locked
SQL Server 2005 CAC/PKI Authentication RRS feed

  • Question

  • Has anyone been told or heard if Microsoft has released any information regarding CAC authentication into the databases vs. windows authentication/system admin login using windows server?

    The government is pushing out a requirement for users who access databases to be required to CAC authenticate into the databases.  I haven't hear the deadline, but the standard has been put out.  Our office is working on waivers, just in case, before the power curve. 

    Thanks,

    J Ann
    Monday, July 28, 2008 3:52 PM

Answers

  •  

    Hi Ann,

     

    Windows server supports smart card logon. If you use smart card logon and configure SQL server to use Windows authentication, it should provide high security. As for SQL server itself, I have not heard any information that SQL provides a separate CAC or PKI authentication way besides the existing Windows and SQL authentication. As this question is mainly related to SQL, I suggest that you pos to the following SQL Security forum so that this issue can be answered efficiently.

     

    SQL Server Security

    http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=92&SiteID=17


    Laura Zhang - MSFT
    Wednesday, July 30, 2008 2:59 AM

All replies

  •  

    Hi Ann,

     

    Windows server supports smart card logon. If you use smart card logon and configure SQL server to use Windows authentication, it should provide high security. As for SQL server itself, I have not heard any information that SQL provides a separate CAC or PKI authentication way besides the existing Windows and SQL authentication. As this question is mainly related to SQL, I suggest that you pos to the following SQL Security forum so that this issue can be answered efficiently.

     

    SQL Server Security

    http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=92&SiteID=17


    Laura Zhang - MSFT
    Wednesday, July 30, 2008 2:59 AM
  • Hi Ann,

    I am just writing to confirm whether you are looking for CAC/PKI authentication directly to  SQL. Does the following approach work for you, logging into Windows based on CAC/PKI, mapping it to a Windows account, and then authenticating to SQL server using standard Windows SSPI?

    I have communicated with our SQL product team. They would like to know the potential business impact/opportunity on this function so that we can decide whether this feature should be included in next generation of SQL? Could you provide more details on the government regulation?

    Thanks.
    Laura Zhang - MSFT
    Friday, August 1, 2008 3:21 AM