The operating system (OS) authentication feature lets DataDirect products integrate seamlessly into a Kerberos-based authentication mechanism. This allows your or your customers to include database access in a Single Sign-On (SSO) environment that:
- Bolsters system security
- Eliminates the need for users to log in separately for each application
- Reduces the costs associated with managing user accounts
See the benefits of an application environment that leverages Single Single-On:
|User IDs and passwords are sent across the network.
||Authentication is enabled via shared secrets / encryption; a password is never sent across the network.
||Eliminates security vulnerabilities such as packet sniffing and router logging used to capture passwords.
|Multiple User IDs and System IDs required.
||Single User ID and elimination of System IDs.
||Reduces usability issues while strengthening security by not requiring users to write down and keep user ID/password information.
|Duplicates user information in multiple account databases.
||Single, centrally managed store of user account credentials.
||Lowers management costs and provides better security by allowing for rapid and comprehensive changes to and/or removal of a user’s credentials.
|Database activity logged with generic System ID.
||Database activity identified by User ID (delegated credentials).
||Better audit accuracy assists compliance efforts.
For an organization to successfully implement SSO across the enterprise, all components must be able to participate. DataDirect provides the most consistent Kerberos-enabled data access middleware implementation on the market. DataDirect products also offer many features that are unique or not readily available in the middleware market.
|Delegation of Credentials
||DataDirect provides the ability to delegate the user credential through the programs involved in the application stack.
||Allows application to authenticate the real user vs. an administrative ID that is less secure and obfuscates DB activity.
||DataDirect Connect provides the ability to re-associate a pooled connection with a different authenticated user.
||Applications that use connection pooling can more efficiently re-use connections while minimizing the number of connections required in the pool.
|Type 5 JDBC architecture
||DataDirect provides the only JDBC drivers on the market that support Windows authentication while remaining pure 100% Java JDBC drivers, a feature so unique, it goes beyond being Type 4, making them Type 5.
||Offers a choice of implementing a pure Java authentication that is not dependent on extraneous Windows components that need to be installed and maintained.