Operating system authentication
Operating system (OS) authentication is a method for identifying an individual user with credentials supplied by the operating system of the user's computer. These credentials can be the OS password or can include digital certificates in the user's computer.
Possible benefits of using OS authentication include the following:
- You do not have to keep track of multiple user names and passwords; if the login to your computer is successful, you do not have to enter another user name and password to connect to the database.
- The database administrator (DBA) does not have to manage password changes, since that is changed on each user's computer or at the domain level.
Possible drawbacks of using OS authentication include these:
- Using operating system authentication with certain database products (those that do not use digital certificates in addition to user name and password) could be an increased security risk.
- If the password for an OS account becomes known, access is granted without the extra level of security of a different database account.
- Additional configuration in the database may be needed to support OS authentication.
Tip:When the operating system is Windows, operating system authentication is also referred to as Windows authentication.
Operating system authentication and the DBMS
The amount of setup necessary to use OS authentication depends on the database management system (DBMS) in which you use OS authentication.
No additional setup is needed in the DBMS to use OS authentication to connect from an ArcGIS client to either a DB2 or Informix database if the default server authentication method is used. The DBA adds an OS login, then grants that login access to specific databases. When the user connects, the login is authenticated on the database server. If the DBMS is set to use client authentication instead, a local login must be created on each client machine.
If you choose to use OS authentication with an Oracle database, you need to make specific settings to the user account and Oracle configuration files within the Oracle DBMS to use OS authentication. Consult your Oracle documentation for the specific steps necessary for your database release.
It is not recommended to use OS authentication with geodatabases in PostgreSQL, because you would have to change to an unsecured authentication type in the database.
SQL Server uses a digital certificate along with the user name and password to authenticate a user. For this reason, using operating system authentication can be more secure than using database accounts.
Note:Be aware that you cannot use an ArcSDE service to connect to a geodatabase in Oracle, Informix, DB2, or PostgreSQL from ArcGIS.