If you would like to know more about the iDevelopment.info Newsletter, please email me.
Oracle OS Authentication (16-July-2012)
The most common method for logging in to an Oracle database is by username and password. A database user is created by using the CREATE USER statement as follows: CREATE USER username IDENTIFIED BY password; This creates a database user, associated with a user schema, who can access the database and be authenticated by using a password with the CONNECT command as follows: CONNECT username@database_service_name Enter Password: password The following guide provides an alternative to the username / password method by using OS Authentication. OS authentication allows Oracle to delegate control of user authentication for the database to the operating system. Although OS authentication has been widely used over the years, there are potential security risks to be aware of before implementing it in a production environment. In fact, when using Oracle Database 10g Release 2 or higher, a better and more secure approach uses a client-side Oracle Wallet which is a password store external to the database used to store Oracle login credentials. OS authentication is a method which identifies users by the credentials supplied by the OS and then uses that information to allow authentication to the database without a password. These credentials can be the username and password supplied to the OS or digital certificates on the user's computer. A password is not required for a database connection because it is assumed the OS has already taken care of authenticating the user. One thing to keep in mind though is that database connections relying on OS authentication are only be as secure as the underlying OS. This guide presents instructions on how to configure Oracle for OS authentication along with several examples on how to use it. http://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_13.shtml ---------------------------- Jeffrey M. Hunter, OCP Sr. Database Administrator email@example.com http://www.idevelopment.info ----------------------------