Re: Authentication Problem

Hi Jared,

I agree with you on the security issue, but sometimes it is a requirement to have this possibility.
If you create the database user with domain name as well doesn't this make it a bit more secure, as this is more difficult to create such a user on windows (not a windows admin so could be wrong)?

Jack

On 05/02/2008, Jared Still <jkstill_at_gmail.com> wrote:
>
> On Jan 30, 2008 6:53 PM, Jack van Zanen <jack_at_vanzanen.com> wrote:
>
> >
> > When creating the domain user in the database you use double quotes ( "OPS$<domainname>\<username>"
> > ). It than becomes case sensitive as well. Make sure the case is spot
> > on.
> >
> > log on to the database as a dba user and look in v$session to see exact
> > spelling of your os account.
> >
> >
> > Jack
> >
> >
>
>
> Creating an account with domainnname/username is not necessary when
> connecting
> to Oracle on unix/linux from a windows client.
>
> I just created an account on 2 different databases on linux using
> "OPS$<myusername>".
> No domain name.
>
> One server knows how to authenticate via AD, the other does not.
>
> Both allowed an OS authenticated login from a Windows client.
>
> Setting remote_os_authent=true is a rather dangerous option.
>
> If is *extremely* easy for a windows client to gain ownership of the
> database when remote_os_authent=true.
>
> If you set it, you better be using invited_nodes in sqlnet.ora to limit
> who can get to the database.
>
> Jared
>
>
>
>
>
>
>
>
>
> --
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>

-- 
J.A. van Zanen

--
http://www.freelists.org/webpage/oracle-l