Page History
| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Introduction
Usually, a user name and password are specified when connecting to a database.
- Such configurations are considered insecure as passwords are stored in clear text in external files or in job parameters.
- The SQL Server® provides a means to connect to a database without specifying a user account and password.
Integrated Security
This authentication scheme is based on the fact that the account that a component is operated for is already authenticated by the OS and can therefore
...
access a database without specifying user/password credentials.
Use of Integrated Security during Installation
There are two prerequisites:
Prerequisites
The following prerequisites apply:
- a domain account has to be set up before installation of the JOC Cockpit to set up a domain account before installation for the user account that performs the installation.connects to the database,
- to set up a Hibernate configuration file, see JS7 - Database:
- Users can create an individual Hibernate configuration file and make the installer use this file. The
hibernate.connection.urlproperty in this file should has to include theIntegratedSecurity=truesetting, no user name and or password must has to be specified. This configuration will implicitly use the domain account that JOC Cockpit is operated for.
Code Block title Add IntegratedSecurity=true property <property name"hibernate.connection.url">jdbc:sqlserver://[servername]:[port];IntegratedSecurity=true;sendStringParametersAsUnicode=falsetrue;selectMethod=cursor;databaseName=[databasename]</property> <property name="hibernate.connection.username"></property> <property name="hibernate.connection.password"></property>
- Users can create an individual Hibernate configuration file and make the installer use this file. The
Use with Windows
The SQL Server® JDBC Driver distribution usually ships with a library for authentication purposes with a name such as sql_jdbc.dll or mssql-jdbc_auth-9.2.1.x64.dll or similar. This library should be added to a location that is specified with the Windows PATH environment variable for the JOC Cockpit Windows Service. Alternatively, it can simply be stored in the C:\Windows\System32 directory or to the bin directory of
...
the Java JDK/JRE in use.
Use with Linux
Rumor says that Integrated Security with Linux operating systems should be possible by using the Kerberos integration layer.
However, SOS has no information about a securely working environment that would allow a Linux operating system account to connect to SQL Server® without a password.
Troubleshooting
If you modified an existing Hibernate configuration file If you want to use a connection to an SQL Server® with a Windows domain account then it might happen that during installation you receive an error message like this during installation:
| Code Block |
|---|
SQLException: Login failed for user 'DOMAIN\USER' |
The given userid that is used by this connection presents itself as a SQL\USER account, instead of a DOMAIN\USER account.
A check of the SQL Server® logs will might indicate that the given User ID that tried to establish the connection presented itself as an SQL\USER account, instead of a DOMAIN\USER account.
Apply the following modification to Consider using the IntegratedSecurity=true setting with your Hibernate configuration file:
modify
JETTY_BASE/resources/joc/hibernate.cfg.xml:Code Block title Add IntegratedSecurity=true property <property name"hibernate.connection.url">jdbc:sqlserver://[servername]:[port];IntegratedSecurity=true;sendStringParametersAsUnicode=falsetrue;selectMethod=cursor;databaseName=[databasename]</property>
...
Overview
Content Tools