| title | Security limitations for SQL Server on Linux | |
|---|---|---|
| description | Learn about SQL Server on Linux restrictions, including how using keys stored in Azure Key Vault and extensible Key Management aren't supported. | |
| author | rwestMSFT | |
| ms.author | randolphwest | |
| ms.date | 10/24/2023 | |
| ms.service | sql | |
| ms.subservice | linux | |
| ms.topic | conceptual | |
| ms.custom |
|
[!INCLUDE SQL Server - Linux]
[!INCLUDE ssnoversion-md] on Linux currently has the following limitations:
- A standard password policy is provided.
MUST_CHANGEis the only option you might configure. TheCHECK_POLICYoption isn't supported. - Extensible Key Management isn't supported.
- [!INCLUDE ssnoversion-md] authentication mode can't be disabled.
- Password expiration is hard-coded to 90 days if you use [!INCLUDE ssnoversion-md] authentication.
- Using keys stored in the Azure Key Vault isn't supported.
- [!INCLUDE ssnoversion-md] generates its own self-signed certificate for encrypting connections. [!INCLUDE ssnoversion-md] can be configured to use a user provided certificate for TLS.
Note
If you don't plan to connect your [!INCLUDE ssnoversion-md] containers to Windows Active Directory, the password expiration is hard-coded to 90 days, if you use [!INCLUDE ssnoversion-md] authentication only. To work around this issue, consider changing the CHECK_EXPIRATION policy.
For more information about security features available in [!INCLUDE ssnoversion-md], see the Security for SQL Server Database Engine and Azure SQL Database.
[!INCLUDE connect-with-sa]
- Walkthrough for the security features of SQL Server on Linux
- Configure SQL Server on Linux with the mssql-conf tool
- [Editions and supported features of [!INCLUDEsssql22] on Linux](sql-server-linux-editions-and-components-2022.md)