Informix

 View Only
  • 1.  Authenfication

    Posted Thu February 18, 2021 09:02 AM
    Hi to All

    on onconfig :

    i want to use two different authentification methods  for the same server : OS USER and INTERNAL USER, is is possible ?

    DBSERVERNAME db_serv        (OS USER)
    DBSERVERALIASES db_net     (INTERNAL USER)

    on sqlhosts

    db_serv onsoctcp  host_ip host_port_1
    db_net   onsoctcp  host_ip host_port_2


    thanks :)

    ------------------------------
    John Smith
    ------------------------------

    #Informix


  • 2.  RE: Authenfication

    IBM Champion
    Posted Thu February 18, 2021 09:15 AM

    You can have PAM on one port and no PAM on the other

     

    Outside of that I'm not aware of any other options but I've never really looked. 

     

    But I suspect you do something within sysdbopen to block internal users from db_serv – again never tried

     

    Cheers

    Paul

     






  • 3.  RE: Authenfication

    Posted Thu February 18, 2021 09:30 AM
    Thank you Paul


    ------------------------------
    John Smith
    ------------------------------



  • 4.  RE: Authenfication

    IBM Champion
    Posted Thu February 18, 2021 09:28 AM
    As it stands, any default port would do both, internal and OS user authentication.
    Should OS auth be done through PAM, so on an Informix port configured to use PAM, no internal users could connect on that port.

    (One could argue why not allowing internal auth on a PAM port, esp. if that's configured to do simple OS auth only, but that's not implemented as of now.)

    So, to your question: you'd not even need those two separate ports - but could of course do it this way.
    What would not be possible, I think, is restricting such port to either only OS auth or only internal auth.

    ------------------------------
    Andreas Legner
    ------------------------------



  • 5.  RE: Authenfication

    Posted Thu February 18, 2021 10:10 AM
    Edited by System Fri January 20, 2023 04:40 PM
    still thinking about auth. methods, i think i was going the wrong way :(

    In fact i'm looking for a method where i can hide the user password, on a client server, similar to oracle wallet

    i know i can go on LDAP authentifaction (with MS Active directory for example) so no password need , just interacting with LDAP Server

    but i m also looking another  "informix way :)"

    ------------------------------
    John Smith
    ------------------------------