solidDB Help : Configuring and administering : Security : Authentication : Operating-system-based external authentication : Configuring external authentication on servers : Configuring external authentication on Windows systems
  
Configuring external authentication on Windows systems
The following procedure describes a typical way of configuring your Windows system to use external authentication with the solidDB server. The procedure assumes that your system includes the necessary Security Support Provider Interface (SSPI) services.
On Windows systems, the operating-system-based authentication typically uses a two-part user ID that is composed of a domain and user name, for example: chicago_prod\solid_admin. In this example, chicago_prod is a domain and solid_admin is the user name.
To configure external authentication on Windows systems, complete the following steps:
1 Install and configure the OpenSSL libcrypto library on the server computer, see Installing and configuring the OpenSSL toolkit.
2 In the server-side solid.ini file, set the following values:
[General]
UseCryptoLib=yes
CryptoLoginRequired=yes
For more information, see General section.
3 Either define a default Windows domain name or plan to include the Windows domain name as part of the user ID (see Configuring externally-authenticated accounts):
Defining a default Windows domain name
Defining the default domain has the following benefits:
You need to provide only the user name of the externally-authenticated users when you create the login credentials, and externally-authenticated users can log on without specifying the domain name.
The solidDB server uses the value of the General.DefaultDomainName parameter to resolve the two-part user ID at connection time.
solidDB stores only the user name of the externally-authenticated user in the SYS_USERS table. For example, schema names in your database then default to the one-part user name stored in the SYS_USERS table.
You can change between the external and default (internal) authentication methods. The domain name for the user accounts that were created to use internal authentication can be specified with the General.DefaultDomainName parameter without the need to modify the user name.
For example, if the domain name of the server where your solidDB server runs is chicago_prod, you could specify the following setting in the solid.ini file:

[General]
DefaultDomainName=chicago_prod

and then create the user solid1 with the CREATE USER statement as follows:

CREATE USER solid1 IDENTIFIED EXTERNALLY
Defining Windows domain name as part of the user ID
If you do not specify the domain name with the General.DefaultDomainName parameter, you must provide the Windows domain name as part of the user ID of each externally-authenticated user.

To define the domain name as part of the user ID, use one of the following formats:

domain_name
\username
username
@domain_name
Note When using the CREATE USER user_name EXTERNALLY statement, the user_name string with \ or @ character must be given in double quotation marks.
For example, if the domain name of the server where your solidDB server is running is chicago_prod and the user name is solid1, create the user by using one of the following statements:

CREATE USER "chicago_prod\solid1" IDENTIFIED EXTERNALLY
CREATE USER "solid1@chicago_prod" IDENTIFIED EXTERNALLY
Go up to
Configuring external authentication on servers