Set up a domain account during installation

Introduction

• Usually, a user name and password are specified when connecting to a database.

• Such configurations are considered insecure as passwords are stored in clear text in external files or in job parameters.
• The SQL Server® provides a means to connect to a database without specifying a user account and password.

Integrated Security

This authentication scheme is based on the fact that the account that a component is operated for is already authenticated by the OS and can therefore access a database without specifying user/password credentials.

Prerequisites

The following prerequisites apply:

• a domain account has to be set up before installation of the JOC Cockpit for the user account that connects to the database,
• to set up a Hibernate configuration file, see JS7 - Database:
  • Users can create an individual Hibernate

...

• • configuration file and make the installer use this file. The hibernate.connection.url property in this file

...

• • has to include the IntegratedSecurity=true setting, no user name

...

• • or password

...

• • has to be specified.

  • This configuration will implicitly use the domain account that

...

• • JOC Cockpit is operated for.

    Code Block
    title Add IntegratedSecurity=true property
    <property name"hibernate.connection.url">jdbc:sqlserver://[servername]:[port];IntegratedSecurity=true;sendStringParametersAsUnicode=true;selectMethod=cursor;databaseName=[databasename]</property> <property name="hibernate.connection.username"></property> <property name="hibernate.connection.password"></property>

Use with Windows

The SQL Server® JDBC Driver distribution usually ships with a library for authentication purposes with a name such as sql_jdbc.dll or  mssql-jdbc_auth-9.2.1.x64.dll or similar. This library should be added to a location that is specified with the Windows PATH environment variable for the JOC Cockpit Windows Service. Alternatively, it can simply be stored in the C:\Windows\System32 directory or to the bin directory of the Java JDK/JRE in use.

Use with Linux

Rumor says that Integrated Security with Linux operating systems should be possible by using the Kerberos integration layer.

However, SOS has no information about a securely working environment that would allow a Linux operating system account to connect to SQL Server® without a password.

Troubleshooting

If you modified an existing Hibernate configuration file

Set up a domain account for an existing JobSchedule installation

If you wanted to use a connection to a SQL Server for JobScheduler ® with a Windows domain account then it could might happen that you receive an error during set-upmessage like this during installation:

 SQLException: Login failed for user 'DOMAIN\USER'

...

A check on of the SQL Server indicates ® logs might indicate that the given userid User ID that was used tried to establish the connection presents presented itself as a an SQL\USER account, instead of a DOMAIN\USER account.You can continue the set-up but the database tables will not be created and the JobScheduler doesn't start.

Follow these steps to fix the problem after the set-up

edit $SCHEDULER_DATA/config/sos_settings.ini

 url = jdbc:sqlserver://[servername]:1433;IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]

 url = jdbc:jtds:sqlserver://[servername]:1433;domain=[domainname];sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]

Then start $SCHEDULER_HOME\install\scheduler_install_tables.cmd to create the database tables.

Consider using the IntegratedSecurity=true setting with your Hibernate configuration file:

...

edit $SCHEDULER_DATA/config/factory.ini

 db = jdbc -class... jdbc:sqlserver://[servername]:1433;IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename] -user=... -password=...

 db = jdbc -class... jdbc:jtds:sqlserver://[servername]:1433;domain=[domainname];sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename] -user=... -password=...

edit $SCHEDULER_DATA/config/hibernate.cfg.xml

...

...

• modify JETTY_BASE/resources/joc/hibernate.cfg.xml:

  Code Block
  title Add IntegratedSecurity=true property

• <property name"hibernate.connection.url">jdbc:sqlserver://[servername]:

...

• [port];IntegratedSecurity=true;sendStringParametersAsUnicode=

...

...

• true;selectMethod=cursor;databaseName=[databasename]</property>