1.  Il-Sung Lee Senior Program Manager Microsoft Corporation BB37

11. SQL AUTHENTICATIONWINDOWS AUTHENTICATION Userid/PasswordEncrypted Token (Kerberos) Challenge-Response (NTLM) Password obfuscated on wirePassword not transmitted on wire Subject to replay attack if channel not encrypted Not subject to replay attack (Kerberos) No mutual authenticationMutual authentication with Kerberos Logins managed in SQL ServerLogins managed by Windows DBAs create login accountsWindows/domain admins create login accounts Password policy enforced by Windows (Windows 2003+) Password policy enforced by Windows Security context may or may not be common between servers Security context is common between servers

16. ALTER LOGIN Bob ENABLE Alice (non privileged login)

17. Alice (non privileged login) SP_ENABLE_LOGIN ALTER LOGIN Bob ENABLE Cert_login ALTER ANY LOGIN

26. Please fill out your evaluation for this session at: This session will be available as a recording at: www.microsoftpdc.com

28. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.