Startseite Erkunden Hilfe
Anmelden
FirebirdDB
/
firebird
Mirror von https://github.com/FirebirdSQL/firebird.git
2
0
Fork 0
Dateien Issues 0 Wiki
Struktur: v4.0.4
Branches Tags
firebird
/
examples
/
extauth
/
INSTALL

INSTALL 3.0 KB
Permalink Verlauf Originalformat

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. 0. Brief description.
    2. 

  2. 

  3. fbSampleExtAuth plugin is useful when you want to run 'execute statement on external'
    4. 

  4. statement connecting to databases on non-local servers but do not wish to explicitly
    5. 

  5. add login and password to your PL/SQL code. When 2 servers completely trust each other
    6. 

  6. this plugin may be used to enable access to remote database without entering login and
    7. 

  7. password in SQL code. To ensure that connection comes from trusted source shared secret
    8. 

  8. key (placed into plugin's .conf file) is used. That means that the value of a "Key"
    9. 

  9. parameter should be exacly the same for all trusting each other hosts. Pay attention -
    10. 

  10. SQL name of connected user on remote host may not match local logon, it depends also
    11. 

  11. upon mappings on remote host.
    12. 

  12. 

  13. 1. Before starting the build.
    14. 

  14. 

  15. This authentication plugin is using TomCrypt (https://www.libtom.net/LibTomCrypt/) library.
    16. 

  16. Firebird since v.4 is actively using it. Depending upon build type tomcrypt binary may be
    17. 

  17. included or not included into your package. In a case when it's included you will find
    18. 

  18. appropriate H-files in tomcrypt.include subdir. If not that means that native OS library
    19. 

  19. is used and you should also work with it. Depending upon your OS you will may be need
    20. 

  20. to install development package for tomcrypt.
    21. 

  21. 

  22. 2. Building plugin.
    23. 

  23. 

  24. Type 'make' in this directory. Build system supposes that it was not moved out of standard
    25. 

  25. firebird tree. In a case when you did it manually you will sooner of all have to change
    26. 

  26. Makefile appropriately. If you use firebird with different operating systems and/or hardware
    27. 

  27. you should build plugin for each used configuration.
    28. 

  28. 

  29. 3. Installing plugin.
    30. 

  30. 

  31. Makefile has install target (make install) which may be used for current box. However
    32. 

  32. this is not full solution because plugin is supposed to be used to connect at least two
    33. 

  33. separate servers. See 'Testing' for more details.
    34. 

  34. 

  35. 4.Testing.
    36. 

  36. 

  37. - imagine you have two hosts: host1 and host2;
    38. 

  38. - generate configuration file using fbSampleExtAuthKeygen utility on any of them (only ONCE -
    39. 

  39. on ONE host !!!);
    40. 

  40. - copy that file and plugin itself to $FIREBIRD/plugins directory on each host;
    41. 

  41. - modify firebird.cond, it should contain something like:
    42. 

  42. 	AuthServer = Srp256, fbSampleExtAuth
    43. 

  43. 	AuthClient = Srp256, fbSampleExtAuth
    44. 

  44. lines, certainly something else may be used instead recommended Srp256;
    45. 

  45. - if you need WIN_SSPI plugin please add it AFTER fbSampleExtAuth;
    46. 

  46. - do not forget to restart firebird after reconfiguring it;
    47. 

  47. - create minimal required mapping on host1:
    48. 

  48. 	CREATE MAPPING EXT USING PLUGIN fbSampleExtAuth FROM ANY USER TO USER EXTUSER;
    49. 

  49. - run the following script on host2:
    50. 

  50. 	SET TERM ^;
    51. 

  51. 	EXECUTE BLOCK RETURNS(REMNAME CHAR(32)) AS BEGIN
    52. 

  52. 		EXECUTE STATEMENT 'SELECT CURRENT_USER FROM RDB$DATABASE'
    53. 

  53. 				ON EXTERNAL 'host1:employee' INTO :REMNAME;
    54. 

  54. 		SUSPEND;
    55. 

  55. 	END^
    56. 

  56. 	SET TERM ;^
    57. 

  57. you should get something like this:
    58. 

  58. 	REMNAME
    59. 

  59. 	==============================
    60. 

  60. 	EXTUSER
    61. 

  61. - explicitly specifying login and/or password in SQL statement normally deactivates
    62. 

  62. this plugin but one can use IgnoreLogin and IgnorePassword parameters to change that.
    63. 

  63. 

  64.