Set up a domain account during installation

Introduction

• Usually, a user name and password are specified when connecting to a database.

• Such configurations are considered insecure as passwords are stored in clear text in external files or in job parameters.
• The SQL Server® provides a means to connect to a database without specifying a user account and password.

Integrated Security

This authentication scheme is based on the fact that the account that a component is operated for is already authenticated by the OS and therefore can access a database without specifying user/password credentials.

Use of Integrated Security during Installation

There are two prerequisites:

• to set up a domain account before installation for the user account that performs the installation.
• to set up a Hibernate configuration file, see JS7 - Database:
  • Users can create an individual Hibernate

...

• • configuration file and make the installer use this file. The hibernate.connection.url property in this file should include the IntegratedSecurity=true setting, no user name and password

...

• • must be specified.
  • This configuration will implicitly use the domain account that

...

• • JOC Cockpit is operated for.

  • Code Block
    title Add IntegratedSecurity=true property
    <property name"hibernate.connection.url">jdbc:sqlserver://[servername]:[port];IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]</property>

Use of Integrated Security for an existing Installation

If you want

Set up a domain account for an existing JobSchedule installation

If you wanted to use a connection to a an SQL Server for JobScheduler with a Windows domain account then it could might happen that during installation you receive an error during set-upmessage like this:

 SQLException: Login failed for user 'DOMAIN\USER'

The given userid that is used by this connection presents itself as a SQL\USER account, instead of a DOMAIN\USER account.

A check on the of SQL Server indicates logs will indicate that the given userid User ID that was used tried to establish the connection presents presented itself as a an SQL\USER account, instead of a DOMAIN\USER account.You can continue the set-up but the database tables will not be created and the JobScheduler doesn't start.

Follow these steps to fix the problem after the set-up

edit $SCHEDULER_DATA/config/sos_settings.ini

 url = jdbc:sqlserver://[servername]:1433;IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]

 url = jdbc:jtds:sqlserver://[servername]:1433;domain=[domainname];sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]

Then start $SCHEDULER_HOME\install\scheduler_install_tables.cmd to create the database tables.

Apply the following modification to your Hibernate configuration file:

• modify JETTY_BASE/resources/joc/hibernate.cfg.xml:

  Code Block
  title Add IntegratedSecurity=true property

...

edit $SCHEDULER_DATA/config/factory.ini

 db = jdbc -class... jdbc:sqlserver://[servername]:1433;IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename] -user=... -password=...

 db = jdbc -class... jdbc:jtds:sqlserver://[servername]:1433;domain=[domainname];sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename] -user=... -password=...

edit $SCHEDULER_DATA/config/hibernate.cfg.xml

...

• <property name"hibernate.connection.url">jdbc:sqlserver://[servername]:

...

• [port];IntegratedSecurity=true

...

...

• ;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]</property>