Oracle Advanced Networking Option Administrator's Guide
Library
Product
Contents
Index
Index
@
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
@
a.smd
ACCEPTED value, description of
activating
checksumming
encryption
adding new service name and address, to CDS with tnnfg utility
Advanced Networking Option
install
install on server and client
application toolkit, installing CyberSAFE
ark utility, Kerberos
assigning new pincode, to SecurID card
authenticated RPC, protocol adapter includes
authentication
[
2
] [
3
] [
4
] [
5
]
authentication page, select from client profile
[
2
]
selecting
benefits, of using the Advanced Networking Option
Biometric Authentication Server
[
2
]
Biometric Manager, using
cache file, credentials
CDS naming adapter, components of
cds_attributes file, modifying for name resolution in CDS
CDS, using to perform name lookup
Cell Directory Service (CDS), naming adapter includes
CELL_NAME, DCE address parameter
changing address for service name, for loading into CDS
checksum, for clients and servers
[
2
]
Client Encryption, no algorithms selected
client subset, creating a
clients outside DCE
connecting to Oracle servers in DCE
names resolved by TNSNAMES.ORA
configuration file
for Kerberos
Kerberos parameter
configuration files
CyberSAFE
Kerberos
needed for servers in DCE
SecurID
configuration parameters, description
configuring a server, in DCE
configuring client, in SQL*Net/DCE
configuring clients, to use CDS
configuring DCE, to use SQL*Net/DCE Adapter
configuring listener, clients outside DCE can connect
configuring Oracle client, to use SecurID authentication
configuring Oracle, for SQL*Net/DCE
connect fails, after issuing query
connect to database, to verify roles
connecting across cells
connecting to another cell
connecting to Oracle database, in DCE
connecting to Oracle server, in DCE
connecting to Oracle servers in DCE, from outside DCE environment
connecting to Oracle server
with username/password
without username and password
connecting to Oracle
authenticated by CyberSAFE
using Kerberos authentication
connecting with username/password, with authentication configured
connecting within local cell
creating a Kerberos user
creating an Oracle server account
creating CyberSAFE user, for authentication
creating Oracle directories, in CDS
creating Oracle principal, for Kerberos
creating principals and accounts
creating users, identified externally
credentials cache file
CyberSAFE adapter, configuring with Network Manager
CyberSAFE authentication, enabling
CyberSAFE benefits
CyberSAFE client, installing
CyberSAFE configuration parameters
CyberSAFE parameter, required
CyberSAFE toolkit, installing
[
2
]
CyberSAFE, installing
[
2
]
Data Encryption Standard (DES), V1.1 and later
data encryption, global
data integrity
data privacy and integrity, component of
DCE address parameter, example
DCE address parameters, description of
DCE address, sample for LISTENER.ORA
DCE groups to Oracle roles, syntax for mapping
DCE GSSAPI authentication adapter
when to use
DCE parameter SERVICE
DCE principal, for DCE GSSAPI authentication
DCE roles, external, setting up
DCE Secure Core services
DCE security, unavailable to clients outside DCE
DCE.LOCAL_CELL_USERNAMES parameter
DCE.PROTECTION, DCE parameter
DCE.TNS_ADDRESS.OID, parameter in PROTOCOL.ORA
DCE.TNS_ADDRESS_OID parameter
DCE_AUTHENTICATION, DCE parameter
dce_service_name, verifying
default authentication page
default authentication services page, selecting
default authentication services, page
DEFAULT security policy, for the BiometricAuthentication Service
defaults, encryption and checksumming
defining users
in multi-cell environment
in single-cell environment
Demote, applies to server
DES algorithm, benefits of
DES encryption algorithm, 56-bit key
DES40 algorithm, benefits of
Diffie-Hellman key management, benefits of
disabling authentication, for login with username/password
Distributed Computing Environment, overview
distributing configuration files
Domestic version, installed algorithms
[
2
]
encrypted data, across protocols
encryption
encryption module, in V1.0
Enrollment Accuracy
ensuring Oracle server, can read service table
Enterprise Manager
[
2
]
export guidelines, U.S. government
external authentication
external roles, SQL*Net/DCE, configuring
externally-authenticated accounts, creating and naming
externally-authenticated Oracle user, creating an
externally-authenticated user, creating an
extract service table
from CyberSAFE
from Kerberos
failure of fingerprint authentication
false finger threshold
[
2
]
fingerprint accuracy
[
2
] [
3
] [
4
]
fingerprint authentication failure
fingerprint scanning
General Page, select from Client Profile
[
2
]
generating configuration files
Global Directory Service (GDS)
GSSAPI Service
required CyberSAFE parameter
required parameter
hash
used by the Biometric Authentication Adapter
used in the Biometric Authentication Service
high security threshold
[
2
]
Identix TouchNet II Desktop Sensor
Identix TouchNet II Hardware Interface
INIT.ORA parameters, for CyberSAFE
initial ticket
how to get
installing key of server
installing, Advanced Networking Option
[
2
]
Oracle server
Internet Domain Service (DNS)
kdb5_edit
run to create service principal
to create the new CyberSAFE user
Kerberos adapter, configure with Network Manager
Kerberos authentication page, select from client profile
Kerberos parameters, optional
Kerberos support, through third-party support
Kerberos user, creating
Kerberos, description
key table
for Kerberos
Kerberos parameter
kinit
running to get initial ticket
use to get initial ticket
kinstance, definition of
[
2
] [
3
]
klist, use to display credentials
[
2
]
kservice, definition of
[
2
] [
3
]
LAN environments, vulnerabilities of
limitations, of SecurID adapter
LISTENER.ORA
parameters, description
sample for clients outside DCE
listener, starting
loading Oracle service names, into CDS
logging into Oracle server, using SecurID authentication
logging into Oracle, using DCE authentication
logging in
when SecurID is in next code mode
with PINPAD card
with standard card
with username/password
mapping DCE groups, to Oracle roles
MD5 Message Digest algorithm
MD5, used by the Biometric Authentication Service
message digest
multi-threaded server, not supported
MultiProtocol Interchange
not supported
support
naegen, generating Diffie-Hellman parameters
native_names.directory_path
native_names.use_native
NDS Naming Adapter
how to configure
installation
known limitations
negotiating, security services
negotiation scheme, encryption and checksumming
NetWare Directory Services (NDS)
network delay
for Kerberos
Kerberos parameter
Network Manager, field names
NIS Maps
NIS Naming Adapter
configuring
installing
NO AUTHENTICATION, configuring
Object Tree window, for Biometric Manager
obtain initial ticket, using okinit to
okdstry options
okdstry, description
okinit
description
options
using
oklist
description
options
use to display credentials
Oracle client configuration, parameters
Oracle client, parameters
Oracle Enterprise Manager
[
2
]
Oracle Network Manager
using to configure network
Oracle parameter SID
Oracle parameters, necessary for authentication
Oracle server parameters, for CyberSAFE
Oracle server
installing
parameters
Oracle service names, registering in CDS
Oracle7, configuring
ORACLE_SID
OS_AUTHENT_PREFIX parameter
OS_AUTHENT_PREFIX setting
OS_AUTHENT_PREFIX
parameter
recommended setting
OS_ROLES parameter, setting
overview, product
[
2
] [
3
] [
4
]
parameters required, for Kerberos adapter
parameters, specifying configuration
PINPAD cards, using SecurID
prerequisites
for Biometric Authentication Service installation
principal name, format of
principal, Oracle
procedure, to enable SecurID authentication
products, not yet supported
Properties window, for Biometric Manager
protocol adapter, components of
PROTOCOL.ORA
DCE address parameters in
parameter for CDS
PROTOCOL, DCE address parameter
RC4 algorithm, benefits of
RC4 encryption algorithm
RC4_40 algorithm, benefits of
RC4_56 algorithm, benefits of
realm translation file
for Kerberos adapter
Kerberos parameter
REALM, definition of
[
2
] [
3
]
register Oracle, as SecurID client
rejected PIN code, reasons for
REJECTED value, description of
REMOTE_OS_AUTHENT parameter
setting
REMOTE_OS_AUTHENT setting
REMOTE_OS_AUTHENT, parameter
REQUESTED value, description of
required parameter, on Oracle servers
REQUIRED value, description of
roles, external, mapping to DCE groups
sample DCE address, in TNSNAMES.ORA
sample
configuration files
SQLNET.ORA file
SAP disabling, in NDS
schema extension, in NDS
secret key
[
2
]
SecurID adapter
configuring with Network Manager
creating users for
troubleshooting configuration of
SecurID authentication page
SecurID cards, types of
SecurID client, configuring Oracle as
[
2
] [
3
]
SecurID smart card, description of
SecurID, system requirements
[
2
]
security policy
[
2
] [
3
]
for Biometric Authentication Adapter
for Biometric Authentication Service
security services, negotiating
security, protocol adapter includes
Server Encryption, no algorithms selected
[
2
] [
3
]
SERVER_PRINCIPAL
DCE address parameter
DCE parameter
service name and address storage, in NDS
service parameter, Kerberos
service principal, configuring
service table
ensure that Oracle server can read
extract from CyberSAFE
service ticket
SERVICE, DCE address parameter
single sign-on
[
2
]
smart cards, benefits of
smit utility, restarting cdsadv service
SQL*Net
SQL*Net and Oracle7, configuring
SQL*Net Native Authentication
SQL*Net
configuring
level required by Biometric Athentication Service
SQLNET.AUTHENTICATION_GSSAPI_SERVICES, parameter
SQLNET.AUTHENTICATION_SERVICES, parameter
SQLNET.CRYPTO_CHECKSUM_CLIENT
SQLNET.CRYPTO_CHECKSUM_SERVER
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER
SQLNET.CRYPTO_SEED
SQLNET.ENCRYPTION_SERVER parameter
SQLNET.ENCRYPTION_TYPES_CLIENT parameter
SQLNET.ENCRYPTION_TYPES_SERVER
SQLNET.KRB5_CC_NAME parameter, for Kerberos
SQLNET.KRB5_CLOCKSKEW parameter, for Kerberos
SQLNET.KRB5_CONF parameter, for Kerberos
SQLNET.KRB5_KEYTAB parameter, for Kerberos
SQLNET.KRB5_REALMS parameter, for Kerberos
SQLNET.ORA
[
2
]
SQLNET.ORA file, sample
SQLNET.ORA, modifying so CDS can resolve names
standard cards, using SecurID
steps to perform, to enable Kerberos authentication
System Environment Variable
system requirements
threshold level
[
2
] [
3
]
tnnfg utility, sample of usage
[
2
]
TNSNAMES.ORA
adding an authentication server
enabling for name resolution
for name lookup when CDS is inaccessible
loading into CDS using tnnfg
modifying to load connect descriptors into CDS
renaming
sample entry
sample for clients outside DCE
sample for loading into CDS
TouchNet II
troubleshooting, Kerberos configuration
[
2
]
SecurID adapter configuration
UDP port
ensure that Oracle server can find
ensuring that Oracle finds
user account
User Environment Variable
utilities to use, with Kerberos adapter
validating configuration
verification threshold
Biometric Authentication Service
verifying DCE groups, are mapped to OS roles
viewing mapping in CDS namespace, for listener endpoint
WAN environments, vulnerabilities of
xst utility, extracting service table
ypserv
Copyright © 1996 Oracle Corporation.
All Rights Reserved.
Library
Product
Contents
Index