对 SQL Server 2008 使用 Kerberos 身份验证
我正在尝试将 SQL Server 配置为使用 Kerberos 身份验证。
我的设置是这样的 - 我的设置是这样的 - 我在 Windows XP Pro SP3 主机上有 2 台虚拟 PC。两个 VPC 均为 Windows Server 2003 R2。一个 VPC 充当 DC、DNS 服务器、DHCP 服务器,安装了 Active Directory,并且 SQL Server 默认实例也在该 VPC 上运行。第二个 VPC 是域成员,它充当 SQL Server 客户端计算机。
我在 SQL Server 服务帐户上配置了 SPN 以使 Kerberos 正常工作。
在客户端 VPC 上,它似乎正在使用 Kerberos 身份验证(根据需要) -
C:\Documents and Settings\administrator.SHAREPOINTSVC>sqlcmd -S vm-winsrvr2003
1> select auth_scheme from sys.dm_exec_connections where session_id=@@spid
2> go
auth_scheme
----------------------------------------
KERBEROS
(1 rows affected)
1>
但在服务器计算机(SQL Server 实例实际运行的位置)上,它看起来仍然使用 NTLM 身份验证 - 。这不是远程实例,sql 服务器位于该计算机的本地。
C:\Documents and Settings\Administrator>sqlcmd
1> select auth_scheme from sys.dm_exec_connections where session_id=@@spid
2> go
auth_scheme
----------------------------------------
NTLM
(1 rows affected)
1>
我该怎么做才能让它在服务器计算机上也使用 Kerberos ? (或者这是我不应该期待的事情)
I am trying to configure my SQL Server to use Kerberos authentication.
My setup is like this -
My setup is like this- I have 2 virtual PCs in a Windows XP Pro SP3 host. Both VPCs are Windows Server 2003 R2. One VPC acts as the DC, DNS Server, DHCP server, has Active Directory installed and the SQL Server default instance is also running on this VPC. The second VPC is the domain member and it acts as the SQL Server client machine.
I configured the SPN on the SQL Server service account to get the Kerberos working.
On the client VPC it seems like it is using Kerberos authentication (as desired)-
C:\Documents and Settings\administrator.SHAREPOINTSVC>sqlcmd -S vm-winsrvr2003
1> select auth_scheme from sys.dm_exec_connections where session_id=@@spid
2> go
auth_scheme
----------------------------------------
KERBEROS
(1 rows affected)
1>
but on the server computer (where the SQL Server instance is actually running) it looks like it is still using NTLM authentication- . This is not a remote instance, the sql server is local to this machine.
C:\Documents and Settings\Administrator>sqlcmd
1> select auth_scheme from sys.dm_exec_connections where session_id=@@spid
2> go
auth_scheme
----------------------------------------
NTLM
(1 rows affected)
1>
What can i do so that it uses Kerberos on the server computer as well ? (or is this something that I should not expect)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不认为 Kerberos 是在本地使用的,而是在同一台机器上的服务上使用 NTLM。
在同一领域(域)上的任何其他计算机上都将使用 Kerberos,但服务的同一计算机上除外。
我认为如果你做一个与 SQL 连接的程序并在你使用的连接字符串上
集成安全=SSPI
您也许可以使用 kerberos(也许)进行连接,但是我重复一遍,我认为本地没有使用 Kerberos。
I don't think Kerberos is used locally, on a service on the same machine NTLM is used.
On any other machine on the same Realm (Domain) Kerberos will be used, except on the same machine of the service.
I think that if you do a program that connects with SQL and on the connection string you use
Integrated Security=SSPI
you might be able to onnect using kerberos (maybe), however I repeat that I don't think Kerberos is used locally.