OS authentication allows Oracle to pass control of user authentication to the operating system. Non-priviliged OS authentication connections take the following form.
First, create an OS user, in this case the user is called "diego". Once you created that, if you try to login as sqlplus "/ as sysdba" it will fail:
The connections failed because we have not told Oracle the users are OS authenticated. To do this, we must create an Oracle user, but first we must check the value of the Oracle
Now we know the OS authentication prefix, we can create a database user to allow an OS authenticated connection. To do this, we create an Oracle user in the normal way, but the username must be the prefix value concatenated to the OS username. So for the OS user "tim_hall", we would expect an Oracle username of "ops$tim_hall" on a UNIX or Linux platform.
When a connection is attempted from the local database server, the OS username is passed to the Oracle server. If the username is recognized, the Oracle the connection is accepted, otherwise the connection is rejected.sqlplus / sqlplus /@service
First, create an OS user, in this case the user is called "diego". Once you created that, if you try to login as sqlplus "/ as sysdba" it will fail:
The connections failed because we have not told Oracle the users are OS authenticated. To do this, we must create an Oracle user, but first we must check the value of the Oracle
OS_AUTHENT_PREFIXinitialization parameter.As you can see, the default value is "ops$". If this is not appropriate it can be changed using theSQL> SHOW PARAMETER os_authent_prefix NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ os_authent_prefix string ops$ SQL>
ALTER SYSTEM command, but for now we will use this default value.Now we know the OS authentication prefix, we can create a database user to allow an OS authenticated connection. To do this, we create an Oracle user in the normal way, but the username must be the prefix value concatenated to the OS username. So for the OS user "tim_hall", we would expect an Oracle username of "ops$tim_hall" on a UNIX or Linux platform.
The situation is complicated slightly on Windows platforms as the domain or machine name forms part of the username presented to Oracle. On Windows platforms you would expect an Oracle username of "OPS$DOMAIN\TIM_HALL" for the Windows user "tim_hall".-- UNIX CREATE USER ops$diego IDENTIFIED EXTERNALLY; GRANT CONNECT TO ops$diego;
When using a Windows server, there is an additional consideration. The following option must be set in the "%ORACLE_HOME%\network\admin\-- Windows CREATE USER "OPS$ORACLE-BASE.COM\DIEGO" IDENTIFIED EXTERNALLY; GRANT CONNECT TO "OPS$ORACLE-BASE.COM\DIEGO";
With the configuration complete, now you can connect as that "diego" user.SQLNET.AUTHENTICATION_SERVICES= (NTS)
No comments:
Post a Comment