Newsletters Archive - All

If you would like to know more about the Newsletter, please email me.

  Oracle OS Authentication — (16-July-2012)

The most common method for logging in to an Oracle database is by username and 
password. A database user is created by using the CREATE USER statement as 

CREATE USER username IDENTIFIED BY password;

This creates a database user, associated with a user schema, who can access the 
database and be authenticated by using a password with the CONNECT command as 

CONNECT username@database_service_name
Enter Password: password

The following guide provides an alternative to the username / password method 
by using OS Authentication. OS authentication allows Oracle to delegate control 
of user authentication for the database to the operating system. Although OS 
authentication has been widely used over the years, there are potential 
security risks to be aware of before implementing it in a production 
environment. In fact, when using Oracle Database 10g Release 2 or higher, a 
better and more secure approach uses a client-side Oracle Wallet which is a 
password store external to the database used to store Oracle login credentials.

OS authentication is a method which identifies users by the credentials 
supplied by the OS and then uses that information to allow authentication to 
the database without a password. These credentials can be the username and 
password supplied to the OS or digital certificates on the user's computer. A 
password is not required for a database connection because it is assumed the OS 
has already taken care of authenticating the user. One thing to keep in mind 
though is that database connections relying on OS authentication are only be as 
secure as the underlying OS.

This guide presents instructions on how to configure Oracle for OS 
authentication along with several examples on how to use it.

Jeffrey M. Hunter, OCP
Sr. Database Administrator