An authentication token is an encrypted string that contains access information for a specific database user. The use of a token provides an alternative login mechanism that hides plain-text user names and passwords. Sessions created by token-based authentication are identical to those created with regular password-based authentication. The sessions have identical privileges and no limitation on the number of sessions.
Token-based authentication is possible with ODBC and JDBC interfaces. solidDB API (SA) and HTTP SQL interfaces are not supported.
The server creates an encryption key that is used to encrypt a user name and password in the token. All users have their own unique authentication token.
Token encryption can be done by using either built-in DES encryption or OpenSSL encryption but the server and the client must use the same encryption. OpenSSL encryption is used if available, otherwise DES encryption is used.
Token-based authentication uses a static key for symmetrical password encryption.
The authentication token can be saved to a file or used as a string. Token-based authentication should not be considered as a communication or database encryption mechanism.
A token is created for each database user individually by executing the DESCRIBE SQL statement with the CREDENTIALS option, see DESCRIBE. The statement has to be executed in a session opened by the user who will use the token; the database administrator can not create tokens for other users.
After the token is created, the token is invalidated by only the following actions:
▪ A password change or the dropping of the user account from the database
▪ The command ADMIN COMMAND 'cryptokeyreset'
There is no time-based expiration in solidDB access tokens.