PEPPLER.ORG
Michael Peppler
Sybase Consulting
Menu
Home
Sybase on Linux
Install Guide for Sybase on Linux
General Sybase Resources
General Perl Resources
Freeware
Sybperl
Sybase::Simple
DBD::Sybase
BCP Tool
Bug Tracker
Mailing List Archive
Downloads Directory
FAQs
Sybase on Linux FAQ
Sybperl FAQ
Personal
Michael Peppler's resume

sybperl-l Archive

Up    Prev    Next    

From: Merijn Broeren <merijnb at iloquent dot com>
Subject: Re: DBD::Sybase 1.02.2 available for testing
Date: Jan 8 2004 3:06PM

Quoting Michael Peppler (mpeppler@peppler.org):
> I've just placed DBD::Sybase 1.02.2 (i.e. 1.03-tobe) in the download
> directory on www.peppler.org (http://www.peppler.org/downloads).
> 
> This new version adds some new configuration functionality (auto-detect
> of thread-safe libraries if the perl binary is built with threading,
> auto-detect of 64 bit libs as needed) and has been tested for
> thread-safety (well, to a certain extent - I won't *guarantee* that it
> is thread safe...).

I've built 1.02.2 on a 64 bit machine, both the threaded and non
threaded libraries get detected with perl5.6 (non-thread) and perl5.8
(threaded). They test just fine. sybperl 2.16 as well by the way. This
is with both 12.5 and 12.5.1 connection libraries. 

> I've also added support for Kerberos based network authentication during
> connection to ASE. This last bit is untested because I don't have such a
> system installed here.
> 
I see the code is unchanged, or near enough, so I expect it to pass
testing when I try it later today. One thing though, in the
documentation you talk about tickets, but that is not correct.
You provide the straightforward string passing as well as the subroutine 
reference,  "kerberos=$ticket" and "{syb_kerberos_ticket =>
\&sybGetPrinc}". In both cases, the caller either supplies the
kerberos principal name or a routine that determines the principal name. 

Not the ticket. The ticket is obtained from the ticket server, or made
with a ticket granting ticket, by the kerberos library (used by the
Sybase ct library). In order to obtain a ticket, we need to know for
what service, which is the principal we are providing. We also need the
user's principal name and the workstation's, but those automatically
determined.

Users are principals. An application server is a principal. Basically
anything with its own kerberos identity. peppler@kerbrealm,
host/saias44@kerbrealm, sybase/saias44 are principal names identifying
the respective principals. 

So the documentation should read like this 

=item kerberos

Note: Requires OpenClient 11.1.1 or later.

Sybase and OpenClient can use Kerberos to perform network-based login.
If you use Kerberos for authentication you can use this feature and pass
a kerberos serverprincipal using the C parameter:

    $dbh = DBI->connect("dbi:Sybase:kerberos=$serverprincipal", '', '');

In addition, if you have a system for retrieving Kerberos serverprincipals at
run-time you can tell DBD::Sybase to call a perl subroutine to get
the serverprincipal from connect():

    sub sybGetPrinc {
        my $srv = shift;
        return the serverprincipal...
    }
    $dbh = DBI->connect('dbi:Sybase:server=troll', '', '', { syb_kerberos_serverprincipal => \&sybGetPrinc });

The subroutine will be called with one argument (the server that we will
connect to, using the normal Sybase behavior of checking the DSQUERY
environment variable if no server is specified in the connect()) and is
expected to return a string (the Kerberos serverprincipal) to the caller.

=back

That means a slight code change for syb_kerberos_serverprincipal instead
of syb_kerberos_ticket. I'll test it with those changes and let you
know. 

Regards,
-- 
Merijn Broeren | Everything in excess! To enjoy the flavour of life,
Software Geek  | take big bites. Moderation is for monks.
               |