Re: Oracle / AD Questions

Kerberos will give you nice passwordless single-sign on, but it indeed requires Linux configuration and the setup instructions are quite long. What I like about Radius it is so easy, Windows server people start Radius server on their side and you add just a few lines in database sqlnet.ora and done. But it will not give SSO, users still need to type in their Windows password to authenticate.

There is also an option to install an Oracle password filter on Active Directory side, then Oracle (since 18c) can authenticate directly against AD. I doubt many AD admins agree to this since it is quite invasive.

On Wed, 2 Oct 2024 at 20:47, Scott Canaan <srcdco_at_rit.edu> wrote:

> We aren’t running Oracle on Azure. Our sys admin is saying we can only
> use Kerberos on Linux.
>
>
>
> *Scott Canaan ‘88*
>
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>
> *From:* Ilmar Kerm <ilmar.kerm_at_gmail.com>
> *Sent:* Wednesday, October 2, 2024 2:44 PM
> *To:* Scott Canaan <srcdco_at_rit.edu>
> *Cc:* ORACLE-L <oracle-l_at_freelists.org>
> *Subject:* Re: Oracle / AD Questions
>
>
>
> We use Radius, to authenticate human database users. Very easy to deploy
> and has worked well over a decade
>
>
> https://ilmarkerm.eu/blog/2023/05/authenticating-oracle-database-users-with-radius/
>
>
>
> But will soon move to Azure AD Oauth authentication, to remove the need
> for creating users and managing their privileges.
>
>
> https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/authenticating-and-authorizing-microsoft-entra-id-azure-ad-users-oracle-databases.html
>
>
>
>
> Ilmar Kerm
>
>
>
>
>
> On Wed, 2 Oct 2024 at 20:27, Scott Canaan <dmarc-noreply_at_freelists.org>
> wrote:
>
> We are looking at connecting our Oracle databases to AD so we can
> centralize user creation and administration. All of our Oracle databases
> run on Linux. Our Linux sys admins say that they don’t support AD on
> Linux. Is it still possible to connect to AD without having AD installed
> in the Linux environment?
>
>
>
> Oracle 19c
>
> Red Hat 8
>
>
>
>
> *Scott Canaan ‘88 *
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>
>

-- 
Ilmar Kerm

--
http://www.freelists.org/webpage/oracle-l