Using Open Client security services

The Adaptive Server interfaces provide several DBParm parameters that support Open Client 11.1.x or later network-based security services in your application. If you are using the required database, security, and PowerBuilder software, you can build applications that take advantage of Open Client security services.

What are Open Client security services?

Open Client 11.1.x or later security services allow you to use a supported third-party security mechanism (such as CyberSafe Kerberos) to provide login authentication and per-packet security for your application. Login authentication establishes a secure connection, and per-packet security protects the data you transmit across the network.

Requirements for using Open Client security services

For you to use Open Client security services in your application, all of the following must be true:

  • You are accessing an Adaptive Server database server using Open Client Client-Library (CT-Lib) 11.1.x or later software.

  • You have the required network security mechanism and driver.

    You have the required SAP-supported network security mechanism and SAP-supplied security driver properly installed and configured for your environment. Depending on your operating system platform, examples of supported security mechanisms include: Distributed Computing Environment (DCE) security servers and clients, CyberSafe Kerberos, and Windows NT LAN Manager Security Services Provider Interface (SSPI).

    For information about the third-party security mechanisms and operating system platforms that Appeon has tested with Open Client security services, see the Open Client documentation.

  • You can access the secure server outside PowerBuilder.

    You must be able to access a secure Adaptive Server server using Open Client 11.1.x or later software from outside PowerBuilder.

    To verify the connection, use a tool such as ISQL or SQL Advantage to make sure you can connect to the server and log in to the database with the same connection parameters and security options you plan to use in your PowerBuilder application.

  • You are using a PowerBuilder database interface.

    You are using the ASE or SYC Adaptive Server interface to access the database.

  • The Release DBParm parameter is set to the appropriate value for your database.

    You have set the Release DBParm parameter to 11or higher to specify that your application should use the appropriate version of the Open Client CT-Lib software.

    For instructions, see Release in the section called “Release” in Connection Reference.

  • Your security mechanism and driver support the requested service.

    The security mechanism and driver you are using must support the service requested by the DBParm parameter.

Security services DBParm parameters

If you have met the requirements described in Requirements for using Open Client security services, you can set the security services DBParm parameters in the Database Profile Setup dialog box for your connection or in a PowerBuilder application script.

There are two types of DBParm parameters that you can set to support Open Client security services: login authentication and per-packet security.

Login authentication DBParms

The following login authentication DBParm parameters correspond to Open Client 11.1.x or later connection properties that allow an application to establish a secure connection.

Sec_Channel_Bind
Sec_Cred_Timeout
Sec_Delegation
Sec_Keytab_File
Sec_Mechanism
Sec_Mutual_Auth
Sec_Network_Auth
Sec_Server_Principal
Sec_Sess_Timeout

For instructions on setting these DBParm parameters, see their descriptions in Database Parameters in Connection Reference.

Per-packet security DBParms

The following per-packet security DBParm parameters correspond to Open Client 11.1.x or later connection properties that protect each packet of data transmitted across a network. Using per-packet security services might create extra overhead for communications between the client and server.

Sec_Confidential
Sec_Data_Integrity
Sec_Data_Origin
Sec_Replay_Detection
Sec_Seq_Detection

For instructions on setting these DBParm parameters, see their descriptions in Database Parameters in Connection Reference.