issuhub.com

Microsoft® SQL Server® 2012 Bible

(Ben Green) #1

838


Part VI: Securing Your SQL Server


SQL authentication is available only for backward compatibility and should be used only

if legacy applications require it or when deploying SQL Server in non-Windows domain

environments.

Kerberos and Windows Authentication Delegation


In an enterprise network with multiple servers and IIS, logins can become a problem

because a user may be logged in to one server that is accessing another server. This prob-

lem arises because each server must have a trust relationship with the others. For internal

company servers, this may not be a problem, but when one of those servers sits in an inter-

nal network exposed to untrusted networks such as the case of a perimeter network or DMZ

(de-militarized network zone) on the Internet for example, you may not want to establish

that trust because it presents a security hole.

Security delegation is a Windows feature that uses Kerberos to pass security information

among trusted servers.

For example, a user can access IIS, which can access a SQL Server, and the SQL Server sees

the user as the username even though the connection came from IIS.

A few conditions must be met for Kerberos to work:

■ All servers must run Windows 2000 or later and run Active Directory in the same

domain or within the same trust tree.

■ Do not select the Account Is Sensitive and Cannot Be Delegated option for the user

account.

■ Select the Account Is Trusted for Delegation option for the SQL Server service

account.

■ Select the Computer Is Trusted for Delegation option for the server running SQL

Server.

■ SQL Server must have a Service Principal Name (SPN), created by setspn.exe, avail-

able in the Windows 2000 Resource Kit.

Security delegation is somewhat diffi cult to set up and may require the assistance of your

network-domain administrator. However, the capability to recognize users going through

IIS is a powerful security feature. Executing SETSPN to add or delete an SPN does require

domain admin rights.

SPN is a powerful security feature, but it does weaken security because the user is imper-

sonated. Therefore, the general warning of its use should be restricted to those cases in

which it’s absolutely necessary.

c32.indd 838c32.indd 838 7/31/2012 10:01:03 AM7/31/2012 10:01:03 AM


http://www.it-ebooks.info
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.