Distributed transactions and authentication modules
When HCL® OneDB® initiates a distributed connection after the session is established, it cannot respond to authentication challenges because the timing is unpredictable. Also, the password required to connect to the local server might not be the same as the password required to connect to the remote server. Consequently, authentication for distributed connections must be completed by the remote server on the basis of trust. The remote server must trust the local server and the remote administrators must explicitly permit the user to connect from the local server to the remote server.
The sysauth table in the sysuser database on a server records the trusted remote servers and the host on which those servers run and controls incoming connections from other servers. If PAM or an LDAP Authentication Support Module is enabled in the remote servers, the system administrator can enter authorized users in the sysauth table in the sysuser database for each remote server.
Database: sysuser
Column | Type |
---|---|
username | CHAR(32) |
groupname | CHAR(32) |
servers | VARCHAR(128) |
hosts | VARCHAR(128) |
The table can contain multiple rows for a single user to permit connections from different servers and hosts. A unique index exists on the combination of username, servers, and hosts, none of which allow nulls. The groupname column must be empty; any value in the column is ignored.
insert into sysauth values ("user1", NULL, "server1", "host1.example.com");
For forward compatibility, ensure that each row in the table identifies one user name, one HCL OneDB server name, and one host name. Do not use comma-separated or space-separated lists of server or host names in one entry.