JDBC Driver & Windows Authentication on Microsoft SQL Server
Microsoft SQL Server offers two types of security authentication: SQL Server authentication and Windows authentication. SQL Server authentication authenticates the user to the database using a database user name and password. Windows authentication is also referred to as "Windows Integrated Security" or a "trusted connection" because it relies on the user being authenticated, or "trusted," by the operating system. Windows authentication is the authentication mode recommended by Microsoft.
Windows authentication takes advantage of Windows user security and account mechanisms. By allowing Microsoft SQL Server to share the user name and password used for Windows, users with a valid Windows account can log into Microsoft SQL Server without supplying a user name and password. In addition to a single login within a Windows domain, Windows authentication provides a more secure mechanism for logging into Microsoft SQL Server. Standard Windows security mechanisms also provide the added advantages of auditing, password aging, minimum password length, and account lockout after multiple invalid login requests.
The DataDirect Connect® for JDBC® SQL Server driver is the only JDBC driver for Microsoft SQL Server that provides two methods for supporting Windows authentication, a Pure Java (Type 4) implementation and a Windows-specific (Type 2) implementation. The Windows-specific implementation requires minimal configuration to enable Windows authentication; however, it can only be used when the driver is running on a Windows platform. The Pure Java implementation is not restricted to Windows platforms, but requires configuration of your Kerberos environment.
This document describes both types of Windows authentication methods supported by the DataDirect Connect for JDBC SQL Server driver and provides an overview of the configuration required to use each method. Finally, it describes the current limitations and future enhancements planned for this functionality.
