The operating system (OS) authentication feature lets DataDirect products integrate seamlessly into a Kerberos-based authentication mechanism. This allows your or your customers to include database access in a Single Sign-On (SSO) environment that:
- Bolsters system security
- Eliminates the need for users to log in separately for each application
- Reduces the costs associated with managing user accounts
See the benefits of an application environment that leverages Single Single-On:
Multiple Sign-On | Single Sign-On | Security Benefits |
User IDs and passwords are sent across the network. | Authentication is enabled via shared secrets / encryption; a password is never sent across the network. | Eliminates security vulnerabilities such as packet sniffing and router logging used to capture passwords. |
Multiple User IDs and System IDs required. | Single User ID and elimination of System IDs. | Reduces usability issues while strengthening security by not requiring users to write down and keep user ID/password information. |
Duplicates user information in multiple account databases. | Single, centrally managed store of user account credentials. | Lowers management costs and provides better security by allowing for rapid and comprehensive changes to and/or removal of a user’s credentials. |
Database activity logged with generic System ID. | Database activity identified by User ID (delegated credentials). | Better audit accuracy assists compliance efforts. |
For an organization to successfully implement SSO across the enterprise, all components must be able to participate. DataDirect provides the most consistent Kerberos-enabled data access middleware implementation on the market. DataDirect products also offer many features that are unique or not readily available in the middleware market.
Special Feature | Description | Security Benefit |
Delegation of Credentials | DataDirect provides the ability to delegate the user credential through the programs involved in the application stack. | Allows application to authenticate the real user vs. an administrative ID that is less secure and obfuscates DB activity. |
Reauthentication | DataDirect Connect provides the ability to re-associate a pooled connection with a different authenticated user. | Applications that use connection pooling can more efficiently re-use connections while minimizing the number of connections required in the pool. |
Type 5 JDBC architecture | DataDirect provides the only JDBC drivers on the market that support Windows authentication while remaining pure 100% Java JDBC drivers, a feature so unique, it goes beyond being Type 4, making them Type 5. | Offers a choice of implementing a pure Java authentication that is not dependent on extraneous Windows components that need to be installed and maintained. |