Oracle Advanced Networking Option Administrator's Guide

Library

Product

Contents

Index

CHAPTER 9. Configuring the DCE GSSAPI Authentication Adapter

• Create the DCE Principal
• Set Up Parameters to Use the New DCE Principal, and Turn On DCE GSSAPI Authentication
• Set Up the Account You Will Use to Authenticate to the Database
• Connect to an Oracle Server Using DCE GSSAPI Authentication

Note: If you are already using SQL*Net DCE, you don't also have to use the DCE GSSAPI authentication adapter. The SQL*Net DCE Integration product described in Part II includes DCE authentication.

This chapter describes how to configure and use the DCE GSSAPI authentication adapter. It describes these four steps:

1. Create the DCE principal used by the Oracle Server.

2. Set parameters to use the new DCE principal used by the Oracle Server and turn on GSSAPI authentication.

3. Set up the account you will use to authenticate to the database.

4. Connect to an Oracle Server using DCE GSSAPI authentication.

Create the DCE Principal

% su
  password:			(root password is not echoed)
# dce_login cell_admin <cell_admin_password>
# rgy_edit
Current site is: registry server at 
    /.../<cellname>/subsys/dce/sec/master
rgy_edit=> do p
Domain changed to: principal
rgy_edit=> add oracle_server
rgy_edit=> do a
Domain changed to: account
rgy_edit=> add oracle_server -g none -o none -pw
     <oracle_server_password> -mp <cell_admin_password>
rgy_edit=> ktadd -p oracle_server -pw <oracle_server_password>
rgy_edit=> quit
bye

Set Up Parameters to Use the New DCE Principal, and Turn On DCE GSSAPI Authentication

Add the following lines to the SQLNET.ORA file. (This file is probably found in <ORACLE_HOME>/NETWORK/ADMIN.)

SQLNET.AUTHENTICATION_GSSAPI_SERVICE=/.../<cellname>/oracle_server
SQLNET.AUTHENTICATION_SERVICES=(DCEGSSAPI)

Note: The Oracle Server principal name used above must be a fully qualified name, including the cell name.

Set Up the Account You Will Use to Authenticate to the Database

% dce_login cell_admin <cell_admin_password>
% rgy_edit
Current site is : registry server at /.../<cellname>/subsys/dce/sec/master
rgy_edit=> do p
Domain changed to: principal
rgy_edit=> add oracle
rgy_edit=> do a
Domain changed to: account
rgy_edit=> add oracle -g none -o none -pw <oracle_client_password> 	-mp <cell_admin_password>
rgy_edit=> quit
bye

Create the Oracle database user account. These instructions show how to use Oracle Server Manager to do this.

% svrmgrl

Oracle Server Manager Release 2.3.3.0.0 -Production

Copyright (c) Oracle Corporation 1994,1995. All rights reserved.

Oracle7 Server Release 7.3.2.0.0 -Productin Release
With the distributed, heterogeneous, replication, objects, parallel query, Parallel SErver and Spatial Data options
PL/SQL Release 2.3.3.0.0 - Production

SVRMGR> connect internal
Connected

SVRMGR> create user "/.../<CELLNAME>/ORACLE" identified
  externally;
Statement processed.

SVRMGR> grant connect to "/.../<CELLNAME>/ORACLE";
Statement processed.

SVRMGR> exit
Server Manager complete.

Note: The Oracle client principal name must be a fully qualified principal (including full cell designation), must be in uppercase, and must be enclosed within quotes.

Connect to an Oracle Server Using DCE GSSAPI Authentication

1. If your DCE authentication is not already encapsulated into the operating system authentication, login:

% dce_login <oracle_client_principal> <oracle_client_password>

For example:

% dce_login oracle oraclnt

2. Connect to the Oracle database using DCE GSSAPI authentication.

% sqlplus /@<database_service_name>

For example:

% sqlplus /@sales

Prev Next

Copyright © 1996 Oracle Corporation. All Rights Reserved.

Library

Product

Contents

Index