SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-20-2008, 03:21 PM
| ||||
| ||||
 Re: ODBC credentials and/or PAM Andrew, There is support for Informix on PAM. The pre-req for using PAM is: 1) make an entry in sqlhosts file 2) write a module and register it on server side 3) call the module from client. Please click the link if you need more information. Regards, Ramesh Gopal Andrew Clarke <aclarke@civica.com.au> Sent by: informix-list-bounces@iiug.org 21/03/2007 09:39 To "informix-list@iiug.org" <informix-list@iiug.org> cc Subject ODBC credentials and/or PAM Hi folks I'm wondering what the state of the art is for ODBC credentials and Informix. We want a user to get access to Informix if they have a valid Windows login, instead of having to store a password in the registry or get prompted. MS Sequel Server and it's OBDC driver can be configured to use NT Authentication, so the connection is seamless. It's probably using the Desktop tokens (NT style or Active Directories style) and passing them off to the domain controller for verification. Is there any way to get the Informix ODBC to work the same way? On a fairly related subject, what's the capabilities and purpose of the ability to plug PAM into the Informix engines? How can it be used? _______________________________________________ Informix-list mailing list Informix-list@iiug.org http://www.iiug.org/mailman/listinfo/informix-list      |
|
04-20-2008, 03:22 PM
| ||||
| ||||
| Re: ODBC credentials and/or PAM Lots of information on PAM on the IBM techinfo centre http://publib.boulder.ibm.com/infoce.../v10/index.jsp In particular http://publib.boulder.ibm.com/infoce...%61% 6d%22%20 A Pluggable Authentication Module (PAM) is a well-defined framework for supporting different authentication modules originally developed by Sun Microsystems. PAM enables system administrators to implement different authentication mechanisms for different applications. For example, the needs of a system like the UNIX login program might be different from an application that accesses sensitive information from a database. PAM allows for many such scenarios in a single machine, because the authentication services are attached at the application level. In addition to enabling an application to select the authentication as needed, PAM permits module stacking. Many modules can be stacked one after another, thus enabling the application to be authenticated in multiple ways, before granting access. PAM provides a set of APIs to support authentication, account Management, session Management and password management. The system administrator can enable or disable the use of PAM. By default, the database server uses the traditional Informix authentication mechanism (which is based on the BSD rhosts mechanism) in order to avoid forcing major changes on users. To use PAM with Dynamic Server: Your Informix database server must be on an operating system platform that supports PAM. Your client applications must be written using a sufficiently recent version of Client SDK. You must have the appropriate PAM service configured in the operating system. You must know whether the PAM service will simply accept the given password or whether it will use a challenge-response protocol (for example, a RADIUS authentication server). If your PAM service will use a challenge-response protocol, you must modify your applications to handle the challenge and response. The application must be aware that the PAM module can raise multiple challenges. You must ensure that Enterprise Replication and High-Availability Data Replication are not affected by PAM authentication. You must modify the server entry in the sqlhosts file for both the client application and the database server (if they are on separate machines or in separate locations on a single machine). |
Linear Mode
