aj (ro****@mcdonal ds.com) writes:
I'm a newbie w/ SQL Server 2005.
We will be connecting to SQL Server 2005 via JDBC. We have made this
work by using an SQL Server account, rather than an Active Directory
(AD) account, even though SQL Server IS in mixed authentication mode.
Does mixed mode mean you can connect either way, but only using MS SQL
Server interfaces (like Mgmt Studio), and not something like JDBC?
I don't know JDBC, but I would be very surprised if JDBC would not
support SQL authentication
Can we connect using JDBC w/ an AD login? If so, what form does the
login take? Is the login not in 'DOMAIN/LOGIN' form?
No, it's not. When you use Windows authentication you don't specify
any login at all. All you do is to specify something like
"Trusted_connec tion=yes" or "Integrated Security=SSPI" in the connect
string. (Again, since I don't know JDBC, I cannot say how you do
there.) You will then log into to SQL Server with the Windows user
you are already logged in with in Windows. That is, you cannot
log in as DOMAIN\Knutte in Windows, and the log in as DOMAIN\Evapeva
in SQL Server.
What is the best practice for this sort of thing? We would prefer to
use AD logins (that a sysadmin creates) rather than having a separate
(and probably equal) set of SQL Server logins.
Windows authentication is considered best practice, although there
are some improvements with SQL logins in SQL 2005.
Windows authentication is also better from a user perspective, as
SQL logins means users will need to know one more username and
password.
The situation when you need SQL login is when Windows authentication
will not work, for instance if there are users accessing SQL Server
from a non-trusted domain.
--
Erland Sommarskog, SQL Server MVP,
es****@sommarsk og.se
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx