HostWeb Forums » Microsoft Databases » microsoft.public.sqlserver.securitytools » Need some workaround( security question)
Topic: Need some workaround( security question)
We have SQL 2005.
Say our SQL servers are in Domain 'ABC' and our clients are in Domain 'XYZ'
where the domains dont trust one another.
Theres more details but in short,I want to add Windows accounts i.e.
(XYZ\User1,XYZ\User2,etc.) without being authenticated against the domain
controller 'ABC'. When I try to add these Windows logins, it fails since it
wants to authenticate against XYZ but theres no trust.
So how can I bypass the authentication and get those entries added to my SQL
Account? Any way to hack the system tables? If not, thats fine. If theres
anyway to get these entries in the equivalent logins/users tables in the
databases is what I want to accomplish.
Thanks
Replies below ↓
Replies
Need some workaround( security question)
We have SQL 2005.
Say our SQL servers are in Domain 'ABC' and our clients are in Domain 'XYZ'
where the domains dont trust one another.
Theres more details but in short,I want to add Windows accounts i.e.
(XYZ\User1,XYZ\User2,etc.) without being authenticated against the domain
controller 'ABC'. When I try to add these Windows logins, it fails since it
wants to authenticate against XYZ but theres no trust.
So how can I bypass the authentication and get those entries added to my SQL
Account? Any way to hack the system tables? If not, thats fine. If theres
anyway to get these entries in the equivalent logins/users tables in the
databases is what I want to accomplish.
Thanks
Re: Need some workaround( security question)
If I understand what you are asking for, you want to allow connections
to users who say they are in the XYZ domain without any authentication
at all.
As someone who has to rely on SQL Server security I hope there is no
way to do this.
The obvious alternative for users in a non-trusted domain is to use
SQL Server logins, which are domain independent. That requires
individual logins be created, and they have to connect excplicitly by
name with a password
Roy Harvey
Beacon Falls, CT
On Thu, 28 Jun 2007 21:35:33 -0700, "Hassan" <hassan@hotmail.com>
wrote:
>We have SQL 2005.
>
>Say our SQL servers are in Domain 'ABC' and our clients are in Domain 'XYZ'
>where the domains dont trust one another.
>
>Theres more details but in short,I want to add Windows accounts i.e.
>(XYZ\User1,XYZ\User2,etc.) without being authenticated against the domain
>controller 'ABC'. When I try to add these Windows logins, it fails since it
>wants to authenticate against XYZ but theres no trust.
>
>So how can I bypass the authentication and get those entries added to my SQL
>Account? Any way to hack the system tables? If not, thats fine. If theres
>anyway to get these entries in the equivalent logins/users tables in the
>databases is what I want to accomplish.
>
>Thanks
Re: Need some workaround( security question)
If I understand what you are asking for, you want to allow connections
to users who say they are in the XYZ domain without any authentication
at all.
As someone who has to rely on SQL Server security I hope there is no
way to do this.
The obvious alternative for users in a non-trusted domain is to use
SQL Server logins, which are domain independent. That requires
individual logins be created, and they have to connect excplicitly by
name with a password
Roy Harvey
Beacon Falls, CT
On Thu, 28 Jun 2007 21:35:33 -0700, "Hassan" <hassan@hotmail.com>
wrote:
>We have SQL 2005.
>
>Say our SQL servers are in Domain 'ABC' and our clients are in Domain 'XYZ'
>where the domains dont trust one another.
>
>Theres more details but in short,I want to add Windows accounts i.e.
>(XYZ\User1,XYZ\User2,etc.) without being authenticated against the domain
>controller 'ABC'. When I try to add these Windows logins, it fails since it
>wants to authenticate against XYZ but theres no trust.
>
>So how can I bypass the authentication and get those entries added to my SQL
>Account? Any way to hack the system tables? If not, thats fine. If theres
>anyway to get these entries in the equivalent logins/users tables in the
>databases is what I want to accomplish.
>
>Thanks