Mixed Security

Mixed security allows SQL Server login requests to be validated using either integrated or standard security methods. Both trusted connections (as used by integrated security) and nontrusted connections (as used by standard security) are supported.

When a server's login security mode is set to mixed and a user attempts to log in to the server over a trusted (multi-protocol or named pipes) connection, SQL Server examines the login name.

• If this login name matches the user's network username, or if the login name is blank or spaces, SQL Server uses the Windows NT integrated login rules (as for integrated security).
• If the requested login name is any other value, the user must supply the correct SQL Server password, and SQL Server uses its own login validation process (as for standard security).

If the login attempt is not over a trusted connection, the user must supply the correct login ID and password to establish the connection, and SQL Server uses its own login validation process (as for standard security).

For instructions on setting up mixed security (beginning with an overview of each task required to do so), see Chapter 9, Managing Security.