SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQL Server Authenticated Users, why are we still using them?


SQL Server Authenticated Users, why are we still using them?

Author
Message
bkubicek
bkubicek
SSCrazy Eights
SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)

Group: General Forum Members
Points: 9725 Visits: 1092
Comments posted to this topic are about the item SQL Server Authenticated Users, why are we still using them?
Dave Poole
Dave Poole
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: General Forum Members
Points: 64126 Visits: 4053
If your application runs on Linux but has a SQL Server back end does anyone know how to get it to use AD? I know some apps allow it through a library called krb5 but don't know the specifics.
I think this is another area that forces DBAs or domain admins to become policemen. In the security sphere I feel that too much is left to best endeavours with unrecorded lines of responsibility.

LinkedIn Profile
www.simple-talk.com
xsevensinzx
xsevensinzx
SSC-Insane
SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)

Group: General Forum Members
Points: 23030 Visits: 6103
What keeps me from using it? Linux and Python.

I use a lot of Python for my ETL as opposed to SSIS in Azure. Even before I moved to Azure, I still used a lot of Python with SQL Server and with SSIS to streamline data into the system. For example, most of my data comes from various API's that Python is used to load data parallel directly into the database.

I do have AD integration with my Azure solution today. But with the IP based firewall and certificates, it makes securing those authenticate users better.
xsevensinzx
xsevensinzx
SSC-Insane
SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)SSC-Insane (23K reputation)

Group: General Forum Members
Points: 23030 Visits: 6103
David.Poole - Friday, March 30, 2018 12:32 AM
If your application runs on Linux but has a SQL Server back end does anyone know how to get it to use AD? I know some apps allow it through a library called krb5 but don't know the specifics.
I think this is another area that forces DBAs or domain admins to become policemen. In the security sphere I feel that too much is left to best endeavours with unrecorded lines of responsibility.

I don't know personally, but the organization I work for has a global IT team that manages our infrastructure. They have a method where if you're using Linux, they can get AD integration working on the system. But this has some cons that I do believe most Linux users hate with their apps.

Dave Schutz
Dave Schutz
Hall of Fame
Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)Hall of Fame (3.7K reputation)

Group: General Forum Members
Points: 3717 Visits: 624
We have a MS application that still requires SQL authentication.
Eric M Russell
Eric M Russell
SSC Guru
SSC Guru (113K reputation)SSC Guru (113K reputation)SSC Guru (113K reputation)SSC Guru (113K reputation)SSC Guru (113K reputation)SSC Guru (113K reputation)SSC Guru (113K reputation)SSC Guru (113K reputation)

Group: General Forum Members
Points: 113982 Visits: 15224
Creating a linked server connection to another domain.


"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
clay passick
clay passick
SSC Rookie
SSC Rookie (29 reputation)SSC Rookie (29 reputation)SSC Rookie (29 reputation)SSC Rookie (29 reputation)SSC Rookie (29 reputation)SSC Rookie (29 reputation)SSC Rookie (29 reputation)SSC Rookie (29 reputation)

Group: General Forum Members
Points: 29 Visits: 29
Like others I have SQL Servers that are off the domain for security reasons.
BobAtDBS
BobAtDBS
Hall of Fame
Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)Hall of Fame (3.8K reputation)

Group: General Forum Members
Points: 3750 Visits: 403
I see your point if you live in a world where all your users are part of your domain. But if you serve up applications that connect to SQL Server from hundreds (in our case thousands) of users who are NOT in your domain, you have two choices. Use SQL Server authentication, or use one (or a few) logins and do your own login and password control, which may or may not be as good or better than what SQL Server offers. I'm open to viewpoints!


Student of SQL and Golf, Master of Neither
bkubicek
bkubicek
SSCrazy Eights
SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)SSCrazy Eights (9.7K reputation)

Group: General Forum Members
Points: 9725 Visits: 1092
BobAtDBS - Friday, March 30, 2018 7:20 AM
I see your point if you live in a world where all your users are part of your domain. But if you serve up applications that connect to SQL Server from hundreds (in our case thousands) of users who are NOT in your domain, you have two choices. Use SQL Server authentication, or use one (or a few) logins and do your own login and password control, which may or may not be as good or better than what SQL Server offers. I'm open to viewpoints!

I am assuming that if you have thousands of users you are talking about a web app? If you are, normally websites running under IIS will have their own application pool. You can set the identity of the application pool to be a network user. Normally, we get our AD guys to create a service account, then all access to the web app happen through this one AD account.

Ben

lmalatesta
lmalatesta
Mr or Mrs. 500
Mr or Mrs. 500 (529 reputation)Mr or Mrs. 500 (529 reputation)Mr or Mrs. 500 (529 reputation)Mr or Mrs. 500 (529 reputation)Mr or Mrs. 500 (529 reputation)Mr or Mrs. 500 (529 reputation)Mr or Mrs. 500 (529 reputation)Mr or Mrs. 500 (529 reputation)

Group: General Forum Members
Points: 529 Visits: 181
bkubicek - Friday, March 30, 2018 7:52 AM
BobAtDBS - Friday, March 30, 2018 7:20 AM
I see your point if you live in a world where all your users are part of your domain. But if you serve up applications that connect to SQL Server from hundreds (in our case thousands) of users who are NOT in your domain, you have two choices. Use SQL Server authentication, or use one (or a few) logins and do your own login and password control, which may or may not be as good or better than what SQL Server offers. I'm open to viewpoints!

I am assuming that if you have thousands of users you are talking about a web app? If you are, normally websites running under IIS will have their own application pool. You can set the identity of the application pool to be a network user. Normally, we get our AD guys to create a service account, then all access to the web app happen through this one AD account.

Ben

Why would you assume that it's a web app because there are thousands of users?

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum









































































































































































SQLServerCentral


Search