Mapping all remote logins to one local name

The following example creates an entry that maps all remote login names to the local name “albert”. All names are mapped to “albert”, except those with specific mappings, as described in the previous section. For example, if you mapped “pogo” to “bob”, and then the rest of the logins to “albert”, “pogo” still maps to “bob”.

sp_addlogin albert 
sp_addremotelogin GATEWAY, albert

If you use sp_addremotelogin to map all users from a remote server to the same local name, use sp_remoteoption to specify the “trusted” option for those users. For example, if all users from server GATEWAY that are mapped to “albert” are to be trusted, specify:

sp_remoteoption GATEWAY, albert, NULL, trusted, true

If you do not specify logins as trusted, they cannot execute RPCs on the local server unless they specify passwords for the local server when they log in to the remote server. Users can run ct_remote_pwd to specify a password for server-to-server connections when they use Open Client Client-Library. isql and bcp do not permit users to specify a password for RPC connections. See “Password checking for remote users” for more information about sp_remoteoption.

WARNING! Do not map more than one remote login to a single local login, as it reduces individual accountability on the server. Audited actions can be traced only to the local server login, not to the individual logins on the remote server.

If you are using network-based security

If users are logged in to the remote server using unified login, the logins must be designated as trusted on the local server, or they must specify passwords for the server when they log in to the remote server.

WARNING! Using the trusted mode of sp_remoteoption reduces the security of your server, as passwords from such “trusted” users are not verified.