mirror of
https://github.com/FirebirdSQL/firebird.git
synced 2025-01-22 21:23:04 +01:00
65 lines
3.0 KiB
Plaintext
65 lines
3.0 KiB
Plaintext
0. Brief description.
|
|
|
|
fbSampleExtAuth plugin is useful when you want to run 'execute statement on external'
|
|
statement connecting to databases on non-local servers but do not wish to explicitly
|
|
add login and password to your PL/SQL code. When 2 servers completely trust each other
|
|
this plugin may be used to enable access to remote database without entering login and
|
|
password in SQL code. To ensure that connection comes from trusted source shared secret
|
|
key (placed into plugin's .conf file) is used. That means that the value of a "Key"
|
|
parameter should be exacly the same for all trusting each other hosts. Pay attention -
|
|
SQL name of connected user on remote host may not match local logon, it depends also
|
|
upon mappings on remote host.
|
|
|
|
1. Before starting the build.
|
|
|
|
This authentication plugin is using TomCrypt (https://www.libtom.net/LibTomCrypt/) library.
|
|
Firebird since v.4 is actively using it. Depending upon build type tomcrypt binary may be
|
|
included or not included into your package. In a case when it's included you will find
|
|
appropriate H-files in tomcrypt.include subdir. If not that means that native OS library
|
|
is used and you should also work with it. Depending upon your OS you will may be need
|
|
to install development package for tomcrypt.
|
|
|
|
2. Building plugin.
|
|
|
|
Type 'make' in this directory. Build system supposes that it was not moved out of standard
|
|
firebird tree. In a case when you did it manually you will sooner of all have to change
|
|
Makefile appropriately. If you use firebird with different operating systems and/or hardware
|
|
you should build plugin for each used configuration.
|
|
|
|
3. Installing plugin.
|
|
|
|
Makefile has install target (make install) which may be used for current box. However
|
|
this is not full solution because plugin is supposed to be used to connect at least two
|
|
separate servers. See 'Testing' for more details.
|
|
|
|
4.Testing.
|
|
|
|
- imagine you have two hosts: host1 and host2;
|
|
- generate configuration file using fbSampleExtAuthKeygen utility on any of them (only ONCE -
|
|
on ONE host !!!);
|
|
- copy that file and plugin itself to $FIREBIRD/plugins directory on each host;
|
|
- modify firebird.cond, it should contain something like:
|
|
AuthServer = Srp256, fbSampleExtAuth
|
|
AuthClient = Srp256, fbSampleExtAuth
|
|
lines, certainly something else may be used instead recommended Srp256;
|
|
- if you need WIN_SSPI plugin please add it AFTER fbSampleExtAuth;
|
|
- do not forget to restart firebird after reconfiguring it;
|
|
- create minimal required mapping on host1:
|
|
CREATE MAPPING EXT USING PLUGIN fbSampleExtAuth FROM ANY USER TO USER EXTUSER;
|
|
- run the following script on host2:
|
|
SET TERM ^;
|
|
EXECUTE BLOCK RETURNS(REMNAME CHAR(32)) AS BEGIN
|
|
EXECUTE STATEMENT 'SELECT CURRENT_USER FROM RDB$DATABASE'
|
|
ON EXTERNAL 'host1:employee' INTO :REMNAME;
|
|
SUSPEND;
|
|
END^
|
|
SET TERM ;^
|
|
you should get something like this:
|
|
REMNAME
|
|
==============================
|
|
EXTUSER
|
|
- explicitly specifying login and/or password in SQL statement normally deactivates
|
|
this plugin but one can use IgnoreLogin and IgnorePassword parameters to change that.
|
|
|
|
|