Active Directory authentication for SQL Server on Linux
This article provides an overview of Active Directory (AD) authentication for SQL Server on Linux. AD authentication is also known as Integrated authentication in SQL Server.
AD authentication overview
AD authentication enables domain-joined clients on either Windows or Linux to authenticate to SQL Server using their domain credentials and the Kerberos protocol.
AD Authentication has the following advantages over SQL Server Authentication:
- Users authenticate via single sign-on, without being prompted for a password.
- By creating logins for AD groups, you can manage access and permissions in SQL Server using AD group memberships.
- Each user has a single identity across your organization, so you don’t have to keep track of which SQL Server logins correspond to which people.
- AD enables you to enforce a centralized password policy across your organization.
In order to use Active Directory authentication, you must have an AD Domain Controller (Windows) on your network.
The details for how to configure AD authentication are provided in the tutorial, Tutorial: Use Active Directory authentication with SQL Server on Linux. The following list provides a summary with a link to each section in the tutorial:
- Join a SQL Server host to an Active Directory domain.
- Create an AD user for SQL Server and set the ServicePrincipalName.
- Configure the SQL Server service keytab.
- Create AD-based SQL Server logins in Transact-SQL.
- Connect to SQL Server using AD authentication.
- At this time, the only authentication method supported for database mirroring endpoint is CERTIFICATE. WINDOWS authentication method will be enabled in a future release.
- Third-party AD tools like Centrify, Powerbroker, and Vintela are not supported.
For more information on how to implement Active Directory authentication for SQL Server on Linux, see Tutorial: Use Active Directory authentication with SQL Server on Linux.