Kerberos - 与服务器和SQL Server可信连接的JAAS连接之间的区别 [英] Kerberos - difference between JAAS connection to server and SQL Server Trusted Connection
问题描述
我的理解是,JAAS在连接时从用户或文件中获取用户凭据 - 向目录服务器询问故障单,并将其显示给服务器。
SQL Server驱动程序从哪里获取其kerberos票证? (因为它似乎能够从用户现有的登录获取信用)。它是否获得用户登录凭证 - 还是从用户登录会话中提取凭据?
SQL Server驱动程序获取来自TGT的Kerberos门票(车票授予票)。这个TGT是一个用户登录会话的一部分,可用于获取短活期票,以验证其他服务(例如SQL Server)。
您可以使用Windows Server资源工具包中的Kerbtrey实用程序来检查这些机票。
JAAS还使用相同的票证,但需要被告知从文件获取票证+配置(例如Kerberos服务器的名称),该路径有些依赖于操作系统版本。
SQL Server驱动程序使用Wind32 API获取令牌。
My understanding is that both JAAS and SQL Server can be configured to use kerberos in a domain environment, with an active directory server.
My understanding that JAAS gets the user credentials from the user or from a file at the time of the connection - asks the directory server for a ticket, and presents that to the server.
Where does the SQL Server Driver get its kerberos ticket from? (as it seems to be able to obtain creditentials from the users existing login). Does it get the user login ticket - or does it extract the credentials from the user's logged in session?
SQL Server Driver gets Kerberos tickets from TGT (ticket granting ticket). This TGT is a ticket that is part of user's logon session and can be used to get short lived tickets to authenticate to other services (E.g. SQL Server).
You can use "Kerbtrey" utility from Windows Server Resource kit to examine such tickets.
JAAS also uses the same tickets but it needs to be told to obtain tickets + configuration (E.g. name of Kerberos server) from file and that path is somewhat dependent on OS version.
SQL Server drivers uses Wind32 API to get tokens.
这篇关于Kerberos - 与服务器和SQL Server可信连接的JAAS连接之间的区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
