SQL Server Central is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
Search:  
 
Home Articles Editorials Forums Scripts Blogs QotD Books SQL Jobs Training Authors About us Contact us Newsletters Advertise Write for us


 

K. Brian Kelley - Databases, Infrastructure, and Security

Add to Technorati Favorites Add to Google
Author Bio
Brian is a SQL Server author and columnist focusing primarily on SQL Server security. He is a contributing author for How to Cheat at Securing SQL Server 2005 (Syngress) and Professional SQL Server 2008 Administration (Wrox). Brian currently serves as a systems and security architect for AgFirst Farm Credit Bank where he works on Active Directory, Windows security, VMware, Citrix, and of course, SQL Server. In the technical community, Brian is part of the Midlands PASS Chapter, an official chapter of PASS, where he currently serves as president and director of communications. Brian is also a junior high youth minister at Spears Creek Baptist Church in Elgin, SC.
Author's SSC Profile
View this Author's Articles
 

Check Authentication Scheme (Kerberos) on SQL Server 2005

By K. Brian Kelley in K. Brian Kelley - Databases, Infrastructure, and Security | 08-07-2008 1:02 PM | Categories: Filed under: , , ,
Rating: (not yet rated) |  Discuss | 2,114 Reads | 654 Reads in Last 30 Days |no comments

I had to redo SPNs today because we swapped out service accounts on some of our non-production SQL Servers. I wanted to verify that connections in bound were being made with Kerberos. If you've ever dealt with this, if the SPNs are wrong you usually get an SSPI error, but just to be safe, I wanted positive confirmation that the connection was Kerberos. Here's the quick and dirty query to show the connections and the mode by which they are connecting:

SELECT
       s.session_id
    ,  c.connect_time
    ,  s.login_time
    ,  c.protocol_type
    ,  c.auth_scheme
    ,  s.host_name
    ,  s.program_name
FROM sys.dm_exec_sessions s
  JOIN sys.dm_exec_connections c
    ON s.session_id = c.session_id

If you have a lot of connections you'll probably want to filter by host_name or by the login, but I didn't have a need to for what I was doing.

Comments
There are no comments on this post
Leave a Comment
Only members of SQLServerCentral may leave comments. Register now for your free account or Sign-In if you are already a member.
 
 
Copyright © 2002-2008 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use