Please see answers inline below :

We have a lot of experience of using Kerberos with Sybase ASE, so if you
want any more help after this, can we chat offline ?


-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On
Behalf Of herbert.chan@abnamro.com
Sent: 13 April 2006 19:29
To: kerberos@mit.edu
Subject: Powerbuilder 8, Sybase 12.5, Kerberos


We have a Powerbuilder 8 application with Sybase 12.5 backend. We are
trying to strengthen the application authentication by employing
(talking to Active Directory). We know that Powerbuilder 10 works with
Kerberos, does anyone know whether Powerbuilder 8 would work too?

Tim> Yes, Powerbuilder 8 is able to be used as a client with an ASE 12.5
database server, and Kerberos authentication.


1) Once we are converted, how would authorization work? As we understand
it, Kerberos would take care of the authentication. However, when the db
requests get to Sybase, how does it know what authority (grants) a
particular user has (we have been told we do not need users defined in
sybase anymore)?

Tim> you have to create users in the database which are then used to
determine authorisation. The Kerberos tickets are used to authenticate
this user so that no passwords need to be transmitted or stored in the
database, but all other permissions associated with the Sybase user are
still present in the database as they are for non-Kerberos authenticated

2) Also, if we "Kerberize" the sybase server, would all db instances in
that server be also "Kerberized"?

Tim> no, only users who are setup for Kerberos authentication.

3) Finally, once we "kerberize" a server/database, would we be able to
logon the the server/db without going through Kerberos (via Isql, etc.)?

Tim> yes, you can logon to database using tools like isql and Kerberos
authentication (for example, if you use isql -V) or if you have a user
with a userid/password in sybase database you can also use this by
specifying the userid and password when running isql.


This message (including any attachments) is confidential and may be
privileged. If you have received it by mistake please notify the sender
return e-mail and delete this message from your system. Any unauthorised
use or dissemination of this message in whole or in part is strictly
prohibited. Please note that e-mails are susceptible to change. ABN AMRO
Bank N.V, which has its seat at Amsterdam, the Netherlands, and is
registered in the Commercial Register under number 33002587, including
group companies, shall not be liable for the improper or incomplete
transmission of the information contained in this communication nor for
delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or
group companies) does not guarantee that the integrity of this
communication has been maintained nor that this communication is free of
viruses, interceptions or interference.

Kerberos mailing list Kerberos@mit.edu

Kerberos mailing list Kerberos@mit.edu