11 March,2021 by Tom Collins
Microsoft adutil is the a CLI based utility designed to support Active Directory authentication on Linux \ SQL Server & Linux \ SQL Server Containers.
This page is an FAQ on various questions
Some common terminology used in implementing adutil
> NTLM (New Technology LAN Manager) – Propietery Microsoft authentication protocol.The NTLM protocol is an old authentication protocol with various vulnerabilities, which pose a security risk. It's based on a relatively weak cryptographic scheme and is vulnerable to various attacks. It's replaced with Kerberos, which is a lot more secure and recommended. NTLM authentication should only be used in a secure trusted environment, or when Kerberos can't be used.
> Kerberos – Ticket based authentication system. Principal of a trusted 3rd party. The other two partied being the user and the service that is the target for authentication. Read more on List the differences between Kerberos and NTLM
> SSSD - SQL Server uses SSSD and NSS for mapping user accounts and groups to security identifiers (SID's).
> SPN - A service principal name (SPN) is the name by which a client uniquely identifies an instance of a service.
> Keytab file- spns are maintained used to resolve when a Kerberos connection is made. There is also the principal user with hashed password used for internal SQL Server processes
When a connection is required to the AD publishes the ticket and the reconciled to keytab file. Password management
Read more on Kerberos,
How to debug Kerberos and LDAP for SQL Server
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |