Sql-server – If the login credentials are in the ODBC connection, which security connection setting to use

As one colleague pointed out, there's no SQL Server 2003 version. I suppose you're speaking about MSSQL 2000. Which was somehow related in time with VS 2003 :-).

As you're working with instances on the same server, do you have the service "SQL Server Browser" started and running?

Why you need it:

"The SQL Server Browser program runs as a Windows service. SQL Server Browser listens for incoming requests for Microsoft SQL Server resources and provides information about SQL Server instances installed on the computer. SQL Server Browser contributes to the following actions:

Browsing a list of available servers
Connecting to the correct server instance
Connecting to dedicated administrator connection (DAC) endpoints

"

Whilst liasing with Microsoft on a different issue (paid support request) i happened to ask them about this & they confirmed the unhashed password is passed to the remote server but the mechanism in which the SQL Engine does this is "hidden and cannot be captured" - but suffice to say, the login is not done using the hash.

Here is there full response:

How does the SQL Server provide the correct password (when dealing with non-windows credentials) to the other server when all the server has is a Hash?

Answer: If connected to the local server using SQL Server Authentication, login name and password will be used to connect to the remote server. In this case a login with the exact same name and password must exist on the remote server.

Be made using the login's current security context:

Specify that a connection will be made using the current security context of the login for logins not defined in the list. If connected to the local server using Windows Authentication, your windows credentials will be used to connect to the remote server. If connected to the local server using SQL Server Authentication, login name and password will be used to connect to the remote server. In this case a login with the exact same name and password must exist on the remote server.

How does the SQL Server provide the correct password (when dealing with non-windows credentials) to the other server when all the server has is a Hash?

Answer: Login name and password is passed to the remote server, this mechanism/task is handled by the SQL Engine which is hidden and cannot be captured.

If SQL only has a hash available - can it logon to the remote server using the hash? Or is the original (un-hashed) password kept in the user’s session / memory for the entire duration of their connection which SQL can then retrieve and pass to the remote server for login? If the server can login with a hash instead of the password – can this be done in normal logins or is it purely an internal feature of linked servers?

Answer: HASH cannot be used to login to the SQL server, SQL Engine is responsible for handling login process and we don’t have much documentation around this.