Page History
Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Set up a domain account during installation
Display feature availability | ||
---|---|---|
|
Jira | ||||||||
---|---|---|---|---|---|---|---|---|
|
Introduction
Usually, a user name and password are specified when connecting to a database.
- Such configurations are considered insecure as passwords are stored in clear text in external files or in job parameters.
- The SQL Server® provides a means to connect to a database without specifying a user account and password.
Integrated Security
This authentication scheme is based on the fact that the account that a component is operated for is already authenticated by the OS and can therefore access a database without specifying user/password credentials.
Prerequisites
The following prerequisites apply:
- a domain account has to be set up before installation of the JOC Cockpit for the user account that connects to the database,
- to set up a Hibernate configuration file, see JS7 - Database:
- Users can create an individual Hibernate
...
- configuration file and make the installer use this file. The
hibernate.connection.url
property in this file
- configuration file and make the installer use this file. The
...
- has to include the
IntegratedSecurity=true
setting, no user name
- has to include the
...
- or password
...
- has to be specified.
This configuration will implicitly use the domain account that
...
JOC Cockpit is operated for.
Code Block title Add IntegratedSecurity=true property <property name"hibernate.connection.url">jdbc:sqlserver://[servername]:[port];IntegratedSecurity=true;sendStringParametersAsUnicode=true;selectMethod=cursor;databaseName=[databasename]</property> <property name="hibernate.connection.username"></property> <property name="hibernate.connection.password"></property>
Use with Windows
The SQL Server® JDBC Driver distribution usually ships with a library for authentication purposes with a name such as sql_jdbc.dll
or mssql-jdbc_auth-9.2.1.x64.dll
or similar. This library should be added to a location that is specified with the Windows PATH
environment variable for the JOC Cockpit Windows Service. Alternatively, it can simply be stored in the C:\Windows\System32
directory or to the bin
directory of the Java JDK/JRE in use.
Use with Linux
Rumor says that Integrated Security with Linux operating systems should be possible by using the Kerberos integration layer.
However, SOS has no information about a securely working environment that would allow a Linux operating system account to connect to SQL Server® without a password.
Troubleshooting
If you modified an existing Hibernate configuration file
Set up a domain account for an existing JobSchedule installation
If you wanted to use a connection to a SQL Server for JobScheduler ® with a Windows domain account then it could might happen that you receive an error during set-upmessage like this during installation:
Code Block |
---|
SQLException: Login failed for user 'DOMAIN\USER' |
...
A check on of the SQL Server indicates ® logs might indicate that the given userid User ID that was used tried to establish the connection presents presented itself as a an SQL\USER
account, instead of a DOMAIN\USER
account.You can continue the set-up but the database tables will not be created and the JobScheduler doesn't start.
Follow these steps to fix the problem after the set-up
edit $SCHEDULER_DATA/config/sos_settings.ini
Code Block | ||
---|---|---|
| ||
url = jdbc:sqlserver://[servername]:1433;IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]
|
Code Block | ||
---|---|---|
| ||
url = jdbc:jtds:sqlserver://[servername]:1433;domain=[domainname];sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename]
|
Then start $SCHEDULER_HOME\install\scheduler_install_tables.cmd to create the database tables.
Consider using the IntegratedSecurity=true
setting with your Hibernate configuration file:
...
edit $SCHEDULER_DATA/config/factory.ini
Code Block | ||
---|---|---|
| ||
db = jdbc -class... jdbc:sqlserver://[servername]:1433;IntegratedSecurity=true;sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename] -user=... -password=...
|
Code Block | ||
---|---|---|
| ||
db = jdbc -class... jdbc:jtds:sqlserver://[servername]:1433;domain=[domainname];sendStringParametersAsUnicode=false;selectMethod=cursor;databaseName=[databasename] -user=... -password=...
|
edit $SCHEDULER_DATA/config/hibernate.cfg.xml
...
title | for MSSQL JDBC driver add IntegratedSecurity=true |
---|
...
modify
JETTY_BASE/resources/joc/hibernate.cfg.xml
:Code Block title Add IntegratedSecurity=true property
<property name"hibernate.connection.url">jdbc:sqlserver://[servername]:
...
[port];IntegratedSecurity=true;sendStringParametersAsUnicode=
...
title | for jTDS JDBC driver add domain=<domainname> |
---|
...
true;selectMethod=cursor;databaseName=[databasename]</property>