pripojeni MS SQL z linuxu
Honza Pazdziora
adelton na informatics.muni.cz
Čtvrtek Červenec 11 16:50:15 CEST 2002
On Thu, Jul 11, 2002 at 01:04:24PM +0200, Korinek, Jan wrote:
> When Windows NT Authentication Mode is used, the database administrator allows users to access the computer running SQL Server by granting them the right to log in to SQL Server 7.0. Windows NT security identifiers (SIDs) are used to track Windows NT authenticated logons. As Windows NT SIDs are used, the database administrator can grant logon access directly to Windows NT users or groups.
> Mixed Mode
> In SQL Server 7.0, Mixed Mode relies on Windows NT to authenticate users when the client and server are capable of using NTLM2, or Kerberos logon authentication protocols. If either party is incapable of using a standard Windows NT logon, SQL Server requires a username and password pair, and compares this pair against those stored in its system tables. Connections that rely on username and password pairs are called non-trusted.
> Mixed mode is supplied for two reasons: backward compatibility and when SQL Server 7.0 is installed on the Microsoft Windows(r) 95 and Windows 98 operating systems, as trusted connections are not supported on Windows 95/98 computers when they are the "Server."
> Using SIDs Internally
> One of the major enhancements of SQL Server 7.0 is that it now uses security identification numbers (SIDs) internally. Windows NT users and groups can be granted access to databases or specific database objects directly. For example, Jane is a member of the SALES and MARKETING groups in Windows NT. The SALES group has been granted permission to log in to SQL Server, and also to access the pubs database. An administrator could grant access to the authors table for Jane by her Windows NT name, REDMOND\Jane. The Windows NT account must be referenced by domain and username. In this case, Jane's SID would be stored in the system tables of the pubs database.
>
> A podle toho by se server skutečně mohl chovat jinak při NTLM a user/password autentizaci.
Hm hmmm. Nevim, jestli tomu uplne rozumim. Ale v obou pripadech ja
definuji to ODBC spojeni s loginem a heslem. Akorat pak tcpdumpem
zjistuji, ze v jednom pripade heslo nejde otevrene a posloupnost
v packetech nasvedcuje tomu, ze probiha challenge response, a ve
druhem pripade je poslan login a heslo jako cleartext. Ale ten
uzivatel, pod kterym se loguji do toho SQL Serveru, na tom NT
klientovi jako systemovy uzivatel neni.
Kazdopadne dekuji za text, i kdybych ho byl nasel, asi by mi jeho
semantika nedosla. :-)
--
------------------------------------------------------------------------
Honza Pazdziora | adelton na fi.muni.cz | http://www.fi.muni.cz/~adelton/
... all of these signs saying sorry but we're closed ...
------------------------------------------------------------------------
Další informace o konferenci Test