Kerberos - difference between JAAS connection to server and SQL Server Trusted Connection

My understanding is that both JAAS and SQL Server can be configured to use kerberos in a domain environment, with an active directory server.

My understanding that JAAS gets the user credentials from the user or from a file at the time of the connec开发者_Go百科tion - asks the directory server for a ticket, and presents that to the server.

Where does the SQL Server Driver get its kerberos ticket from? (as it seems to be able to obtain creditentials from the users existing login). Does it get the user login ticket - or does it extract the credentials from the user's logged in session?

SQL Server Driver gets Kerberos tickets from TGT (ticket granting ticket). This TGT is a ticket that is part of user's logon session and can be used to get short lived tickets to authenticate to other services (E.g. SQL Server).

You can use "Kerbtrey" utility from Windows Server Resource kit to examine such tickets.

JAAS also uses the same tickets but it needs to be told to obtain tickets + configuration (E.g. name of Kerberos server) from file and that path is somewhat dependent on OS version.

SQL Server drivers uses Wind32 API to get tokens.