-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Windows Authentication for direct connection to SQL Server instance #32986
Comments
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
Is there a |
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
How do we prevent this from being closed? This is to improve the security so we don't have plain text passwords in config files that could be plundered by threat actors... |
Component(s)
receiver/sqlserver
Is your feature request related to a problem? Please describe.
The new direct connection configuration options (#30297) require a hardcoded plaintext username/password combination in the config to achieve its connection with SQL Server. This is a security risk, and would require tighter controls around access to that file than is typical.
Describe the solution you'd like
Extend support for the direct connection configuration to be able to use Windows Authentication (such as NTLM, or WinSSPI - even krb5), so that the service account that runs the open telemetry collector can be granted access to the database. This would allow for the database server to grant access to the service account, to keep the open telemetry configuration clean of usernames/passwords.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: