RE: oracle authentication from windows

From: david davis <ddoralist_at_hotmail.com>
Date: Fri, 20 Jun 2003 06:01:54 -0700
Message-ID: <F001.005B5F9D.20030620054441@fatcity.com>

This is an interesting one. I am currently going through (tortured) another system audit. One of the many questions the auditors (I am being attacked from all sides) had about the Oracle configuration was "Can remote authenticated network users connect to the database?".

If auditors know this is a weakness, maybe it would be a good idea to avoid its use.

btw I do use O/S authenticated userids but remote authentication has been disabled (deliberately). We are running Oracle on Unix so our batch jobs use O/S authenticated ids.

From: "Gogala, Mladen" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Subject: RE: oracle authentication from windows Date: Thu, 19 Jun 2003 12:19:59 -0800
That, of course, will render your database totally insecure and open to anybody
who can bring in a WinXP laptop, change the windoze username and log in as he pleases.
DBA that sets his production parameters the way Arup described deserves to be
publicly tortured by Bill O'Reilly in the "no spin zone". Mladen Gogala
Oracle DBA
Phone:(203) 459-6855
Email:[EMAIL PROTECTED]
-----Original Message-----

Sent: Thursday, June 19, 2003 3:46 PM
To: Multiple recipients of list ORACLE-L Sure.

Just declare these in your init.ora

os_authent_prefix=OPS$
remote_os_authent=TRUE
bounce the database, add a user called OPS$<the Windows username>, e.g. OPS$AK if your Windows login id is AK as create user ops$ak identified externally

From windows connect as "/@servicename", e.g. sqlplus /@service1

If it doesn't work, the OS user may be different. Use this query while connected to the database from Windows cleint. SQL> select sys_context('USERENV','OS_USER') from dual;

See what OS username comes up; use that instead.

HTH. Arup Nanda
www.proligence.com

• Original Message ----- To: Multiple <mailto:[EMAIL PROTECTED]> recipients of list ORACLE-L Sent: Thursday, June 19, 2003 1:10 PM We want our client users ( forms user ) to just enter windows password and then automatically able to get in to oracle .Is there a way oracle can authenticate from windows ( or active directory ) . enbadding password in runform.exe not an option . thanks,
  -ak
  

  ---

  Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail

--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: david davis
 INET: [EMAIL PROTECTED]

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services


---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message

to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Fri Jun 20 2003 - 08:01:54 CDT