Siebel Security Guide > Security Adapter Authentication >

Implementing Database Authentication

This topic describes how to implement database authentication. Database authentication is typically implemented for a Siebel employee application, such as Siebel Call Center or Siebel Sales. Database authentication is configured as the default authentication method and is the easiest of the authentication approaches supported by Siebel Business Applications to implement.

About Implementing the Database Security Adapter

Although configuration might not be required, you can implement the database security adapter using the Security Adapter Mode (SecAdptMode) and Security Adapter Name (SecAdptName) parameters. The Security Adapter Mode and Security Adapter Name parameters can be set for the Siebel Gateway Name Server, the Siebel Enterprise Server, for a particular Siebel Server, for an individual Application Object Manager component, or for the Synchronization Manager component (for Siebel Remote).

You can configure the Security Adapter Mode and Security Adapter Name parameters using Siebel Server Manager. To do this, you specify parameter values for a named subsystem (enterprise profile). For the Developer Web Client, parameters can be configured by editing the application configuration file directly. For Gateway Name Server authentication, parameters can be configured by editing the gateway.cfg file.

CAUTION:  If you want to configure a server component or a Siebel Server to use different database authentication settings than those already configured at a higher level (that is, configured for the Siebel Enterprise or Siebel Server), then you must create a new database security adapter. If you do not, then settings you make reconfigure the existing security adapter wherever it is used.

The following procedure describes how to implement database authentication.

To implement database authentication

1. Specify that you want to use the database security adapter by setting values for the following parameters:
   1. Set the Security Adapter Mode parameter to DB (the default value).
   2. Set the Security Adapter Name parameter to DBSecAdpt (the default value), or to a security adapter (enterprise profile or named subsystem) with a different name.

      For more information about parameters for the database security adapter, see Configuration Parameters Related to Authentication.

2. If you want to implement user password hashing, then set the Hash User Password parameter to True.

   For detailed information on this task, see Configuring User Password Hashing.

   User password hashing maintains a hashed password in the database account while an unhashed version of the password is provided to the user for logging in. When user password hashing is enabled, a hashing algorithm is applied to the user's password before it is compared to the hashed password stored in the database. It is recommended that you implement password hashing for user passwords.

   NOTE:  For database authentication, password hashing parameters are specified for a data source referenced from the database security adapter, rather than specified directly for the security adapter.

3. Provide each user with access to Siebel Business Applications and the Siebel database as follows:
   1. Create a database account for the user using your database management functionality.
   2. Create a Siebel user record in the Siebel database; the user ID must match the user name for the database account.

      You add users to the Siebel database through an employee application such as Siebel Call Center. For detailed information about adding users, see About Adding a User to the Siebel Database.

4. If you are implementing database authentication with an MS SQL Server database, then perform the task described in Implementing Database Authentication with MS SQL Server.

About Password Expiration

If you use database authentication, then it is recommended that you implement database password expiration policies on the database server if this functionality is supported by your RDBMS. For example, it is recommended that you configure database passwords to expire after a defined time period unless they are changed.

On some RDBMSs this functionality is provided by default; on others this functionality, if provided, must be configured. For information on the password expiration policies supported by your RDBMS, see the appropriate RDBMS vendor documentation.

NOTE:  Support for password expiration policies and database user account password change through Siebel Business Applications is available only on supported IBM DB2 RDBMS operating systems.