<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <HTML ><HEAD ><TITLE >Kerberos Support</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="FreeTDS User Guide" HREF="index.htm"><LINK REL="UP" TITLE="Advanced Configurations" HREF="configs.htm"><LINK REL="PREVIOUS" TITLE="Domain Logins" HREF="domains.htm"><LINK REL="NEXT" TITLE="Threading in unixODBC" HREF="uothread.htm"><LINK REL="STYLESHEET" TYPE="text/css" HREF="userguide.css"><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" ><SPAN CLASS="PRODUCTNAME" >FreeTDS</SPAN > User Guide: A Guide to Installing, Configuring, and Running <SPAN CLASS="PRODUCTNAME" >FreeTDS</SPAN ></TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="domains.htm" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 5. Advanced Configurations</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="uothread.htm" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="KERBEROS" >Kerberos Support</A ></H1 ><P >Perhaps surprisingly, <A NAME="AEN2270" HREF="#FTN.AEN2270" ><SPAN CLASS="footnote" >[1]</SPAN ></A > Kerberos can be used to authenticate to Microsoft SQL Servers. This affords single-signon (or, at most, <SPAN CLASS="QUOTE" >"double-signon"</SPAN >) capability in non-Windows environment. </P ><P >To take advantage of Kerberos you have to set up your machine with keytab <A NAME="AEN2275" HREF="#FTN.AEN2275" ><SPAN CLASS="footnote" >[2]</SPAN ></A > from your Active Directory. You could use <A HREF="http://www.samba.org/" TARGET="_top" >Samba</A > or configure Kerberos directly (<TT CLASS="FILENAME" >/etc/krb5.conf</TT >). <B CLASS="COMMAND" >configure</B > includes options to define the location of your Kerberos installation (cf. <A HREF="config.htm#CONFIGURE.OPTIONS" >Options to configure</A >). </P ><P >By default UNIX does not initialize a Kerberos ticket with your login account. You must use <B CLASS="COMMAND" >kinit</B > to initialize a ticket. You could also configure Kerberos in PAM to initialize a Kerberos ticket at login time.</P ></DIV ><H3 CLASS="FOOTNOTES" >Notes</H3 ><TABLE BORDER="0" CLASS="FOOTNOTES" WIDTH="100%" ><TR ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="5%" ><A NAME="FTN.AEN2270" HREF="kerberos.htm#AEN2270" ><SPAN CLASS="footnote" >[1]</SPAN ></A ></TD ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="95%" ><P >It works because much of Active Directory is based on Kerberos. <SPAN CLASS="emphasis" ><I CLASS="EMPHASIS" >From each according to his ability; to each according to his needs. </I ></SPAN ></P ></TD ></TR ><TR ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="5%" ><A NAME="FTN.AEN2275" HREF="kerberos.htm#AEN2275" ><SPAN CLASS="footnote" >[2]</SPAN ></A ></TD ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="95%" ><P >No, the author does not really know what he's talking about.</P ></TD ></TR ></TABLE ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="domains.htm" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.htm" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="uothread.htm" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Domain Logins</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="configs.htm" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Threading in unixODBC</TD ></TR ></TABLE ></DIV ></BODY ></HTML >