December 12, 2008 at 12:44 pm
I need some advise on setting up linked servers. I just want my servers (SQL 2005 Enterprise Editions and some standard)to be more secured, which is the best.
1. Mixed mode authentication and having sql login between the servers to Link. (Easy)
2. Windows Authentication mode and making it Kerberos by adding spn's to Active Directory. ( Kind of tough for me to configure successfully)
Thanks
December 12, 2008 at 2:23 pm
In mixed mode with a SQL login credentials will be transmitted to the linked server in clear text. You will also have to deal with password management, i.e. changing passwords on multiple servers if someone who knew the login information isn't around anymore.
Using Kerberos avoids the password change issue, allows you to use AD groups to control access to servers, and you won't have to worry about unencrypted passwords being sent over the wire. But, as you said it can be tricky to configure.
Check out this post on my blog re: configuring delegation:
http://kendalvandyke.blogspot.com/2008/11/delegation-what-it-is-and-how-to-set-it.html
December 12, 2008 at 3:42 pm
If you go with 2, make sure you know what you're getting into. There's a lot going on under the hood with Kerberos delegation. Best to know it very well before you attempt to support it in production.
Read up on SPEGNO and know what Breaks it.
Good luck!
~BOT
Craig Outcalt
December 12, 2008 at 6:28 pm
As it happens, Brian Kelley posted an article on (2) just yesterday: http://www.sqlservercentral.com/articles/Security/65169/
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply