For SQL Server installations, you can select the
Windows Authentication check box to use a Windows
user account of your choice to connect to SQL Server (instead of a SQL Server
user account). You must ensure that this account can log in to SQL Server and
that is has "dbo" permissions over all the tables in the database. This means
that you must set SQL Server to allow
Windows Authentication or both
Windows Authentication and
SQL Authentication. For details, refer to your SQL
Server DBMS documentation.
CAUTION:
If you use
Windows Domain (NTCR) to authenticate users,
Windows authentication requires that your domain users have "dbo" privilege to
the database. However, this presents a security risk to your system. Therefore,
it is recommended that you clear the
Windows Authentication check box in
SBM Configurator
and use
SQL Authentication with
Windows Domain (NTCR) instead.
If you select
Windows Authentication in
SBM Configurator,
you do not need to enter database credentials in the
User Name and
Password columns. Instead, the
SBM
Application Pool Identity and the
Tomcat Log On Identity are used to connect to the
SBM
databases.
- Application Pool Identity – By default,
SBM
uses the DefaultAppPool in IIS. The
Identity specified in the DefaultAppPool is used
to connect to the
Application Engine
database for Windows authentication. Note the following important information:
- The default
Identity for the DefaultAppPool is
NetworkService. If you do not change the
default
Identity, then the
NetworkService account is used to connect to
the
Application Engine
database, and automatically granted the required
Application Engine
file system permissions once you click
Apply in
SBM Configurator.
- If you want to use a different Windows user account, change the
Identity from
NetworkService to the desired account, and
then click
Apply in
SBM Configurator.
This grants the specified user account the required file system permissions.
- If you change the default
Identity in the DefaultAppPool, you must set
the same identity in the gsoap application pool
(gsoap_pool).
- If you decide to create a new application pool for
SBM,
the
Identity in that application pool is used
for
Windows Authentication.
- If you install more than one instance of
SBM Application Engine, you must
ensure that the same Windows user account is specified in the application pool
Identity on each server.
- Tomcat Log On Identity – By default, the
SBM Tomcat
uses the Local System account. Similar to the DefaultAppPool identity, this
account is used for Windows authentication unless you change it. Note the
following important information:
After you click
Apply in
SBM Configurator, the
default DSN (SBM) that is used to connect to the
Application Engine
database is automatically updated to use Windows authentication. If you decide
to use a DSN other than the default, you must manually update that DSN to use
Windows Authentication.
Copyright © 2007–2016 Serena Software, Inc. All rights reserved.