Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Windows Authentication for direct connection to SQL Server instance #32986

Open
TigerC10 opened this issue May 10, 2024 · 5 comments
Labels
enhancement New feature or request never stale Issues marked with this label will be never staled and automatically removed os:windows receiver/sqlserver

Comments

@TigerC10
Copy link

Component(s)

receiver/sqlserver

Is your feature request related to a problem? Please describe.

The new direct connection configuration options (#30297) require a hardcoded plaintext username/password combination in the config to achieve its connection with SQL Server. This is a security risk, and would require tighter controls around access to that file than is typical.

Describe the solution you'd like

Extend support for the direct connection configuration to be able to use Windows Authentication (such as NTLM, or WinSSPI - even krb5), so that the service account that runs the open telemetry collector can be granted access to the database. This would allow for the database server to grant access to the service account, to keep the open telemetry configuration clean of usernames/passwords.

Describe alternatives you've considered

No response

Additional context

No response

@TigerC10 TigerC10 added enhancement New feature or request needs triage New item requiring triage labels May 10, 2024
Copy link
Contributor

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

Copy link
Contributor

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@TigerC10
Copy link
Author

Is there a Security label we can add to this issue?

Copy link
Contributor

github-actions bot commented Dec 2, 2024

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@github-actions github-actions bot added the Stale label Dec 2, 2024
@TigerC10
Copy link
Author

TigerC10 commented Dec 6, 2024

How do we prevent this from being closed? This is to improve the security so we don't have plain text passwords in config files that could be plundered by threat actors...

@github-actions github-actions bot removed the Stale label Dec 6, 2024
@pjanotti pjanotti added the never stale Issues marked with this label will be never staled and automatically removed label Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request never stale Issues marked with this label will be never staled and automatically removed os:windows receiver/sqlserver
Projects
None yet
Development

No branches or pull requests

3 participants