My initial proposal https://github.com/h2database/h2database/pull/1154
I wrote the code, it's mine, and I'm contributing it to H2 for distribution multiple-licensed under the MPL 2.0, and the EPL 1.0 ( http://h2database.com/html/license.html). Il giorno martedì 15 maggio 2018 14:48:36 UTC+2, Noel Grandin ha scritto: > > Quick survey of current approaches reveals that unsurprisingly, this area > is full of Enterprise Development Goodness > (i.e. it's a complete mess). > > SQL Server uses the "authentication" and "authenticationScheme" connection > properties. > > > https://docs.microsoft.com/en-us/sql/connect/jdbc/setting-the-connection-properties?view=sql-server-2017 > > > Or SQL Server can use extra fields on the URL like > > > jdbc:jtds:sqlserver://<MSSQL_HOST:1433;databaseName=<DB_NAME>;domain=<DOMAIN>;integratedSecurity=true;authenticationScheme=JavaKerberos > > > > > https://docs.microsoft.com/en-us/sql/connect/jdbc/using-kerberos-integrated-authentication-to-connect-to-sql-server?view=sql-server-2017 > > > PostgreSQL uses the "jaasLogin" connection property: > > https://jdbc.postgresql.org/documentation/head/connect.html > > MySQL uses a "com.mysql.jdbc.authentication.MysqlClearPasswordPlugin" > property: > > https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-using-pam.html > > On 2018/05/14 10:20 PM, AleVen wrote: > > > > In my mind external authentication should be plugged in as an additional > option without creating incompatibilities > > (especially in the protocol) > > > Defintely. > > > It could be obtained by using connectionInfo properties; a new client > side property AUTHREALM={xxx} trigger: > > * on client to store the password in a temporary property (like > _PASSWORD) > > * on server side it act as a flag for externally authenticated users > > That sounds reasonable. The server should however, be explicitly > configured to turn on external auth via one of our > usual SET property things. > > > > > Another point is how to model it: > > - it would be great to define external users as temporary database users > > - rights of external users to object database managed trough roles > > - mapping between external users and database roles performed during > authentication > > > > Whatever you do here I'd prefer it be hidden behind some interface that > other people can implement. You are welcome to > supply a default example implementation that does exactly what you want. > > If need be we can tweak some other parts of H2 to make it easier (e.g. > adding a TEMPORARY property to CREATE USER) > > The reason being that everybody is going to want something a little > different. > > Otherwise, sounds good! > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
