Operating system authentication
Operating system authentication
|
Release 9.3 |
|
Note:This topic was updated for 9.3.1.
Operating system (OS) authentication is a method for identifying an individual user with credentials supplied by the operating system of the user's computer. These credentials can be the OS password or can include digital certificates in the user's computer.
Possible benefits of using OS authentication
- You do not have to keep track of multiple user names and passwords; if the login to your computer is successful, you do not have to enter another user name and password to connect to the database.
- The database administrator (DBA) does not have to keep track of password changes, since that is changed on each user's computer.
Possible drawbacks of using OS authentication
- Using operating system authentication with certain database products (those that don't use digital certificates in addition to user name and password) could be an increased security risk; if the password for an OS account becomes known, access is granted without the extra level of security of a different database account.
- Additional configuration in the database may be needed to support OS authentication.
Operating system authentication and the DBMS
The amount of setup necessary to use OS authentication depends on the database management system (DBMS) in which you use OS authentication.
No additional set up is needed in the DBMS to use OS authentication to connect from an ArcGIS client to either a DB2 or Informix database.
If you choose to use OS authentication with an Oracle database, there are specific settings you need to make to the user account and Oracle configuration files within the Oracle DBMS. Consult your Oracle documentation for the specific steps necessary for your database release. There is also specific syntax you must use to make the spatial database connection from ArcCatalog. See the "Adding a direct connection to a geodatabase in Oracle" section of Creating spatial database connections in the "Data management with ArcCatalog" section of the help for details.
To use OS authentication with PostgreSQL, you must create a database user and schema with the same name as the login with which the user will connect. You also need to use either Trust or Kerberos authentication. Both require some configuration on the server and/or client machines.
NOTE: PostgreSQL documentation does not recommend using Trust authentication on machines that will be accessed by more than one user.
SQL Server uses a digital certificate along with the user name and password to authenticate a user. For this reason, using operating system authentication can be more secure than using database accounts. See Using Windows-authenticated users or groups in SQL Server for more information.
Be aware that you will only be able to make a database connection using OS authentication from ArcGIS to an Oracle, Informix, DB2, or PostgreSQL database if you are using a direct connection; ArcSDE service connections are not supported.