Home » RDBMS Server » Security » How to authenticate a user by OS
How to authenticate a user by OS [message #411049] Wed, 01 July 2009 12:52 Go to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
Dear All ,

I want to know , how to create an oracle user which is authenticated externally by an operating system ..

create user <username> identified externally

But i want to know how i can test that whether user is able to be identified externally because when i login with this user in sql/plus, it still asks for a password .

Kindly help .
Re: How to authenticate a user by OS [message #411051 is a reply to message #411049] Wed, 01 July 2009 13:24 Go to previous messageGo to next message
Michel Cadot
Messages: 59072
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
How do you connect?
Use SQL*Plus and copy and paste your session.

Before please read OraFAQ Forum Guide, especially "How to format your post?" section.
Make sure that lines of code do not exceed 80 characters when you format.
Indent the code (See SQL Formatter), use code tags and align the columns in result.
Use the "Preview Message" button to verify.
Also always post your Oracle version (4 decimals).

Regards
Michel
Re: How to authenticate a user by OS [message #411052 is a reply to message #411049] Wed, 01 July 2009 13:25 Go to previous messageGo to next message
Michel Cadot
Messages: 59072
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Database Concepts
Chapter 20 Database Security
Section Overview of Authentication Methods

Regards
Michel
Re: How to authenticate a user by OS [message #411081 is a reply to message #411049] Wed, 01 July 2009 18:51 Go to previous messageGo to next message
BlackSwan
Messages: 22779
Registered: January 2009
Senior Member
You need to help us by following the Posting Guidelines as stated below.
http://www.orafaq.com/forum/t/88153/0/

The Posting Guideline direct you to SEARCH before posting!

http://www.orafaq.com/search?keys=identified%20externally

The Posting Guidelines direct you to Read The Fine Manual before posting!

http://download.oracle.com/docs/cd/B19306_01/server.102/b14231/dba.htm#sthref155
Re: How to authenticate a user by OS [message #411720 is a reply to message #411081] Mon, 06 July 2009 07:48 Go to previous messageGo to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
Hi,

I had gone through the guide
and did the following steps.

1.There was an OS user in the ORA_DBA
group named 'oraadmin'

2.I have created an oracle user using
Create user "OPS$DOMAIN.NAME/ORAADMIN" identifed externally

3.Grant create session to "OPS$DOMAIN.NAME/ORAADMIN"

4. sqlplus /nolog

5. conn /

It got connected and worked fine .

But the problem i am facing is when i created a new OS user
and assugned this user the ORA_DBA group.

Whenever i run the query
select sys_context('userenv','os_user') from dual;

It always shows the DOMAIN.NAME/ORAADMIN but now
my user is something else.

How to go about it ?
Re: How to authenticate a user by OS [message #411768 is a reply to message #411720] Mon, 06 July 2009 11:42 Go to previous messageGo to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
Any idea about this problem ??
Re: How to authenticate a user by OS [message #411769 is a reply to message #411049] Mon, 06 July 2009 11:51 Go to previous messageGo to next message
BlackSwan
Messages: 22779
Registered: January 2009
Senior Member
You need to help us by following the Posting Guidelines as stated below.
http://www.orafaq.com/forum/t/88153/0/
Go to the URL above click the link "Posting Guidelines"
Go to the section labeled "Practice" & do as directed.
Re: How to authenticate a user by OS [message #411868 is a reply to message #411769] Tue, 07 July 2009 03:56 Go to previous messageGo to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
I am having one more issue now Sad

Whenever i create a user which is
already present in OS and present in
ORA_DBA group, it can log in with / without
password. How and Why ?

For eg -

I have a user ORAADMIN in OS

create user "OPS$DOMAIN.NAME\ORAADMIN" identified by test


sqlplus conn /

connected

It shows connected even though i never told it
to be identified externally
???
Re: How to authenticate a user by OS [message #411875 is a reply to message #411868] Tue, 07 July 2009 04:08 Go to previous messageGo to next message
Michel Cadot
Messages: 59072
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Because you are in the ORA%DBA OS group and you fit the external name convention (OPS$ by default).
It is explained in the link I posted you, so please read it.

Regards
Michel

[Updated on: Tue, 07 July 2009 04:09]

Report message to a moderator

Re: How to authenticate a user by OS [message #411893 is a reply to message #411049] Tue, 07 July 2009 04:47 Go to previous messageGo to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
Dear Michel,

Thanks for the solution.

I did go through the link you have posted.
Beacuse of that only i was able to configure external
authentication.

I had one more question sir, when i create a new OS user and
put it in ORA_DBA group and run the following command

create user "OPS$TCS091000\OSUSERTEST" identified externally; 


 SQL> conn /
ERROR:
ORA-01017: invalid username/password; logon denied


Why its not allowing to log in to oracle
Re: How to authenticate a user by OS [message #411900 is a reply to message #411893] Tue, 07 July 2009 04:58 Go to previous messageGo to next message
Michel Cadot
Messages: 59072
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Something wring in your environment. As I don't have it I can't say what.
All is explained in the documentation, if you follow it everything runs fine.
Also have a look to Windows specific doc.

Regards
Michel
Re: How to authenticate a user by OS [message #411903 is a reply to message #411049] Tue, 07 July 2009 05:05 Go to previous messageGo to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
Thanks
Michel
Re: How to authenticate a user by OS [message #411919 is a reply to message #411049] Tue, 07 July 2009 05:23 Go to previous messageGo to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
Hi ,

Can we switch between various authentication mechanisms using
Alter user command ?

- Is there any Parameter with which we can identify that
the particular user is identified by password or external?


Regards
Suren
Re: How to authenticate a user by OS [message #411942 is a reply to message #411919] Tue, 07 July 2009 05:56 Go to previous messageGo to next message
Michel Cadot
Messages: 59072
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
1/ ALTER USER
2/ DBA_USERS.PASSWORD

Regards
Michel
Re: How to authenticate a user by OS [message #411957 is a reply to message #411049] Tue, 07 July 2009 06:10 Go to previous messageGo to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
Dear Michel,

The password is set for the user who is identified externally as well.

How password can be used to distinguish ?

SQL> create user external identified by externally;

User created.

SQL> select password from dba_users where username='EXTERNAL';

PASSWORD
------------------------------
F9F3AAA4601751D8



and more thing, if we have more then 1 externally authenticated
users, then how to connect as we use only conn / which
connects to any externally authenticated user .


Thanks
Suren
Re: How to authenticate a user by OS [message #411962 is a reply to message #411957] Tue, 07 July 2009 06:15 Go to previous messageGo to next message
Michel Cadot
Messages: 59072
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Your create user syntax is wrong to create a user "identified externally".

Regards
Michel
Re: How to authenticate a user by OS [message #411985 is a reply to message #411049] Tue, 07 July 2009 06:46 Go to previous messageGo to next message
surenhr
Messages: 45
Registered: August 2007
Location: gurgoan
Member
Thanks,
I got the issue with the command.

But what about

if we have more then 1 externally authenticated
users, then how to connect as we use only conn / which 
connects to any externally authenticated user . How to connect 
to a particular externally authenticated user



Thanks,
Suren
Re: How to authenticate a user by OS [message #412008 is a reply to message #411985] Tue, 07 July 2009 07:32 Go to previous messageGo to next message
Michel Cadot
Messages: 59072
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
How to connect
to a particular externally authenticated user

OS connect with this user.
This is the base principle of "externally identified".

Regards
Michel
Re: How to authenticate a user by OS [message #419136 is a reply to message #412008] Thu, 20 August 2009 00:44 Go to previous messageGo to next message
russmart
Messages: 5
Registered: August 2009
Junior Member
Didn't know this was possible... thanks!
Re: How to authenticate a user by OS [message #419137 is a reply to message #411049] Thu, 20 August 2009 00:44 Go to previous message
russmart
Messages: 5
Registered: August 2009
Junior Member
Will this work on mobile devices too?
Previous Topic: how to know the sec_relevant_cols
Next Topic: SYSTEM schema security
Goto Forum:
  


Current Time: Mon Sep 15 20:40:14 CDT 2014

Total time taken to generate the page: 0.09768 seconds