BusinessObjects Enterprise Administrator's Guide
Configuring the databases for single sign-on
This section provides information that is specific to setting up single sign-on to SQL Server databases.
See the Platforms.txt file included with your product distribution for a complete list of tested database software and version requirements. For general information and for information about single sign-on to other supported databases, refer to the database vendors support documentation.
Configuring SQL Server for single sign-on
In order for Kerberos single sign-on to work, the machines running SQL Server database must be trusted for delegation. How to set up security delegation varies, depending on whether SQL Server has been configured to run under the LocalSystem account or under a service account:
- If SQL Server is running under the LocalSystem account, no additional configuration is required. SQL Server registers itself when it starts and the system registers the SPN. When SQL Server shuts down, the system automatically un-registers the SPNs for the LocalSystem account.
- If SQL Server is running under a service account, you have to configure to be trusted for delegation.
To run SQL Server under a service account
- In Active Directory, set up the SQL Server service account for security delegation:
- Select Start > Programs > Administrative Tools > Active Directory Users and Computers.
- Right-click the domain account and select Properties.
- On the Accounts tab, make sure the following options are selected:
- Set the machine running SQL Server as follows:
- Computer is trusted for delegation
- Click Apply, and then click OK.
- Add an SPN for the service account of the SQL Server:
setspn -A MSSQLSvc/host:port serviceaccount
Where host:port is the name of the machine running SQL Server and the port that, and serviceaccount is the name of the SQL Server service account.