Skip to main content

Target Authentication

FastTransfer supports multiple authentication methods for connecting to your target database. Choose the method that best fits your security requirements and infrastructure.

Authentication Methods

User and Password Authentication

The most common authentication method is using a username and password combination.

Syntax:

  • User: -U "username" or --targetuser "username"
  • Password: -X "password" or --targetpassword "password"

Example:

./FastTransfer \
...
 --targetserver "mytargetserver.example.com" \
 --targetuser "targetadmin" \
 --targetpassword "SecurePass123!" \
 --targetdatabase "TargetDB" \
...
Secure Password Handling

Consider using environment variables or secure vaults to store passwords instead of hardcoding them in scripts. You can reference environment variables in most shells:

  • Linux/macOS: --targetpassword "$TARGET_DB_PASSWORD"
  • Windows PowerShell: --targetpassword "$env:TARGET_DB_PASSWORD"

Trusted Authentication

For Windows environments with SQL Server or when using Kerberos authentication, you can use trusted (integrated) authentication. This uses the current user's Windows or Kerberos credentials.

Syntax:

  • Short form: -A
  • Long form: --targettrusted

Example with SQL Server:

./FastTransfer \
...
 --targetserver "sqlserver.example.com\PROD" \
 --targettrusted \
 --targetdatabase "TargetDB" \
...

Example with PostgreSQL and Kerberos:

./FastTransfer \
...
 --targetconnectiontype pgsql \
 --targetserver "pgserver.example.com" \
 --targettrusted \
 --targetdatabase "targetdb" \
...
Platform Support

Trusted authentication is primarily supported on Windows with SQL Server. For PostgreSQL, trusted authentication requires proper Kerberos (GSSAPI) configuration. MySQL and Oracle typically require explicit username/password authentication.

Authentication by Database Type

SQL Server Target

SQL Server supports both SQL authentication and Windows authentication:

Windows Authentication:

./FastTransfer \
 --targetconnectiontype mssql \
 --targetserver "sqlserver.example.com" \
 --targettrusted \
 --targetdatabase "ProductionDB" \
 --targetschema "dbo" \
 --targettable "orders"

SQL Authentication:

./FastTransfer \
 --targetconnectiontype mssql \
 --targetserver "sqlserver.example.com" \
 --targetuser "sqladmin" \
 --targetpassword "Password123!" \
 --targetdatabase "ProductionDB" \
 --targetschema "dbo" \
 --targettable "orders"

PostgreSQL Target

PostgreSQL typically uses username/password authentication, but can also use certificate-based or Kerberos authentication:

Standard Authentication:

./FastTransfer \
 --targetconnectiontype pgsql \
 --targetserver "pgserver.example.com" \
 --targetuser "postgres" \
 --targetpassword "pgpass" \
 --targetdatabase "production" \
 --targetschema "public" \
 --targettable "users"

MySQL Target

MySQL requires username and password authentication:

./FastTransfer \
 --targetconnectiontype mysql \
 --targetserver "mysqlserver.example.com:3306" \
 --targetuser "root" \
 --targetpassword "mysql_pass" \
 --targetdatabase "prod_db" \
 --targettable "products"

Oracle Target

Oracle authentication can use username/password or can reference a TNS entry:

Direct Authentication:

./FastTransfer \
 --targetconnectiontype oraodp \
 --targetserver "oracleserver.example.com:1521/ORCLPDB" \
 --targetuser "system" \
 --targetpassword "oracle_pass" \
 --targettable "SCOTT.EMPLOYEES"

Using TNS Entry:

./FastTransfer \
 --targetconnectiontype oraodp \
 --targetserver "PROD_TNS" \
 --targetuser "system" \
 --targetpassword "oracle_pass" \
 --targettable "SCOTT.EMPLOYEES"

ClickHouse Target

ClickHouse typically uses HTTP-based authentication:

./FastTransfer \
 --targetconnectiontype clickhouse \
 --targetserver "clickhouse.example.com:8123" \
 --targetuser "default" \
 --targetpassword "clickhouse_pass" \
 --targetdatabase "analytics" \
 --targettable "events"

SAP HANA Target

SAP HANA requires database user authentication:

./FastTransfer \
 --targetconnectiontype hanabulk \
 --targetserver "hanaserver.example.com:30015" \
 --targetuser "SYSTEM" \
 --targetpassword "hana_pass" \
 --targetschema "SAPABAP1" \
 --targettable "CUSTOMERS"

Connection String Authentication

You can also specify authentication details within a connection string, which overrides individual authentication parameters:

./FastTransfer \
...
 --targetconnectionstring "Server=mytarget;Database=targetdb;User ID=targetuser;Password=targetpass;Encrypt=True"
...

See Target Connection Parameters for more details on connection strings.

Security Best Practices

Security Recommendations
  1. Never hardcode passwords in production scripts or version control
  2. Use environment variables or secure credential management systems
  3. Enable encryption for connections when transferring sensitive data
  4. Use least privilege - grant target users only INSERT/UPDATE permissions needed
  5. Rotate credentials regularly according to your security policy
  6. Audit connections - monitor target database connections and transfers

Using Environment Variables

Linux/macOS:

export TARGET_DB_USER="targetadmin"
export TARGET_DB_PASSWORD="SecurePassword123!"

./FastTransfer \
 --targetserver "mytarget.example.com" \
 --targetuser "$TARGET_DB_USER" \
 --targetpassword "$TARGET_DB_PASSWORD" \
 --targetdatabase "production"

Windows PowerShell:

$env:TARGET_DB_USER = "targetadmin"
$env:TARGET_DB_PASSWORD = "SecurePassword123!"

.\FastTransfer.exe `
 --targetserver "mytarget.example.com" `
 --targetuser "$env:TARGET_DB_USER" `
 --targetpassword "$env:TARGET_DB_PASSWORD" `
 --targetdatabase "production"

Troubleshooting Authentication Issues

Common Issues

SQL Server: Login failed for user

  • Verify SQL Server authentication is enabled (not Windows-only mode)
  • Check that the user exists and has appropriate permissions
  • Ensure the user is mapped to the target database

PostgreSQL: password authentication failed

  • Verify pg_hba.conf allows password authentication from your client IP
  • Check that the user exists: SELECT * FROM pg_user WHERE usename='targetuser';
  • Ensure the database exists and user has CONNECT privilege

MySQL: Access denied for user

  • Verify the user has appropriate host access: SELECT user, host FROM mysql.user;
  • Check user privileges: SHOW GRANTS FOR 'targetuser'@'%';
  • Ensure the database exists

Oracle: ORA-01017: invalid username/password

  • Verify the username is correct (Oracle usernames are case-sensitive when quoted)
  • Check that the user account is not locked
  • Verify connection to the correct database/PDB

Connection timeout or network issues

  • Verify firewall rules allow connection to target server port
  • Check target server is running and accessible
  • Test connection with native client tools first (psql, sqlcmd, mysql, sqlplus)
Copyright © 2026 Architecture & Performance. Built with Docusaurus.