Confusion on standard security methodologies.

From: Pete Grazaitis (pjgratz@yahoo.com)
Date: 01/14/03 

From: pjgratz@yahoo.com (Pete Grazaitis)
Date: 14 Jan 2003 12:54:15 -0800

I am getting a little confused on just how to set up a nice secure
extranet.

Here is the situation:

Running an application that will require users to access the site both
inhouse and remotely. Application will talk to a back-end SQL
database.

Here is my supposed configuration:

-Application will use SQL NT authentication as a more secure method.
Have the web server sit on the inside and open the necessary port
(80/443) for remote clients to connect.

-How do remote clients authenticate to the domain? I would like to
use Integrated Authentication with Kerberos, seems to be the standard
- but may not be the best. I could do delegation with Basic Auth and
Active directory. Or X.509 Certs mapped to accounts?

-Some of these users do not have NT accounts, and really dont need to
have it. I would like to keep this server off of my domain. Would I
still need to create an active directory account for kerberos and then
institute a domain trust.

-Is it possible to use SQL mixed mode and for those that happen to
have an NT account authenticate this way for others use a hash based
authentication scheme?

Relevant Pages

  • Re: SQL Server Authentication Accross Domain Without Trust.
    ... but I'm imagining that this SQL ... Authentication is only for SQL accounts and you can't use it to ... passthrough the alternate domain credentials. ...
    (microsoft.public.sqlserver.security)
  • Re: SQL Server Authentication issues!
    ... where username/password security is secure. ... MS SQL ... Authentication is _IMPOSSIBLE_ to secure ... enable double-hop authenticaiton for SQL Server; ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Authentication problems
    ... If they don't want to discuss it, they need to understand that the SBS domain does not support domain trusts and if they want you to re-write the app to use SQL authentication, they will pay for it. ... My company wrote an accounting client/server solution with an MS SQL Server backend for one of our customers, and it worked fine for many years. ... Recently however, they just upgraded their hardware across the entire organisation, including the accounts dept's server and workstations. ...
    (microsoft.public.windows.server.sbs)
  • Authentication problems
    ... My company wrote an accounting client/server solution with an MS SQL Server ... including the accounts dept's server and workstations. ... This has created authentication problems, ...
    (microsoft.public.windows.server.sbs)
  • RE: local admin account password
    ... The script randomises the local admin password at every boot and stores ... Use a different password on all boxes and a big filling cabinet to secure ... Only use domain accounts so delete the local ones. ... 5)My main idea/plan is to store all the passwords on a central SQL server. ...
    (Focus-Microsoft)