Oracle Advanced Networking Option Administrator's Guide

Library

Product

Contents

Index

CHAPTER 3. Choosing and Combining Authentication Services

Connect with a Username/Password When Authentication has been Configured
Setting Up an Oracle Server With Multiple Authentication Services
Setting Up an Oracle Client to Use Multiple Authentication Services

This chapter describes how to use conventional username/password authentication even if you have configured another authentication service. It also discusses how to configure your network to use one or more authentication services in your network using the Oracle Advanced Networking Option. and how to set up more than one authentication service on a client or server.

Authentication adapters available with this release include the following:

CyberSAFE

Kerberos

SecurID

Biometric (Identix)

DCE GSSAPI

Bull ISM (platform-specific documentation only)

Banyan (platform-specific documentation only)

Refer to the individual chapters and your platform-specific documentation for details of configuring these adapters.

Note: Use Oracle Network Manager to configure CyberSAFE, Kerberos, and SecurID. Use a text editor to edit client and server SQLNET.ORA files for Biometric and DCE GSSAPI adapters.

Connect with a Username/Password When Authentication has been Configured

To connect to an Oracle server using a username and password when an Oracle authentication adapter has been configured, you need to configure the Authentication Services page with NO AUTHENTICATION selected.

Configuring No Authentication

If you select NO AUTHENTICATION on the General Authentication page, the NO AUTHENTICATION page shown in Figure 3 - 1 displays. Make this choice if you want to disable authentication. For example, for users to be able to log into an Oracle database server using username/password, you must disable authentication by selecting this value. If you do, the following parameter will appear in the SQLNET.ORA file:

SQLNET.AUTHENTICATION_SERVICES = (NONE)

Figure 3 - 1. No Authentication Page

Note: NO AUTHENTICATION must be selected uniquely. If you select NO AUTHENTICATION in addition to any authentication adapters, Network Manager will warn you to change your selection.

If NO AUTHENTICATION is selected, there are no required parameters.

The following authentication parameter gets written to the SQLNET.ORA file only if the user explicitly selects NO AUTHENTICATION from the list of adapters.

SQLNET.AUTHENTICATION_SERVICES=(NONE)

A user can then connect to a database using a username/password:

% sqlplus username/password@service_name

For example:

% sqlplus scott/tiger@oracle_dbname

However, if you do not open the Default Authentication Services page, or do not configure anything on this page, this parameter will not be generated or written to the SQLNET.ORA file for clients and servers in the current Client Profile.

Setting Up an Oracle Server With Multiple Authentication Services

Many networks use more than one authentication service on a single security server. For this reason, the Oracle Advanced Networking Option allows you to configure your network so that Oracle clients can use a specific authentication service, and Oracle Servers can accept any service specified.

This section describes how to set up an Oracle server that uses multiple authentication adapters. Depending on which authentication adapter the client is using, the server will pick one from the list of configured adapters. The following is an example of a SQLNET.ORA file using multiple authentication adapters:

Attention: You should only manually configure files if you do not have access to Oracle Network Manager.

Server Side

The SQLNET.ORA file for the Oracle server that uses either SecurID or CyberSAFE for authentication must contain the line:

	SQLNET.AUTHENTICATION_SERVICES=(BEQ,SECURID,CYBERSAFE)

Client Side Using SecurID

The SQLNET.ORA file for the Oracle client that uses SecurID must contain the line:

		SQLNET.AUTHENTICATION_SERVICES=(BEQ,SECURID)

Client Side Using CyberSAFE

The SQLNET.ORA file for the Oracle client that uses CyberSAFE must contain the line:

		SQLNET.AUTHENTICATION_SERVICES=(BEQ,CYBERSAFE)

Using this configuration, the Oracle server will accept connections from clients using SecurID or CyberSAFE for the authentication service. This gives you flexibility in your network configuration.

Setting Up an Oracle Client to Use Multiple Authentication Services

This section describes how to set up clients to use multiple authentication adapters. Depending on which authentication adapter the server is configured to use, the client will pick one from the list of configured adapters. The following is an example of a SQLNET.ORA file using multiple authentication adapters:

Attention: You should only manually configure files if you do not have access to Oracle Network Manager.

Client Side

The SQLNET.ORA file for the Oracle client that uses either SecurID or CyberSAFE for authentication must contain the line:

	SQLNET.AUTHENTICATION_SERVICES=(BEQ,SECURID,CYBERSAFE)

Server Side Using SecurID

The SQLNET.ORA file for the Oracle server that uses SecurID to authenticate users must contain the line:

		SQLNET.AUTHENTICATION_SERVICES=(BEQ,SECURID)

Server Side Using CyberSAFE

The SQLNET.ORA file for the Oracle server that uses CyberSAFE to authenticate users must contain the line:

		SQLNET.AUTHENTICATION_SERVICES=(BEQ,CYBERSAFE)

Using this configuration, the Oracle client can connect to multiple Oracle servers using different authentication services.

Prev Next

Library

Product

Contents

Index