Query on OS Authentication [message #433509] |
Wed, 02 December 2009 10:46 |
chetanaZ
Messages: 132 Registered: October 2009 Location: UK
|
Senior Member |
|
|
Hi,
I understand that we follow the below mentioned steps for OS Authentication
1) Sqlnet.log entry
SQLNET.AUTHENTICATION_SERVICES= (NTS)
2) Configure parameter os_authent_prefix ---ops$
3) Create OS level user and add it to ora_dba group
4) Create database user as following
create user "OPS$USERNAME\DOMAIN" identified externally;
SQL> grant connect to "OPS$USERNAME\DOMAIN";
In Step 3 above, I assume we create OS level user on client side
e.g. while connecting from windows machine (oracle client) to Oracle Database on Unix/Linux, we will create the user on Windows Machine
Is that Correct?
I am asking this since I am unable to find myself added to ora_dba group (on windows) while I am using OS Authentication!
Thanks and Regards
Chetana
|
|
|
|
Re: Query on OS Authentication [message #434761 is a reply to message #433509] |
Thu, 10 December 2009 11:03 |
chetanaZ
Messages: 132 Registered: October 2009 Location: UK
|
Senior Member |
|
|
Thanks Michel
I think still I am not clear ..May be my question is not clear..Sorry for my knowledge
I have a linux machine on which Oracle 9i databse say db01 is installed
I have a windows machine on which Oracle client is installed, tnsnams.ora is configured for db01
I am connecting db01 database on linux server from my windows machine using tns entry
Now I want OS authentication
I create database user
I have os_authent_prefix=ops$
create user ops$scott identified externally;
grant create session to ops$scott;
Now do I need to create user scott on windows machine or database server linux?
Thanks and Regards,
Chetana
|
|
|
|
|
Re: Query on OS Authentication [message #434766 is a reply to message #434764] |
Thu, 10 December 2009 11:23 |
|
Michel Cadot
Messages: 68729 Registered: March 2007 Location: Saint-Maur, France, https...
|
Senior Member Account Moderator |
|
|
No, you do not want that.
If you really want that then ANYONE in the network can connect as the user scott on your database.
Alternatively you can remotely connect with / using Oracle "Secure External Password Store".
Regards
Michel
[Updated on: Thu, 10 December 2009 11:24] Report message to a moderator
|
|
|
Re: Query on OS Authentication [message #434773 is a reply to message #433509] |
Thu, 10 December 2009 11:41 |
chetanaZ
Messages: 132 Registered: October 2009 Location: UK
|
Senior Member |
|
|
Many Thanks Michel
You have rightly mentioned that anyone in the network can connect to database (of course the user must login as scott to OS, right?)
In fact before I post my query in this forum (where I get correct answers/advice that to quickly), I tried to search on google
But it seems my search key was wrong
I should have searched for 'Remote OS Authentication' rather than 'OS Authentication'
As a product of your answer and link below, I understand that in my case
Quote:
If I want OS Authentication where users logging directly (OS level) to linux server want to get authenticated I create their account on LINUX server itself apart from database users e.g. ops$scott
If I want Remote OS Authentication I create database users (ops$scott) but create OS users on windows box itself
http://www.oracle.com/technology/pub/articles/project_lockdown/phase2.html#2.2
Thanks for your help
Thanks and Regards,
Chetana
[Updated on: Thu, 10 December 2009 12:13] by Moderator Report message to a moderator
|
|
|
Re: Query on OS Authentication [message #434782 is a reply to message #434773] |
Thu, 10 December 2009 12:16 |
|
Michel Cadot
Messages: 68729 Registered: March 2007 Location: Saint-Maur, France, https...
|
Senior Member Account Moderator |
|
|
Quote:of course the user must login as scott to OS, right?)
Yes, a thing I can in less a minute on my laptop.
And as you can see in your link about projet Lockdown: section 2.3 Disable Remote OS Authentication.
As I said if you want to authenticate remotely but using "/" in your connection string use Oracle "Secure External Password Store".
Regards
Michel
|
|
|