Wednesday, March 28, 2012

How To Know What Kind Of Authentication You Are Using?

Two major windows authentication are NTLN and Kerberos Authentication. Microsoft recommends that you use Kerberos authentication instead of NTLM authentication.

What is NTLM Authentication:
NTLM is used with permanent TCP connections between trusted computers. NTLM authentication can be set up with symmetric-key encryption to enhance data security. NTLM authentication is run by NTLM Security Support Providers on Microsoft servers. This type of authentication is used on web servers, network servers, and computer networks. Windows NTLM authentication is typically used within secured networks. 

What is Kerberos Authentication:
Kerberos can be used for proxy server and network server authentication. Kerberos uses secret key authentication, using a shared secret key generated by an agreed upon system. Kerberos uses a Key Distribution Center, which is also called a KDC. The KDC distributes a shared key used for encryption and decryption. The Kerberos runs two services. One distributes the pre-authentication (requests for a secret key) and authentication (verification of the secret key) request. The other service is a ticket granting service. After the authentication by the server, the computer granted a “ticket,” allowing the computer and its user access to applications and websites for that session.
To use Kerberos authentication, you must make sure that all the following conditions are true: 
1.    Both the server and the client computers must be members of the same Windows domain or members of trusted domains.
2.    The server's service principal name (SPN) must be registered in the Active Directory service.
3.    The instance of SQL Server 2005 / 2008 / 2012 must enable the TCP/IP protocol.
4.    The client must connect to the instance of SQL Server 2005 by using the TCP/IP protocol.

SQL Server 2005 supports Kerberos authentication indirectly through the Windows Security Support Provider Interface (SSPI) when you are using Windows integrated authentication instead of SQL authentication. However, SQL Server will only use Kerberos authentication under certain circumstances when SQL Server can use SSPI to negotiate the authentication protocol to use. If SQL Server cannot use Kerberos authentication, Windows will use NTLM authentication.

How to make sure that what kind of authentication you are using through SQL Query?

You can use below script for finding what kind of authentication it was used.

use master
select auth_scheme from sys.dm_exec_connections

Here is output for above query.

Integrated Windows Authentication. How To Use Windows Authentication. how many types of Windows authentication . what is Windows authentication and Forms authentication. Authenticating Users with Windows Authentication. How To Enable Windows Authentication on Windows. Understand Windows authentication to improve security. windows authentication iis. windows authentication mode. iis7 windows authentication. Windows Authentication Providers . Configure Integrated Windows Authentication. Authentication Modes. How to implement Windows authentication and authorization


Post a Comment