During installation, the following files required for Kerberos authentication are installed in the /lib subdirectory of your product installation directory:
krb5.conf is a Kerberos configuration file containing values for the Kerberos realm and the KDC name for that realm. A generic file is installed that you must modify for your environment.
JDBCDriverLogin.conf file is a configuration file that specifies which Java Authentication and Authorization Service (JAAS) login module to use for Kerberos authentication. This file is configured to load automatically unless the java.security.auth.login.config system property is set to load another configuration file. You can modify this file, but the driver must be able to find the JDBC_DRIVER_01 entry in this file or another specified login configuration file to configure the JAAS login module. Refer to your J2SE documentation for information about setting configuration options in this file
To configure the driver:
1. Set the AuthenticationMethod property to kerberos. See Using the AuthenticationMethod Property for more information about setting a value for this property.
2. Set the ServicePrincipalName property to the case-sensitive service principal name to be used for Kerberos authentication. For Sybase, the service principal name is the name of a server configured in your Sybase interfaces file.
The value of the ServicePrincipalName property can include the Kerberos realm name, but it is optional. If you do not specify the realm name, the default realm is used. For example, if the service principal name, including Kerberos realm name, is server/sybase125ase1@XYZ.COM and the default realm is XYZ.COM, valid values for this property are:
server/sybase125ase1@XYZ.COM
and
server/sybase125ase1
3. Modify the krb5.conf file to contain your Kerberos realm name and the KDC name for that Kerberos realm by editing the file with a text editor or by specifying the system properties, java.security.krb5.realm and java.security.krb5.kdc.
Note: If using Windows Active Directory, the Kerberos realm name is the Windows domain name and the KDC name is the Windows domain controller name.
For example, if your Kerberos realm name is XYZ.COM and your KDC name is kdc1, your krb5.conf file would look like this:
[libdefaults] default_realm = XYZ.COM
[realms] XYZ.COM = { kdc = kdc1 }
If the krb5.conf file does not contain a valid Kerberos realm and KDC name, the following exception is thrown:
Message:[DataDirect][Sybase JDBC Driver]Could not establish a connection using integrated security: No valid credentials provided
The krb5.conf file is configured to load automatically unless the java.security.krb5.conf system property is set to point to another Kerberos configuration file.
4. If using Kerberos authentication with a Security Manager on a Java 2 Platform, you must grant security permissions to the application and driver. See Permissions for Kerberos Authentication for an example.