Using NTLM Authentication

NTLM authentication is a single sign-on OS authentication method. This method provides authentication from Windows clients only and requires minimal configuration.

DataDirect XQuery supports NTLM authentication for the following databases:

Verify that your environment meets the requirements listed in Table 7-3 before you configure the driver for NTLM authentication.

Table 7-3. NTLM Authentication Requirements
Component
Requirements
Database server
The database server must be administered by the same domain controller that administers the client and must be running one of the following databases:
Oracle:
  • Oracle 11g
  • Oracle 10g (R1 and R2)
  • Oracle 9i (R1 and R2)
Microsoft SQL Server:
  • Microsoft SQL Server 2008
  • Microsoft SQL Server 2005
  • Microsoft SQL Server 2000 Service Pack 3 or higher
  • Microsoft SQL Server 2000 Enterprise Edition (64-bit) Service Pack 2 or higher
Domain controller
The domain controller must administer both the database server and the client. Network authentication must be provided by NTLM on one of the following operating systems:
  • Windows Server 2003
  • Windows 2000 Server Service Pack 3 or higher
Client
The client must be administered by the same domain controller that administers the database server and must be running on one of the following operating systems:
  • Windows Vista
  • Windows Server 2003
  • Windows XP Service Pack 1 or higher
  • Windows 2000 Service Pack 4 or higher
  • Windows NT 4.0

Configuring NTLM Authentication

DataDirect XQuery provides three NTLM authentication DLLs:

where xx is a two-digit number.

The DLLs are located in the install_dir/lib directory (where install_dir is your DataDirect XQuery installation directory). If the application using NTLM authentication is running in a 32-bit JVM, DataDirect XQuery automatically uses DDJDBCAuthxx.dll. Similarly, if the application is running in a 64-bit JVM, DDJDBC64Authxx.dll or DDJDBCx64Authxx.dll is used.

To configure DataDirect XQuery:

  1. Set the AuthenticationMethod connection property to auto (the default) or ntlm. See the Oracle and Microsoft SQL Server connection properties tables in Database Connection Properties for more information about setting a value for this property.
  2. By default, DataDirect XQuery looks for the NTLM authentication DLLs in a directory on the Windows system path defined by the PATH environment variable. If you install DataDirect XQuery in a directory that is not on the Windows system path, perform one of the following actions to ensure the DDLs can be loaded:
    • Add the install_dir/lib directory to the Windows system path, where install_dir is the DataDirect XQuery installation directory.
    • Copy the NTLM authentication DLLs from install_dir/lib to a directory that is on the Windows system path, where install_dir is the DataDirect XQuery installation directory.
    • Set the LoadLibraryPath connection property to specify the location of the NTLM authentication DLLs. For example, if you install DataDirect XQuery in a directory named "DataDirect" that is not on the Windows system path, you can use the LoadLibraryPath connection property to specify the directory containing the NTLM authentication DLLs. For example, for SQL Server:

      • jdbc:xquery:sqlserver://server3:1521;
      databaseName=test;LoadLibraryPath=C:\DataDirect\lib;
      User=test;Password=secret

      See the database connection properties tables in Specifying Connection URIs for more information about setting a value for this property.

  3. If using NTLM authentication with a Security Manager on a Java 2 Platform, security permissions must be granted to allow DataDirect XQuery to establish connections. See Permissions for Establishing Connections for an example.

Permissions for Establishing Connections

Using DataDirect XQuery on a Java 2 Platform with the standard Security Manager enabled requires certain permissions to be set in the security policy file of the Java 2 Platform. This security policy file can be found in the jre/lib/security subdirectory of the Java 2 Platform installation directory.

NOTE: Web browser applets running in the Java 2 plug-in are always running in a JVM with the standard Security Manager enabled.

To run an application on a Java 2 Platform with the standard Security Manager, use the following command: 

java -Djava.security.manager application_class_name

where application_class_name is the class name of the application.

Refer to your Java 2 Platform documentation for more information about setting permissions in the security policy file.

To establish a connection to the database server, DataDirect XQuery must be granted the permissions as shown in the following example: 

grant codeBase "file:/install_dir/lib/-" { 
   permission java.net.SocketPermission "*", "connect"; 
};

where install_dir is the DataDirect XQuery installation directory.

In addition, if Microsoft SQL Server named instances are used, permission must be granted for the listen and accept actions as shown in the following example: 

grant codeBase "file:/install_dir/lib/-" { 
   permission java.net.SocketPermission "*", "listen, connect, accept"; 
};

where install_dir is the DataDirect XQuery installation directory.