On 11/1/06, Daniel Berger <djberg96 / gmail.com> wrote:
> Hi Justin,
>
> As I mentioned off-list, I'm curious if this can be used with DBI or
> Rails for Sql Server to avoid storing passwords in a config file.

When I put this together, I learned that the NTLM authentication
depends on an exchange of tokens, between the client and server. The
library implements this exchange. It first allows you to get an
initial token (SSPI::NegotiateAuth#get_initial_token), which is sent
to the server via some transport mechanism. A response is received,
which is passed back into the API
(SSPI::NegotiateAuth#complete_authentication). If the authentication
has succeeded, that calls returns a value indicating so. The SSPI API
indicates that more exchanges may occur but I never ran into that
situation in my development, so my library doesn't support it. It
could easily be added, though, since that back-and-forth is just
continued until something fails or succeeds.

Presumably, if SQL server follows the same model, a driver could be
coded which takes advantage of the Win32 API to do the authentication.
That also assumes someone wants to write a pure-Ruby SQL server
driver. I suspect most people are happy with the ODBC provided one,
which already supports this mechanism through its connection string
(i.e. "Integrated Security=SSPI")

Justin