This information is hard to come by in my experience. All of my searches turned up wrong (outdated) information since Microsoft changed the rules and added the authenticationSchemeparameter. In the interest of helping the next person, here is an example of a connection string that works:

根据我的经验，这些信息很难获得。由于 Microsoft 更改了规则并添加了authenticationScheme参数，我所有的搜索都出现了错误（过时）的信息。为了帮助下一个人，以下是一个有效的连接字符串示例：

jdbc:jtds:sqlserver://123.123.123;instance=server1;databaseName=students;integratedSecurity=true;authenticationScheme=JavaKerberos

Also in driver properties set "Domain". Do not include the domain in any user name setting.

同样在驱动程序属性设置中"Domain"。不要在任何用户名设置中包含域。

This was tested using Squirrel SQL (Java) with jtds on Mac OSX. Hopefully the previous sentence has the search terms someone might use who needs to know this information.

这是在 Mac OSX 上使用带有 jtds 的 Squirrel SQL (Java) 测试的。希望前面的句子有一些需要知道这些信息的人可能会使用的搜索词。

Using Kerberos Integrated Authentication to Connect to SQL Server

使用 Kerberos 集成身份验证连接到 SQL Server

Beginning in Microsoft JDBC Driver 4.0 for SQL Server, an application can use the authenticationSchemeconnection property to indicate that it wants to connect to a database using type 4 Kerberos integrated authentication.

从 Microsoft JDBC Driver 4.0 for SQL Server 开始，应用程序可以使用authenticationScheme连接属性来指示它想要使用类型 4 Kerberos 集成身份验证连接到数据库。

The jTDSJDBC driver for SQL Server supports Windows authentication simply using the domainproperty as described in the FAQ.

SQL Server的jTDSJDBC 驱动程序支持 Windows 身份验证，只需使用FAQ 中所述的域属性即可。

domain

Specifies the Windows domain to authenticate in. If present and the user name and password are provided, jTDS uses Windows (NTLM) authentication instead of the usual SQL Server authentication (i.e. the user and password provided are the domain user and password). This allows non-Windows clients to log in to servers which are only configured to accept Windows authentication.

If the domain parameter is present but no user name and password are provided, jTDS uses its native Single-Sign-On library and logs in with the logged Windows user's credentials (for this to work one would obviously need to be on Windows, logged into a domain, and also have the SSO library installed -- consult README.SSO in the distribution on how to do this).

领域

指定要在其中进行身份验证的 Windows 域。如果存在并且提供了用户名和密码，jTDS 将使用 Windows (NTLM) 身份验证而不是通常的 SQL Server 身份验证（即提供的用户和密码是域用户和密码）。这允许非 Windows 客户端登录到仅配置为接受 Windows 身份验证的服务器。

如果存在域参数但未提供用户名和密码，jTDS 将使用其本机单点登录库并使用登录的 Windows 用户凭据登录（为此，显然需要在 Windows 上登录域，并且还安装了 SSO 库——请参阅发行版中的 README.SSO 以了解如何执行此操作）。

I use jTDS on a mac (10.9).

我在 mac (10.9) 上使用 jTDS。

Using this driver you need to specify the username and password like always, the only difference is that you need to specify domain=WHATEVERTHENTDOMAIN in the connection string (or connection properties if you rather).

使用此驱动程序，您需要像往常一样指定用户名和密码，唯一的区别是您需要在连接字符串中指定 domain=WHATEVERTHENTDOMAIN（或连接属性，如果您愿意）。

So a sample connection string is:

所以一个示例连接字符串是：

jdbc:jtds:sqlserver://db_server:1433/DB_NAME;domain=NT_DOMAIN_NAME

The jTDS driver then uses NTLM to login to the specified domain with the username and password.

jTDS 驱动程序然后使用 NTLM 使用用户名和密码登录到指定的域。

This is an old post but may be relevant for some people. See this other SO postthat describes how to connect to a SQL Server with Windows Authentication from a Linux machine through JDBC. This will work on mac as well.

这是一个旧帖子，但可能与某些人相关。请参阅此其他SO 帖子，其中描述了如何通过 JDBC 从 Linux 机器连接到具有 Windows 身份验证的 SQL Server。这也适用于 mac。

jTDS is inferior to Microsoft's JDBC driver (in particular, it cannot figure out the types of parameters in a prepared statement)

jTDS不如微软的JDBC驱动（尤其是在prepared statement中无法判断参数的类型）

Yes, you can authenticate to MS SQL Server using Active Directory authentication, as Active Directory is just Kerberos + LDAP, which are open source and implemented on Mac

是的，您可以使用 Active Directory 身份验证对 MS SQL Server 进行身份验证，因为 Active Directory 只是 Kerberos + LDAP，它们是开源的并在 Mac 上实现

Kerberos config /etc/krb5.conf:

Kerberos 配置/etc/krb5.conf：

[libdefaults]
default_realm = YOUR_REALM.NET

[realms]
YOUR_REALM.NET = {
    kdc = host.your-domain.net
}

I needed to use the fully qualified domain name of the KDC, not just the domain name

我需要使用 KDC 的完全限定域名，而不仅仅是域名

JDBC Connection String:

JDBC 连接字符串：

jdbc:sqlserver://$host;database=$db;integratedSecurity=true;authenticationScheme=JavaKerberos

If $hostdoes not have an SPN of MSSQLSrv/$host, add serverSp=$SPNto the JDBC connection string

如果$host没有 的 SPN MSSQLSrv/$host，则添加serverSp=$SPN到 JDBC 连接字符串

It is not correct to say that one driver can determine the data types and another driver can't. Anydriver has to look at the implied type based on the arguments passed. Both jTDS and Microsoft's driver do this. This is a limitation of the protocol - the database cannot tell the driver which type is correct, because in many queries it can't know what you intend.

说一个驱动程序可以确定数据类型而另一个驱动程序不能确定是不正确的。 任何驱动程序都必须根据传递的参数查看隐含类型。jTDS 和微软的驱动程序都这样做。这是协议的限制 - 数据库无法告诉驱动程序哪种类型是正确的，因为在许多查询中它无法知道您的意图。

In each version, jTDS and Microsoft's driver each have different issues and different advantages. The "best" choice depends on exactly which version of each you look at, and exactly what your needs are. I've had to switch back and forth as different versions come out - Microsoft breaking in a certain way, then later adding something I wanted.

在每个版本中，jTDS 和微软的驱动都有不同的问题和不同的优势。“最佳”选择取决于您查看的每个版本的确切版本以及您的需求。随着不同版本的出现，我不得不来回切换 - 微软以某种方式突破，然后添加了我想要的东西。