Operating system authentication
Operating system (OS) authentication is a method for identifying an individual user with credentials supplied by the operating system of the user's computer. These credentials can be the OS password or can include digital certificates in the user's computer.
Possible benefits of using OS authentication include the following:
- You do not have to keep track of multiple user names and passwords; if the login to your computer is successful, you do not have to enter another user name and password to connect to the database.
- The database administrator (DBA) does not have to keep track of password changes, since that is changed on each user's computer.
Possible drawbacks of using OS authentication include these:
- Using operating system authentication with certain database products (those that do not use digital certificates in addition to user name and password) could be an increased security risk; if the password for an OS account becomes known, access is granted without the extra level of security of a different database account.
- Additional configuration in the database may be needed to support OS authentication.
Operating system authentication and the DBMS
The amount of setup necessary to use OS authentication depends on the database management system (DBMS) in which you use OS authentication.
No additional setup is needed in the DBMS to use OS authentication to connect from an ArcGIS client to either a DB2 or Informix database. The DBA adds an OS user, then adds the user to the DBMS.
If you choose to use OS authentication with an Oracle database, there are specific settings you need to make to the user account and Oracle configuration files within the Oracle DBMS to use OS authentication. Consult your Oracle documentation for the specific steps necessary for your database release. There is also specific syntax you must use to make the spatial database connection from ArcCatalog. See Making a direct connection from ArcGIS Desktop to a geodatabase in Oracle for details.
To use OS authentication with PostgreSQL, you must create a database user and schema with the same name as the login with which the user will connect. You also need to change the authentication type that the database uses. Read the PostgreSQL documentation for information on configuring authentication in the database.
SQL Server uses a digital certificate along with the user name and password to authenticate a user. For this reason, using operating system authentication can be more secure than using database accounts. See Using a Windows authenticated sde login in SQL Server for more information.
Note:Be aware that you will be able to make a database connection using OS authentication from ArcGIS to an Oracle, Informix, DB2, or PostgreSQL database only if you are using a direct connection; ArcSDE service connections are not supported.