Index
A B C D E F G H I J K L M N O P R S T U V W X
A
- accounting, RADIUS, 5-19
- activating checksumming and encryption, 3-6
- adapters, 1-15
- asynchronous authentication mode in RADIUS, 5-5
- ATTENTION_DESCRIPTION column, G-5
- authenticated RPC
- protocol adapter includes, 10-3
- authentication, 1-15
- configuring multiple methods, 9-4
- methods, 1-10
- modes in RADIUS, 5-3
B
- benefits of Oracle Advanced Security, 1-4
C
- CASCADE parameter, G-6
- CASCADE_FLAG column, G-5, G-6
- CDS. See Cell Directory Service (CDS)
- Cell Directory Service (CDS)
- cds_attributes file
- modifying for name resolution in CDS, 10-20
- naming adapter components, 10-3
- naming adapter includes, 10-3
- Oracle service names, 10-3
- using to perform name lookup, 10-19
- certificate, 7-6
- certificate authority, 7-6
- certificate revocation lists, 7-7
- manipulating with orapki tool, 7-40
- uploading to LDAP directory, 7-40
- where to store them, 7-37
- certificate revocation status checking
- disabling on server, 7-40
- certificate validation error message
- CRL could not be found, 7-46
- CRL date verification failed with RSA status, 7-46
- CRL signature verification failed with RSA status, 7-46
- Fetch CRL from CRL DP
- No CRLs found, 7-47
- OID hostname or port number not set, 7-47
- challenge-response authentication in RADIUS, 5-5
- cipher block chaining mode, 1-6
- cipher suites
- Secure Sockets Layer (SSL), B-8
- client authentication in SSL, 7-21
- configuration files
- Kerberos, B-1
- configuring
- clients for DCE integration, 10-16
- clients to use DCE CDS naming, 10-19
- DCE to use DCE Integration, 10-5
- Entrust-enabled Secure Sockets Layer (SSL)
- on the client, F-8
- Kerberos authentication service parameters, 6-5
- Oracle Net/DCE external roles, 10-12
- Oracle server with Kerberos, 6-2
- RADIUS authentication, 5-9
- shared schemas, 11-20
- SSL, 7-15
- on the client, 7-23
- on the server, 7-15
- thin JDBC support, 4-1
- connecting
- across cells, 10-12
- to an Oracle database
- to verify roles, 10-14
- to an Oracle server in DCE, 10-23
- with username and password, 10-25
- without username and password, 10-24
- with username and password, 9-1
- creating
- Oracle directories in CDS, 10-6
- principals and accounts, 10-5
- CRL, 7-7
- CRLAdmins directory administrative group, E-11
- CRLs
- disabling on server, 7-40
- where to store them, 7-37
- cryptographic hardware devices, 7-8
D
- Data Encryption Standard (DES), 3-2
- DES encryption algorithm, 1-6
- DES40 encryption algorithm, 3-3
- Triple-DES encryption algorithm, 1-6, 3-2
- data integrity, 1-7
- database links
- RADIUS not supported, 5-2, 11-24
- DBPASSWORD column, G-5
- DBPASSWORD_EXIST_FLAG column, G-5, G-6
- DCE. See Distributed Computing Environment (DCE)
- DCE.AUTHENTICATION parameter, 10-17
- DCE.LOCAL_CELL_USERNAMES parameter, 10-17
- DCE.PROTECTION parameter, 10-17
- DCE.TNS_ADDRESS_OID parameter, 10-17
- DCE.TNS_ADDRESS.OID parameter
- modifying in protocol.ora file, 10-20
- DES. See Data Encryption Standard (DES)
- Diffie-Hellman key negotiation algorithm, 3-4
- DIRPASSWORD column, G-5
- Distributed Computing Environment (DCE)
- backward compatibility, 10-2
- CDS naming adapter components, 10-3
- communication and security, 10-3
- components, 10-2
- configuration files required, 10-9
- configuring a server, 10-9
- configuring clients for DCE integration, 10-16
- configuring clients to use DCE CDS naming, 10-19
- configuring server, 10-9
- configuring to use DCE Integration, 10-5
- connecting
- to an Oracle database, 10-23
- connecting clients without access to DCE and CDS, 10-25
- connecting to an Oracle server, 10-23
- externally authenticated accounts, 10-10
- listener.ora parameters, 10-8
- mapping groups to Oracle roles,syntax, 10-13
- Multi-Protocol Interchange, 10-4
- overview, 10-2
- protocol.ora file parameters, 10-17
- REMOTE_OS_AUTHENT parameter, 10-11
- sample address in tnsnames.ora file, 10-21
- sample listener.ora file, 10-25
- sample parameter files, 10-25
- sample tnsnames.ora file, 10-25
- Secure Core services, 10-4
- setting up external roles, 10-12
- starting the listener, 10-23
- tnsnames.ora files, 10-8
- verifying DCE group mapping, 10-14
- verifying dce_service_name, 10-24
- Domain Naming Service (DNS), 10-4
E
- encryption, 1-16
- encryption and checksumming
- activating, 3-6
- client profile encryption, A-8
- negotiating, 3-6
- parameter settings, 3-9
- server encryption level setting, A-4
- Enterprise Security Manager (ESM)
- initial installation and configuration, 2-15
- enterprise user security
- components, 11-25
- configuration flow chart, 12-3
- configuration roadmap, 12-4
- directory entries, 11-11
- enterprise domains, 11-14
- enterprise roles, 11-12
- enterprise users, 11-11
- mapping, 11-20
- global roles, 11-12
- groups
- OracleContextAdmins, 11-18
- OracleDBCreators, 11-18
- OracleDBSecurityAdmins, 11-18
- OraclePasswordAccessibleDomains, 11-18
- OracleUserSecurityAdmins, 11-18
- overview, 11-2
- shared schemas, 11-19
- configuring, 11-20
- tools summary, 2-13
- using third-party directories, 11-5
- Entrust Authority
- creating database users, F-12
- Entrust Authority for Oracle, F-3
- Entrust Authority Software
- authentication, F-5, F-6
- certificate revocation, F-2
- components, F-3, F-4
- configuring
- client, F-8
- server, F-9
- Entelligence, F-4
- etbinder command, F-10
- issues and restrictions, F-12
- key management, F-2
- profiles, F-6
- administrator-created, F-6
- user-created, F-7
- Self-Administration Server, F-4
- versions supported, F-3
- Entrust, Inc., F-1
- Entrust-enabled SSL
- troubleshooting, F-13
- Entrust/PKI Software, 1-12
- error messages
- ORA-12650, 3-6, 3-7, A-6, A-7, A-8
- ORA-28890, F-13
- etbinder command, F-10
F
- Federal Information Processing Standard
- configuration, i-xxix
- Federal Information Processing Standard (FIPS), 1-7, D-1
- sqlnet.ora parameters, D-1
- FIPS. See Federal Information Processing Standard (FIPS)
G
- GDS. See Global Directory Service (GDS)
- Global Directory Service (GDS), 10-4
- grid computing
- benefits, 1-2
- defined, 1-2
- GT GlossaryTitle, Glossary-1
H
- handshake
- SSL, 7-4
I
- initialization parameter file
- parameters for clients and servers using Kerberos, B-1
- parameters for clients and servers using RADIUS, B-2
- parameters for clients and servers using SSL, B-7
- installing
- key of server, 10-6
J
- Java Byte Code Obfuscation, 4-3
- Java Database Connectivity (JDBC)
- configuration parameters, 4-4
- Oracle extensions, 4-2
- Oracle O3LOGON, 4-2
- thin driver features, 4-2
- Java Database connectivity (JDBC)
- implementation of Oracle Advanced Security, 4-1
- JDBC. See Java Database Connectivity
K
- Kerberos, 1-10
- authentication adapter utilities, 6-11
- configuring authentication, 6-2, 6-5
- kinstance, 6-3
- kservice, 6-3
- realm, 6-3
- sqlnet.ora file sample, A-2
- system requirements, 1-17
- kinstance (Kerberos), 6-3
- kservice (Kerberos), 6-3
L
- LAN environments
- vulnerabilities of, 1-3
- ldap.ora
- which directory SSL port to use for no authentication, 7-43
- listener
- endpoint
- SSL configuration, 7-23
- starting in the DCE environment, 10-23
- listener.ora file
- parameters for DCE, 10-10
- logging into Oracle
- using DCE authentication, 10-24
M
- managing roles with RADIUS server, 5-21
- mapping DCE groups
- to Oracle roles, 10-13
- MAPPING_LEVEL column, G-5, G-6
- MAPPING_TYPE column, G-5, G-6
- MD5 message digest algorithm, 3-4
- mkstore utility, 12-25
N
- NAMES.DIRECTORY_PATH parameter, 10-23
- nCipher hardware security module
- using Oracle Net tracing to troubleshoot, 7-50
- NEEDS_ATTENTION_FLAG column, G-5
- Netscape Communications Corporation, 7-2
- network protocol boundaries, 1-16
O
- obfuscation, 4-3
- of, 11-4
- okdstry
- Kerberos adapter utility, 6-11
- okinit
- Kerberos adapter utility, 6-11
- oklist
- Kerberos adapter utility, 6-11
- OLD_SCHEMA_TYPE column, G-5
- ORA-12650 error message, A-7
- ORA-28885 error, 8-6
- ORA-40300 error message, 7-51
- ORA-40301 error message, 7-51
- ORA-40302 error message, 7-51
- Oracle Advanced Security
- checksum sample for sqlnet.ora file, A-2
- configuration parameters, 4-4
- disabling authentication, 9-2
- encryption sample for sqlnet.ora file, A-2
- Java implementation, 4-1, 4-3
- SSL features, 7-3
- Oracle Applications wallet location, 8-18
- Oracle Connection Manager, 1-16
- Oracle Enterprise Security Manager (ESM), 11-20
- introduction, 2-14
- starting, 2-16
- Oracle Internet Directory
- Diffie-Hellman SSL port, 7-43
- version supported by Enterprise User Security, 11-5
- Oracle JDBC OCI driver
- used by user migration utility, G-2
- Oracle parameters
- authentication, 9-5
- Oracle Password Protocol, 4-3
- Oracle service names, 10-3
- loading into CDS, 10-22
- Oracle Wallet Manager
- importing PKCS #7 certificate chains, 8-22
- OracleContextAdmins group, 11-18
- OracleDBCreators group, 11-18
- OracleDBSecurityAdmins group, 11-18
- OraclePasswordAccessibleDomains group, 11-18
- OracleUserSecurityAdmins group, 11-18
- orapki
- adding a certificate request to a wallet with, E-5
- adding a root certificate to a wallet with, E-5
- adding a trusted certificate to a wallet with, E-5
- adding user certificates to a wallet with, E-5
- creating a signed certificate for testing, E-3
- creating a wallet with, E-4
- creating an auto login wallet with, E-4
- exporting a certificate from a wallet with, E-6
- exporting a certificate request from a wallet with, E-6
- viewing a test certificate with, E-3
- viewing a wallet with, E-4
- orapki tool, 7-40
- ORCL_GLOBAL_USR_MIGRATION_DATA interface table, G-3
- access to, G-4
- ATTENTION_DESCRIPTION column, G-5
- CASCADE_FLAG column, G-5, G-6
- DBPASSWORD column, G-5
- DBPASSWORD_EXIST_FLAG column, G-5, G-6
- DIRPASSWORD column, G-5
- MAPPING_LEVEL column, G-5, G-6
- MAPPING_TYPE column, G-5, G-6
- NEEDS_ATTENTION_FLAG column, G-5
- OLD_SCHEMA_TYPE column, G-5
- PASSWORD_VERIFIER column, G-5
- PHASE_COMPLETED column, G-5, G-6
- SHARED_SCHEMA column, G-5, G-6
- USERDN column, G-5, G-6
- USERDN_EXIST_FLAG column, G-5, G-6
- USERNAME column, G-5
- OS_AUTHENT_PREFIX parameter, 9-6
- OS_ROLES parameter
- setting, 10-12
- OSS.SOURCE.MY_WALLET parameter, 7-17, 7-27
P
- paragraph tags
- GT GlossaryTitle, Glossary-1
- parameters
- authentication
- Kerberos, B-1
- RADIUS, B-2
- Secure Sockets Layer (SSL), B-7
- configuration for JDBC, 4-4
- encryption and checksumming, 3-9
- PASSWORD_VERIFIER column, G-5
- PHASE_COMPLETED column, G-5, G-6
- PKCS #11 devices, 7-8
- PKCS #11 error messages
- ORA-40300, 7-51
- ORA-40301, 7-51
- ORA-40302, 7-51
- PKCS #7 certificate chain, 8-22
- difference from X.509 certificate, 8-22
- PKI. See public key infrastructure
- protocol.ora file
- DCE.AUTHENTICATION parameter, 10-17
- DCE.LOCAL_CELL_USERNAMES parameter, 10-17
- DCE.PROTECTION parameter, 10-17
- DCE.TNS_ADDRESS_OID parameter, 10-17
- parameter for CDS, 10-18
- Public Key Infrastructure (PKI)
- certificate, 7-6
- certificate authority, 7-6
- certificate revocation lists, 7-7
- PKCS #11 hardware devices, 7-8
- wallet, 7-8
- public key infrastructure (PKI), 1-11, 1-12
R
- RADIUS, 1-10
- accounting, 5-19
- asynchronous authentication mode, 5-5
- authentication modes, 5-3
- authentication parameters, B-2
- challenge-response
- authentication, 5-5
- user interface, C-1, C-2
- configuring, 5-9
- database links not supported, 5-2, 11-24
- location of secret key, 5-14
- smartcards and, 1-11, 5-7, 5-14, C-1
- sqlnet.ora file sample, A-3
- synchronous authentication mode, 5-3
- system requirements, 1-17
- RC4 encryption algorithm, 1-6, 3-3
- realm (Kerberos), 6-3
- restrictions, 1-17
- revocation, F-2
- roles
- managing with RADIUS server, 5-21
- roles, external, mapping to DCE groups, 10-12
- RSA Security, Inc. (RSA), 1-6
S
- secret key
- location in RADIUS, 5-14
- Secure Sockets Layer (SSL), 1-11, 7-1
- architecture, 7-10
- authentication parameters, B-7
- authentication process in an Oracle environment, 7-4
- cipher suites, B-8
- client authentication parameter, B-10
- client configuration, 7-23
- combining with other authentication methods, 7-10
- configuring, 7-15
- configuring Entrust-enabled SSL on the client, F-8
- enabling, 7-15
- enabling Entrust-enabled SSL, F-6
- handshake, 7-4
- industry standard protocol, 7-2
- requiring client authentication, 7-21
- server configuration, 7-15
- sqlnet.ora file sample, A-2
- system requirements, 1-17
- version parameter, B-9
- wallet location, parameter, B-12
- SecurID, 5-5
- token cards, 5-5
- security
- Internet, 1-2
- Intranet, 1-2
- threats, 1-3
- data tampering, 1-3
- dictionary attacks, 1-4
- eavesdropping, 1-3
- falsifying identities, 1-3
- password-related, 1-4
- Security Sockets Layer (SSL)
- use of term includes TLS, 7-2
- shared schemas, 11-20
- SHARED_SCHEMA column, G-5, G-6
- single sign-on (SSO), 1-12, 10-24, F-2
- smartcards, 1-11
- and RADIUS, 1-11, 5-7, 5-14, C-1
- SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8
- SQLNET.AUTHENTICATION_SERVICES parameter, 5-10, 6-8, 7-22, 7-23, 7-30, 7-31, 9-3, 9-4
- SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 3-13
- SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 3-13
- SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 3-13, A-8
- SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 3-13, A-8
- SQLNET.CRYPTO_SEED parameter, A-8
- SQLNET.ENCRYPTION_CLIENT parameter, 3-11, A-5
- SQLNET.ENCRYPTION_SERVER parameter, 3-11, A-4
- SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 3-11, A-7
- SQLNET.ENCRYPTION_TYPES_SERVER parameter, 3-11, A-6
- SQLNET.FIPS_140 parameter, D-3
- SQLNET.KERBEROS5_CC_NAME parameter, 6-8
- SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9
- SQLNET.KERBEROS5_CONF parameter, 6-9
- SQLNET.KERBEROS5_CONF_MIT parameter, 6-9
- SQLNET.KERBEROS5_KEYTAB parameter, 6-9
- SQLNET.KERBEROS5_REALMS parameter, 6-9
- sqlnet.ora file
- Common sample, A-2
- FIPS 140-1 parameters, D-1
- Kerberos sample, A-2
- modifying so CDS can resolve names, 10-22
- NAMES.DIRECTORY_PATH parameter, 10-23
- Oracle Advanced Security checksum sample, A-2
- Oracle Advanced Security encryption sample, A-2
- OSS.SOURCE.MY_WALLET parameter, 7-17, 7-27
- parameters for clients and servers using Kerberos, B-1
- parameters for clients and servers using RADIUS, B-2
- parameters for clients and servers using SSL, B-7
- RADIUS sample, A-3
- sample, A-1
- SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8
- SQLNET.AUTHENTICATION_SERVICES parameter, 6-8, 7-22, 7-23, 7-30, 7-31, 9-3, 9-4
- SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 3-13
- SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 3-13
- SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 3-13, A-8
- SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 3-13, A-8
- SQLNET.CRYPTO_SEED parameter, A-8
- SQLNET.ENCRYPTION_CLIENT parameter, A-5
- SQLNET.ENCRYPTION_SERVER parameter, 3-11, A-4
- SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 3-11, A-7
- SQLNET.ENCRYPTION_TYPES_SERVER parameter, 3-11, A-6
- SQLNET.FIPS_140 parameter, D-3
- SQLNET.KERBEROS5_CC_NAME parameter, 6-8
- SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9
- SQLNET.KERBEROS5_CONF parameter, 6-9
- SQLNET.KERBEROS5_CONF_MIT parameter, 6-9
- SQLNET.KERBEROS5_KEYTAB parameter, 6-9
- SQLNET.KERBEROS5_REALMS parameter, 6-9
- SSL sample, A-2
- SSL_CLIENT_AUTHENTICATION parameter, 7-22
- SSL_CLIENT_AUTHETNICATION parameter, 7-27
- SSL_VERSION parameter, 7-21, 7-30
- Trace File Set Up sample, A-1
- SQLNET.RADIUS_ALTERNATE parameter, 5-16
- SQLNET.RADIUS_ALTERNATE_PORT parameter, 5-16
- SQLNET.RADIUS_ALTERNATE_RETRIES parameter, 5-16
- SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter, 5-16
- SQLNET.RADIUS_SEND_ACCOUNTING parameter, 5-19
- SSL. See Secure Sockets Layer (SSL)
- SSL wallet location, 8-11, 8-18
- SSL_CLIENT_AUTHENTICATION parameter, 7-22, 7-27
- SSL_VERSION parameter, 7-21, 7-30
- SSO. See single sign-on (SSO)
- SSO wallets, 8-19
- synchronous authentication mode, RADIUS, 5-3
- SYS schema, G-3
- system requirements, 1-16
- DCE integration, 10-2
- Kerberos, 1-17
- RADIUS, 1-17
- SSL, 1-17
T
- thin JDBC support, 4-1
- TLS See Secure Sockets Layer (SSL)
- tnsnames.ora file
- loading into CDS using tnnfg, 10-22
- modifying to load connect descriptors into CDS, 10-21
- renaming, 10-22
- token cards, 1-11
- trace file
- set up sample for sqlnet.ora file, A-1
- Triple-DES encryption algorithm, 1-6
- troubleshooting, 6-18
- Entrust-enabled SSL, F-13
U
- user migration utility
- access to interface table, G-4
- accessing help, G-12
- ATTENTION_DESCRIPTION column, G-5
- CASCADE parameter, G-6
- CASCADE_FLAG column, G-5, G-6
- certificate authenticated users, G-7
- DBPASSWORD column, G-5
- DBPASSWORD_EXIST_FLAG column, G-5, G-6
- directory location of utility, G-8
- DIRPASSWORD column, G-5
- example
- parameter text file (par.txt), G-25
- users list text file (usrs.txt), G-25
- using CASCADE=NO, G-21
- using CASCADE=YES, G-22
- using MAPSCHEMA=PRIVATE, G-20
- using MAPSCHEMA=SHARED, G-21
- using MAPTYPE options, G-24
- using PARFILE, USERSFILE, and LOGFILE parameters, G-26
- LOGFILE precedence, G-26
- MAPPING_LEVEL column, G-5, G-6
- MAPPING_TYPE column, G-5, G-6
- MAPSCHEMA parameter
- PRIVATE, G-16
- SHARED, G-16
- MAPTYPE parameter
- DB mapping type, G-17
- DOMAIN mapping type, G-17
- ENTRY mapping level, G-17
- SUBTREE mapping level, G-17, G-24
- NEEDS_ATTENTION_FLAG column, G-5
- OLD_SCHEMA_TYPE column, G-5
- ORCL_GLOBAL_USR_MIGRATION_DATA interface table, G-3
- password authenticated users, G-7
- PASSWORD_VERIFIER column, G-5
- PHASE_COMPLETED column, G-5, G-6
- retrieving dropped schema objects, G-23
- shared schema mapping, G-6
- SHARED_SCHEMA column, G-5, G-6
- SSL authentication for current release, G-8
- SYS schema, G-3
- USER parameter
- ALL_EXTERNAL, G-14
- ALL_GLOBAL, G-14
- LIST, G-14
- USERSFILE, G-14
- USERDN column, G-5, G-6
- USERDN_EXIST_FLAG column, G-5, G-6
- USERNAME column, G-5
- uses Oracle JDBC OCI driver, G-2
- X.509 v3 certificates, G-7
- USERDN column, G-5, G-6
- USERDN_EXIST_FLAG column, G-5, G-6
- USERNAME column, G-5
V
- viewing mapping in CDS namespace, for listener endpoint, 10-24
- viewing the database wallet DN, 12-25
W
- wallet, 7-8
- wallets
- auto login, 8-19
- changing a password, 8-18
- closing, 8-13
- creating, 8-10
- deleting, 8-18
- managing, 8-9
- managing certificates, 8-20
- managing trusted certificates, 8-25
- opening, 8-13
- Oracle Applications wallet location, 8-18
- saving, 8-17
- setting location, 7-16
- SSL wallet location, 8-11, 8-18
- SSO wallets, 8-19
X
- X.509 certificate
- difference from PKCS #7 certificate chain, 8-22
- X.509 PKI certificate standard, F-2
