Microsoft adutil - FAQ

11 March,2021 by Tom Collins

Microsoft adutil is the a CLI based utility designed to support Active Directory authentication on Linux \ SQL Server & Linux \ SQL Server Containers. 

This page is an FAQ on various questions

Some common terminology used in implementing adutil 

> NTLM (New Technology LAN Manager) – Propietery Microsoft authentication protocol.The NTLM protocol is an old authentication protocol with various vulnerabilities, which pose a security risk. It's based on a relatively weak cryptographic scheme and is vulnerable to various attacks. It's replaced with Kerberos, which is a lot more secure and recommended. NTLM authentication should only be used in a secure trusted environment, or when Kerberos can't be used.
> Kerberos – Ticket based authentication system. Principal of a trusted 3rd party. The other two partied being the user and the service that is the target for authentication. Read more on List the differences between Kerberos and NTLM
> SSSD - SQL Server uses SSSD and NSS for mapping user accounts and groups to security identifiers (SID's).
> SPN - A service principal name (SPN) is the name by which a client uniquely identifies an instance of a service.
> Keytab file- spns are maintained used to resolve when a Kerberos connection is made. There is also the principal user with hashed password used for internal SQL Server processes
When a connection is required to the AD publishes the ticket and the reconciled to keytab file. Password management

 

Read more on Kerberos,

How to debug Kerberos and LDAP for SQL Server


Author: Tom Collins (http://www.sqlserver-dba.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on Microsoft adutil - FAQ


sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer