Page History
| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Introduction
Usually, a user name and password are specified when connecting to a database.
- Such configurations are considered insecure as passwords are stored in clear text in external files or in job parameters.
- The SQL Server® provides a means to connect to a database without specifying a user account and password.
Integrated Security
This authentication scheme is based on the fact that the account that a component is operated for is already authenticated by the OS and therefore can access a database without specifying user/password credentials.
Use of Integrated Security during Installation
Prerequisites
The following prerequisites applyThere are two prerequisites:
- to set up a domain account before JOC Cockpit installation for the user account that performs the installation.connects to the database,
- to set up a Hibernate configuration file, see JS7 - Database:
- Users can create an individual Hibernate configuration file and make the installer use this file. The
hibernate.connection.urlproperty in this file should has to include theIntegratedSecurity=truesetting, no user name and no password must be specified. - This configuration will implicitly use the domain account that JOC Cockpit is operated for.
Code Block title Add IntegratedSecurity=true property <property name"hibernate.connection.url">jdbc:sqlserver://[servername]:[port];IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]</property> <property name="hibernate.connection.username"></property> <property name="hibernate.connection.password"></property>
- Users can create an individual Hibernate configuration file and make the installer use this file. The
Use with Windows
The SQL Server® JDBC Driver distribution usually ships with a library for authentication purposes with a name such as sql_jdbc.dll or mssql-jdbc_auth-9.2.1.x64.dll or similar. This library should be added to a location that is specified with the Windows PATH environment variable for the JOC Cockpit Windows Service or can simply be stored to the C:\Windows\System32 directory or to the bin directory of
...
the Java JDK/JRE in use.
Use with Linux
Rumor says that Integrated Security with Linux operating systems should be possible by use of the Kerberos integration layer.
However, SOS has no information about a securely working environment that would allow a Linux operating system account to connect to SQL Server® without a password.
Troubleshooting
If you modified an existing Hibernate configuration file If you want to use a connection to an SQL Server® with a Windows domain account then it might happen that occur during installation that you receive an error message like this:
| Code Block |
|---|
SQLException: Login failed for user 'DOMAIN\USER' |
The given userid that is used by this connection presents itself as a SQL\USER account, instead of a DOMAIN\USER account.
A check of SQL Server® logs will might indicate that the given User ID that tried to establish the connection presented itself as an SQL\USER account, instead of a DOMAIN\USER account.
Apply the following modification to Consider to use the IntegratedSecurity=true setting with your Hibernate configuration file:
modify
JETTY_BASE/resources/joc/hibernate.cfg.xml:Code Block title Add IntegratedSecurity=true property <property name"hibernate.connection.url">jdbc:sqlserver://[servername]:[port];IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]</property>
...
Overview
Content Tools