Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
CanadaDBA
583 Posts |
 Posted - 2005-11-24 : 11:03:15
|
| I was advised to change Authentications from SQL Mix Mode into Windows Auth. because of security. My servers and clients are behind firewall. 1. Do I still need to do it? 2. Is Windows Auth. slower than SQL Mix Mode?Thanks,Canada DBA |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2005-11-28 : 13:47:25
|
| Windows authentication is the preferred method due to security not performance. Our current architecture requires us to use SQL authentication due to the domains on each side of the firewall not involved in a trust relationship.Tara Kizeraka tduggan |
 |
|
|
jen
Master Smack Fu Yak Hacker
4110 Posts |
Posted - 2005-12-01 : 01:38:32
|
| i haven't tried it yet, but derrick mentioned in one of the posts that AD authentication if configured is windows authentication...ask your netadmins if they can set it up...and can you post your efforts?thanks a bunch--------------------keeping it simple... |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2005-12-01 : 01:47:10
|
| Well Windows Authentication can be from Active Directory but it doesn't have to. It just means that SQL Server is going to use the credentials of the user logged into Windows. It could be from an NT 4.0 domain, 2000 or 2003 Active Directory, or a local user. The best model is to use Windows Authentication and for the credentials to be from Active Directory.Tara Kizeraka tduggan |
|
|
|
SQLServerDBA_Dan
Aged Yak Warrior
752 Posts |
Posted - 2005-12-01 : 08:49:38
|
| NT Auth not only allows for better security but you have to look at it from the administration perspective as well. When a user is "let go" or quits what's the first thing that happens? The domain admin removes them from the domain. If you setup SQL Server to use NT Groups and not NT Users then the administration nightmere is over. Once the domain admin removes steve baker from the domain he gets removed from the accounting nt group. If the accounting nt group is setup and has permissions to login to sql server then everyone in the accounting group that still has domain access can still access sql server but steve baker cannot. So essentially you only have to setup permissions once and will not have to touch them every time an employee quits. NT Auth is really the only way to go in my opinion. That is unless you are forced to run mixed mode logins due to some business application.Tara, Hehehe... I guess you got married and now have a new screen name?Daniel, MCP, A+SQL Server DBAwww.dallasteam.com |
|
|
|
|
|
|
Mix Mode or SQL Authentication?