Adaptive Server increases security by integrating the default Adaptive Server login process with NT security features. The resulting integrated security modes add the following conveniences for users:
Authorized users do not have to maintain separate login passwords for Adaptive Server and Windows NT.
System Administrators can take advantage of NT security features such as encrypted passwords, password aging, domain-wide user accounts, and NT-based user and group administration.
Combined login security operates only over network protocols that support authenticated connections between clients and servers. Such connections are referred to as trusted connections.
Trusted connections are limited to client applications that access Adaptive Server by using the Named Pipes protocol.
Other network
protocols, such as TCP/IP sockets and IPX/SPX,
do not support authenticated connections, so clients on these protocols
are handled according to the standard Adaptive Server login mechanism.
A System Administrator must use sp_grantlogin to assign permissions to NT users and groups. Using sp_grantlogin, the System Administrator has the following additional options:
Assigning one or more Adaptive Server roles to NT users and groups
Designating that the user or group should receive the default database object permissions assigned by the grant command
If the System Administrator does not use sp_grantlogin to assign user or group permissions, users cannot log in through trusted connections. For more information, see “Permitting trusted connections”.
Adaptive Server does
not permit trusted connections for NT users named “sa.” The
user name “sa” is reserved for the default Adaptive Server System Administrator
account.
Adaptive Server provides the following modes for configuring login security:
Standard
Integrated
Mixed
