It's all about the answers!

Ask a question

How do you configure CLM on Linux to use Windows Authentication to SQL Server?


Daryl Walters (2118) | asked Jan 17 '18, 10:05 a.m.
retagged Jan 30 '18, 4:44 p.m. by Ken Tessier (84117)

 Running CLM 6.0.4 (RTC/DNG) on Red Hat Linux 7 and we have a requirement to use Windows Authentication to the SQL Server (running on a separate Windows server).  The database connection works with SQL Server set to use Windows and SQL authentication, but not when set to use Windows authentication only.


We are using Active Directory and the user account in question can authenticate to both Windows and to RTC.  From doing some research it seems like this should be possible, but I'm not sure of all the configuration steps needed.  From what I've read it sounds like this should be possible if the database connection string includes flags for integratedSecurity=true and authenticationScheme=JavaKerberos.  

Using these flags it sounds like it should be doable.  Kerberos is already configured on the Linux server, but maybe there are additional configuration settings that need to be made.  

Thanks in advance!

One answer



permanent link
Donald Nong (14.5k414) | answered Jan 19 '18, 1:45 a.m.

Mixed mode is required. See the 6th bullet point in the document.
https://www.ibm.com/support/knowledgecenter/SS2L6K_6.0.4/com.ibm.jazz.install.doc/topics/t_s_server_installation_setup_sql.html

I don't think Kerberos is at play here. It usually involves an interactive user, but the user in question here is defined in a JDBC connection string.


Comments
Daryl Walters commented Jan 23 '18, 11:45 a.m.

 Donald, from Microsoft's documentation it sounds like this should be doable.  For example, reference https://blogs.msdn.microsoft.com/psssql/2015/01/09/jdbc-this-driver-is-not-configured-for-integrated-authentication/ .   


For secure environments the STIGs on SQL Server require Windows Authentication, mixed mode should not be allowed.  I would think that someone would have used a Linux CLM server with SQL Server in a security enhanced environment before.

Has anyone successfully done this or attempted it?
 


Donald Nong commented Jan 23 '18, 6:53 p.m.

While it is possible, I believe it requires code-level support, that is the code should create a login module in a way described in this document.
https://docs.microsoft.com/en-us/sql/connect/jdbc/using-kerberos-integrated-authentication-to-connect-to-sql-server

I'm not sure whether CLM has this built-in.

Your answer


Register or to post your answer.