Herbert, Please see answers inline below :
We have a lot of experience of using Kerberos with Sybase ASE, so if you want any more help after this, can we chat offline ? Thanks, Tim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 13 April 2006 19:29 To: [email protected] Subject: Powerbuilder 8, Sybase 12.5, Kerberos Hi, We have a Powerbuilder 8 application with Sybase 12.5 backend. We are trying to strengthen the application authentication by employing Kerberos (talking to Active Directory). We know that Powerbuilder 10 works with Kerberos, does anyone know whether Powerbuilder 8 would work too? Tim> Yes, Powerbuilder 8 is able to be used as a client with an ASE 12.5 database server, and Kerberos authentication. Also: 1) Once we are converted, how would authorization work? As we understand it, Kerberos would take care of the authentication. However, when the db requests get to Sybase, how does it know what authority (grants) a particular user has (we have been told we do not need users defined in sybase anymore)? Tim> you have to create users in the database which are then used to determine authorisation. The Kerberos tickets are used to authenticate this user so that no passwords need to be transmitted or stored in the database, but all other permissions associated with the Sybase user are still present in the database as they are for non-Kerberos authenticated users. 2) Also, if we "Kerberize" the sybase server, would all db instances in that server be also "Kerberized"? Tim> no, only users who are setup for Kerberos authentication. 3) Finally, once we "kerberize" a server/database, would we be able to logon the the server/db without going through Kerberos (via Isql, etc.)? Tim> yes, you can logon to database using tools like isql and Kerberos authentication (for example, if you use isql -V) or if you have a user with a userid/password in sybase database you can also use this by specifying the userid and password when running isql. Thanks!!!! ------------------------------------------------------------------------ --- This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V, which has its seat at Amsterdam, the Netherlands, and is registered in the Commercial Register under number 33002587, including its group companies, shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. ------------------------------------------------------------------------ --- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
