Post reply

SQL Authentication process.

  • October 28, 2009 at 7:24 am

    #135888

    Hello,

    I was investigating about windows authentication vs SQL authentication process. I got to learn that how Windows authentication process uses kerberos algorithm to authenticate/connect a user/services. So here is my question, does SQL authentication mode (mixed mode) uses any algorithm to authenticate the user, or is it just login-password matching process which is stored into the server.

    Also, is there any role of Service Principle Names(SPN), Active Directories in SQL authentication process? I know it makes an entry in AD in case of win authentication process.

    Thanks.

  • October 28, 2009 at 9:23 am

    #1071834

    With mixed mode, you can authenticate with either kerberos (Windows) or SQL. SQL holds a list of logons and passwords which is used to authenticate logon requests. SQL authentication does not use kerberos or SPN.

    You can freely switch between the modes as you wish but stick to Windows Auth unless you have to.

    Hope this helps.

  • October 28, 2009 at 9:43 am

    #1071850

    Thank you Mark, It really helped me to understand the concept.

    I have one more question for you. As you said

    "SQL holds a list of logons and passwords which is used to authenticate logon requests"

    does that mean that SQL Server keeps a table having login-passwords in it? I thought it uses AD to fetch the login information. correct me if i am wrong.

    Thanks for the help.

    Manish

  • October 28, 2009 at 10:25 am

    #1071895

    ekant_alone (10/28/2009)

    Thank you Mark, It really helped me to understand the concept.

    I have one more question for you. As you said

    "SQL holds a list of logons and passwords which is used to authenticate logon requests"

    does that mean that SQL Server keeps a table having login-passwords in it? I thought it uses AD to fetch the login information. correct me if i am wrong.

    Thanks for the help.

    Manish

    For the Windows Auth - SQL does not store a password. For SQL Auth, a password is stored encrypted in a table in the master database.

    Jason...AKA CirqueDeSQLeil
    _______________________________________________
    I have given a name to my pain...MCM SQL Server, MVP
    SQL RNNR
    Posting Performance Based Questions - Gail Shaw[/url]
    Learn Extended Events

  • October 28, 2009 at 11:09 am

    #1071922

    the encryption is a one-way hash for SQL auth.

    Follow me on Twitter: http://www.twitter.com/way0utwest
    Forum Etiquette: How to post data/code on a forum to get the best help
    My Blog: www.voiceofthedba.com

  • October 29, 2009 at 7:50 am

    #1072443

    Thank you Mark Steve and Jason.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply