Databases Reference
In-Depth Information
. Authentication is like
, and com-
DATA_ENCRYPT_CMP
SERVER_ENCRYPT
munication will use
if the client supports it with a fall-
back to unencrypted communications if the client does not.
DATA_ENCRYPT
. This is also a new feature in UDB 8.2 allowing an exten-
sible authentication approach. You can plug in any authentication
mechanism that conforms to the GSS API to become UDB's authen-
tication provider.
GSSPLUGIN
. Authentication is either
or
GSS_SERVER_ENCRYPT
GSSPLUGIN
.
SERVER_ENCRYPT
You've now seen that DB2 UDB uses the server OS for authentication,
and I mentioned that this is often also the recommended authentication
option in other database environments. The main reason that operating sys-
tem authentication is a good option is that it solves the credentials manage-
ment issue; it allows you to let the operating system take care of credential
management rather than having to carefully consider where and how you
store user credentials. Let's move on to look at the authentication options
for SQL Server and Oracle.
Microsoft SQL Server has two authentication modes: Windows
authentication and mixed authentication. Windows authentication is the
default mode and the one recommended by Microsoft. Windows authenti-
cation means that SQL Server relies exclusively on Windows to authenti-
cate users and associate users with groups. Mixed authentication means
that users can be authenticated either by Windows or directly by SQL
Server. In this case SQL Server still uses Windows to authenticate client
connections that are capable of using NTLM (NT LAN Manager) or Ker-
beros, but if the client cannot authenticate, then SQL Server will authenti-
cate it using a username and password stored directly within SQL Server.
NTLM is an authentication protocol used in various Microsoft network
protocol implementations and is used throughout Microsoft's systems as
an integrated single sign-on mechanism.
Let's move on to Oracle. Oracle also has many authentication options,
including native Oracle authentication, which uses Oracle tables to main-
tain passwords, and operating system authentication. Let's start by under-
standing how native authentication works using a simple example showing
an interaction between a client using OCI and an Oracle server.
The native authentication process starts when a client asks you for a
username and password and calls the OCI layer. At this point the Transpar-
ent Network Substrate layer (TNS) is called. TNS makes a network call to
Search WWH ::
Custom Search