RE: Windows Authentication in a NT domain vs in an Active Director
From: Kevin McDonnell [MSFT] (kevmc_at_online.microsoft.com)
Date: 02/25/05
- Next message: Kevin McDonnell [MSFT]: "Re: Firewall and Ports"
- Previous message: Kevin McDonnell [MSFT]: "Re: Profiler"
- In reply to: Peter: "RE: Windows Authentication in a NT domain vs in an Active Director"
- Next in thread: Peter: "RE: Windows Authentication in a NT domain vs in an Active Director"
- Reply: Peter: "RE: Windows Authentication in a NT domain vs in an Active Director"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Feb 2005 01:19:24 GMT
Yes. This is true. Clients capable of Kerberos will attempt to connect via
Kerberos to SQL Server if you're using Windows Authentication.
If the Kerberos attempt fails, the client will use NTLM. We don't log
anything in SQL to tell you that the connection was made via Kerberos or
NTLM.
Yes. Security Delegation is an option to allow credentials to be passed
from one machine to another. This was not possible in an NT 4 domain. The
typical scenario where this is used is a Web Server application that
connects to SQL via Trusted Authentication. The web client is able to
authenticate to IIS via Kerberos, and then make a Kerberos connection to
SQL using the client credentials. The SQL Server has to have the SPN set
by a Domain Admin in order for this to work correctly.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
- Next message: Kevin McDonnell [MSFT]: "Re: Firewall and Ports"
- Previous message: Kevin McDonnell [MSFT]: "Re: Profiler"
- In reply to: Peter: "RE: Windows Authentication in a NT domain vs in an Active Director"
- Next in thread: Peter: "RE: Windows Authentication in a NT domain vs in an Active Director"
- Reply: Peter: "RE: Windows Authentication in a NT domain vs in an Active Director"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
