Using the Network to Authenticate Users
a prefix that Oracle Database uses to authenticate users attempting to connect to the server. –
Authenticate non-operating system users. These are users who are assigned passwords and authenticated by the database.
–
Authenticate Oracle Database Enterprise User Security users. These user accounts where created using the IDENTIFIED GLOBALLY clause of the CREATE USER statement, and then authenticated by Oracle Internet Directory (OID) currently in the same database.
However, you should be aware of the following drawbacks to using the operating system to authenticate users: ■
■
■
A user must have an operating system account on the computer that needs to be accessed. Not all users have operating system accounts, particularly non-administrative users. If a user has logged in using this method and steps away from the terminal, another user could easily log in because this user does not need any passwords or credentials. This could pose a serious security problem. When an operating system is used to authenticate database users, managing distributed database environments and database links requires special care. See Also: ■
■
Oracle Database Administrator's Guide for more information about authentication, operating systems, distributed database concepts, and distributed data management Operating system-specific documentation by Oracle Database for more information about authenticating by using your operating system
Using the Network to Authenticate Users You can authenticate users over a network by using Secure Sockets Layer with third-party services. ■
Authentication Using Secure Sockets Layer
■
Authentication Using Third-Party Services
Authentication Using Secure Sockets Layer The Secure Sockets Layer (SSL) protocol is an application layer protocol. You can use it for user authentication to a database, and it is independent of global user management in Oracle Internet Directory. That is, users can use SSL to authenticate to the database without a directory server in place. See Oracle Database Advanced Security Administrator's Guide for instructions about configuring SSL.
Authentication Using Third-Party Services You need to use third-party network authentication services if you want to authenticate Oracle Database users over a network. Prominent examples include Kerberos, PKI (public key infrastructure), the RADIUS (Remote Authentication Dial-In User Service), and directory-based services, as described in the following sections.
3-22
Oracle Database Security Guide