Secure Single Sign-On (SSO) with Kerberos



The operating system (OS) authentication feature lets DataDirect products integrate seamlessly into a Kerberos-based authentication mechanism. This allows your or your customers to include database access in a Single Sign-On (SSO) environment that:

  • Bolsters system security
  • Eliminates the need for users to log in separately for each application
  • Reduces the costs associated with managing user accounts

See the benefits of an application environment that leverages Single Single-On:
Multiple Sign-On Single Sign-On Security Benefits
User IDs and passwords are sent across the network. Authentication is enabled via shared secrets / encryption; a password is never sent across the network. Eliminates security vulnerabilities such as packet sniffing and router logging used to capture passwords.
Multiple User IDs and System IDs required. Single User ID and elimination of System IDs. Reduces usability issues while strengthening security by not requiring users to write down and keep user ID/password information.
Duplicates user information in multiple account databases. Single, centrally managed store of user account credentials. Lowers management costs and provides better security by allowing for rapid and comprehensive changes to and/or removal of a user’s credentials.
Database activity logged with generic System ID. Database activity identified by User ID (delegated credentials). Better audit accuracy assists compliance efforts.

For an organization to successfully implement SSO across the enterprise, all components must be able to participate. DataDirect provides the most consistent Kerberos-enabled data access middleware implementation on the market. DataDirect products also offer many features that are unique or not readily available in the middleware market.

 

Special Feature Description Security Benefit
Delegation of Credentials DataDirect provides the ability to delegate the user credential through the programs involved in the application stack. Allows application to authenticate the real user vs. an administrative ID that is less secure and obfuscates DB activity.
Reauthentication DataDirect Connect provides the ability to re-associate a pooled connection with a different authenticated user. Applications that use connection pooling can more efficiently re-use connections while minimizing the number of connections required in the pool.
Type 5 JDBC architecture DataDirect provides the only JDBC drivers on the market that support Windows authentication while remaining pure 100% Java JDBC drivers, a feature so unique, it goes beyond being Type 4, making them Type 5. Offers a choice of implementing a pure Java authentication that is not dependent on extraneous Windows components that need to be installed and maintained.