| Subject | Authentication: Kerberos / Role management |
|---|---|
| Author | |
| Post date | 2018-01-31T09:09:09Z |
Hi all,
I have a few questions concerning authentication and firebird 3.0:
If I want to use windows trusted authentication I have to configure "AuthServer" and "AuthClient" with Win_Sspi? I am a bit confused to understand what is excatly the difference between Server and Client param and how they can be used with different plug ins.
When I use authentification "win_sspi", which ssp is used (maybe a dumb question but I am not very familiar with those security issues....)? Is this only a question of the configuration of the windows server/domain and Firebird supports all ssp available? Specifically is the kerberos ssp supported?
Role management: As far as I understand which rights a user has on the database is finally determined by the role granted to this user. This must be done with "GRANT ROLE xxx TO domain\user" SQL statement for each database involved. Is there any way with firebird to centralize the identity management with an IDM system so that Firebird determines the role based on a group in i.e. Activce Directory the user belongs to?
Thank you very much for any support.
Best wishes
Daniel
I have a few questions concerning authentication and firebird 3.0:
If I want to use windows trusted authentication I have to configure "AuthServer" and "AuthClient" with Win_Sspi? I am a bit confused to understand what is excatly the difference between Server and Client param and how they can be used with different plug ins.
When I use authentification "win_sspi", which ssp is used (maybe a dumb question but I am not very familiar with those security issues....)? Is this only a question of the configuration of the windows server/domain and Firebird supports all ssp available? Specifically is the kerberos ssp supported?
Role management: As far as I understand which rights a user has on the database is finally determined by the role granted to this user. This must be done with "GRANT ROLE xxx TO domain\user" SQL statement for each database involved. Is there any way with firebird to centralize the identity management with an IDM system so that Firebird determines the role based on a group in i.e. Activce Directory the user belongs to?
Thank you very much for any support.
Best wishes
Daniel