Adaptive Server principal name by setting a server principal name using options 1 or 2 below:
Option 1: -k is specified:
% $SYBASE/$SYBASE_ASE/bin/dataserver -dmaster.dat -s ase1254 -k aseprincipal@MYREALM.COM
The Adaptive Server principal name used to authenticate with Kerberos is “aseprincipal@MYREALM.COM.”
Option 2: -k is not specified but SYBASE_PRINCIPAL is set:
setenv SYBASE_PRINCIPAL aseprincipal@MYREALM.COM $SYBASE/$SYBASE_ASE/bin/dataserver –dmaster.dat -s ase1254
The Adaptive Server principal name used to authenticate with Kerberos is “aseprincipal@MYREALM.COM,” the value of $SYBASE_PRINCIPAL.
Option 3: Neither -k nor SYBASE_PRINCIPAL is set
% $SYBASE/$SYBASE_ASE/bin/dataserver –dmaster.dat -s ase1254
The Adaptive Server principal name used to authenticate with Kerberos is “ase1254@MYREALM.COM.”
For more information about Kerberos, see the Security section of the System Administration Guide, Volume One.
