search

tediousjs / tedious

Node TDS module for connecting to SQL Server databases.
http://tediousjs.github.io/tedious/
MIT License
1.57k stars 436 forks source link

Kerberos support #1526

Open ErikJansenIRefact opened 1 year ago

ErikJansenIRefact commented 1 year ago

Question Are there plans supporting Kerberos authentication? We currently connect to SQLServer through NTLM and issue a BULK INSERT statement on the database. The BULK INSERT statements needs read access on a network share. This causes a double hop problem and SQLServer now tries to access the file server with an anonymous logon. Kerberos seems to fix this by delegation. A connection made with NTLM isn't sufficient.

Relevant Issues and Pull Requests

MichaelSun90 commented 1 year ago

Hi @ErikJansenIRefact , unfortunately, we do not have a plan for supporting Kerberos within tedious. We have discussed that we may rework on the whole authentication support with in tedious. One idea is, make different authentication types pluggable, and Kerberos can be one of those pluggable types. If we have a concert plan for this refactor, we will let you know.

ErikJansenIRefact commented 1 year ago

Hi,

Thanks for the feedback. I can see an issue is still open addressing pluggable authentication providers but it was never merged. Is it worthwhile taking a look at this issue?

https://github.com/tediousjs/tedious/pull/624

Note: Microsoft is claiming to drop support for NTLM in future releases.

johnmccash commented 1 month ago

Now that MS has formally deprecated NTLM, is there some renewed level of interest in incorporating Kerberos support into Tedious?

MichaelSun90 commented 1 month ago

Thanks @johnmccash for the reminder on this. Will bring this up with the team.