Supplying User ID and Password

This section describes the use of Natural variables, which are not part of Entire Access. It covers the following topics:

General Authentication Information

If your RDBMS requires a user ID and password, you can specify them either before starting the Natural session or during the Natural session.

When you submit your user ID and password using environment variables before starting the Natural session, the prompt window is suppressed and the program executes without interruption.

Otherwise, when you access a database for the first time during a session, a window appears and prompts you for your database user ID and password. The Natural program stops executing until you enter a valid ID and password.

Before starting a Natural session, clients can specify the desired type of authentication, using the environment variable SQL_DATABASE_LOGIN: 

SQL_DATABASE_LOGIN=authentication-type

where authentication-type can be one of the following:

  • DB = database authentication (the default),

  • OS = operating-system authentication,

  • DB_OS = both database and operating-system authentication.

Clients can then specify user ID and password using the environment variables for database authentication SQL_DATABASE_USER and SQL_DATABASE_PASSWORD, or the environment variables for operating-system authentication SQL_OS_USER and SQL_OS_PASSWORD, or both.

Once the Natural session starts, only database authentication (the default) is available for clients. The SQLCONNECT statement (see the Natural Statements documentation) makes it possible to specify user IDs and passwords dynamically so that you can access different databases within a single Natural session. User ID and password can be specified either before or after the Natural session starts.

Operating-system authentication is only possible for remote connect strings.

Note:
The authentication details can also be set by the Natural Configuration Utility (NATPARM). Here it is possible to make DBID-specific settings. See the Natural Configuration Utility documentation for further details.

UNIX Clients

Authentication Type

To set the authentication type, set the following environment variable in your login procedure: 

SQL_DATABASE_LOGIN=authentication-type
export SQL_DATABASE_LOGIN

Database Authentication

For database authentication, set the following environment variables in your login procedure: 

SQL_DATABASE_USER=db-user-id
SQL_DATABASE_PASSWORD=db-password
export SQL_DATABASE_USER SQL_DATABASE_PASSWORD

Note:
If you want to access multiple databases from a single user session, your user ID and password must be the same for each database.

Operating-System Authentication

For operating-system authentication, set the following environment variables in your login procedure: 

SQL_OS_USER=os-user-id
SQL_OS_PASSWORD=os-password
export SQL_OS_USER SQL_OS_PASSWORD

Windows Clients

Authentication Type

To set the authentication type, set the following environment variable: 

SET SQL_DATABASE_LOGIN=authentication-type

Database Authentication

For database authentication, set the following environment variables: 

SET SQL_DATABASE_USER=db-user-id
SET SQL_DATABASE_PASSWORD=db-password

Note:
If you want to access multiple databases from a single user session, your user ID and password must be the same for each database.

Operating-System Authentication

For operating-system authentication, set the following environment variables: 

SET SQL_OS_USER=os-user-id
SET SQL_OS_PASSWORD=os-password

Windows Server

Depending on how your Windows server utilizes Domain Name Services (DNS), operating-system authentication may or may not be possible. The system administrator should proceed as follows:

  1. Use a valid Windows user ID of 8 characters or fewer.

  2. Before starting serversingle, set the VORTEX_AUTH_DOMAIN=<domain_name_server> where <domain_name_server> is the Domain Name Server used by your Windows server.

  3. Enable access to the Domain Name Server for the connecting user by logging on as a batch job.

  4. To enable the attribute Log on as a batch job, check the option Show Advanced User Rights.

  5. Ensure that both the user and the Administrator are added to the Administrators and any Domain groups. For example: 

      
Administrative Tools (Common)
    User Manager for Domains
      Policies
        User Rights . . .

      
User Rights Policy
   Domain:  OSXDEV
   Right:  Log on as a batch job
   Grant To: Administrator
             Administrators
             Domain Admins
             Domain Users
             Everyone
             NETWORK
             your user-name
             SQLExecutiveCmdExec(SQLExecutiveCmdExec)
             Users
    Show Advanced User Rights <checked>
      
Administrative Tools (Common)
   User Manager for Domains
    Administrator <double click>
     Groups
      Member of:
       Administrators
       Domain Admins
       Domain Guests
       Domain Users
      
Administrative Tools (Common)
   User Manager for Domains
   your user-name <double click>
      Groups
       Member of:
        Administrators
        Domain Admins
        Domain Guests
        Domain Users
        Users