Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How do you configure CLM on Linux to use Windows Authentication to SQL Server?

Questions
Tags
Users
Badges
Daryl Walters
(2138) retagged
Jan 30 '18, 4:44 p.m.

 Running CLM 6.0.4 (RTC/DNG) on Red Hat Linux 7 and we have a requirement to use Windows Authentication to the SQL Server (running on a separate Windows server).  The database connection works with SQL Server set to use Windows and SQL authentication, but not when set to use Windows authentication only.


We are using Active Directory and the user account in question can authenticate to both Windows and to RTC.  From doing some research it seems like this should be possible, but I'm not sure of all the configuration steps needed.  From what I've read it sounds like this should be possible if the database connection string includes flags for integratedSecurity=true and authenticationScheme=JavaKerberos.  

Using these flags it sounds like it should be doable.  Kerberos is already configured on the Linux server, but maybe there are additional configuration settings that need to be made.  

Thanks in advance!

1 vote

1 answer
2,956 views
1 vote

One answer

Permanent link
Donald Nong
(14.5k614) Jan 19 '18, 1:45 a.m.

Mixed mode is required. See the 6th bullet point in the document.
https://www.ibm.com/support/knowledgecenter/SS2L6K_6.0.4/com.ibm.jazz.install.doc/topics/t_s_server_installation_setup_sql.html

I don't think Kerberos is at play here. It usually involves an interactive user, but the user in question here is defined in a JDBC connection string.

0 votes

Comments
Daryl Walters
Jan 23 '18, 11:45 a.m.

 Donald, from Microsoft's documentation it sounds like this should be doable.  For example, reference https://blogs.msdn.microsoft.com/psssql/2015/01/09/jdbc-this-driver-is-not-configured-for-integrated-authentication/ .   


For secure environments the STIGs on SQL Server require Windows Authentication, mixed mode should not be allowed.  I would think that someone would have used a Linux CLM server with SQL Server in a security enhanced environment before.

Has anyone successfully done this or attempted it?
 

Donald Nong
Jan 23 '18, 6:53 p.m.

While it is possible, I believe it requires code-level support, that is the code should create a login module in a way described in this document.
https://docs.microsoft.com/en-us/sql/connect/jdbc/using-kerberos-integrated-authentication-to-connect-to-sql-server

I'm not sure whether CLM has this built-in.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,495
× 1,381

Question asked: Jan 17 '18, 10:05 a.m.

Question was seen: 2,956 times

Last updated: Jan 30 '18, 4:44 p.m.

Confirmation Cancel Confirm