RE: database authentication by windows credentials

From: Stephens, Chris <>
Date: Tue, 13 Jan 2009 08:59:20 -0600
Message-ID: <>

I don't see anything in that document that specifies how to use AD user accounts to authenticate to an Oracle database. The section titled "Integration with Windows Login Credentials" lists the following two benefits:  

Integration with Windows Login Credentials

Oracle database and configuration tools can use the login credentials of the Windows user currently logged on to connect to Active Directory without having to re-enter the login credentials. This feature has two benefits:

  • Oracle clients and databases can securely connect to Active Directory and retrieve the net service name.
  • Oracle configuration tools can connect automatically to Active Directory and configure Oracle Database and net service name objects. The enabled tools include Oracle Net Configuration Assistant and Database Configuration Assistant.

Neither one of those allows me to use AD for user authentication.  

There is mention of interaction between Enterprise Users and Active Directory but after looking at the Enterprise User Administrator's Guide, it appears that OID and Kerberos (which implies Advanced Security Option) is necessary.  

C Integrating Enterprise User Security with Microsoft Active Directory

Enterprise users make use of Oracle Internet Directory, which is a part of the Oracle Identity Management infrastructure. If your organization uses a third party directory like Active Directory to store and manage user entries, then you can integrate it with Oracle Internet Directory to manage Enterprise User Security.

Kerberos authentication for enterprise users can make use of tickets issued by a kerberos Key Distribution Center (KDC) running on a Microsoft Windows domain controller.      

From: Jared Still [] Sent: Monday, January 12, 2009 5:20 PM
To: Stephens, Chris
Subject: Re: database authentication by windows credentials  

On Mon, Jan 12, 2009 at 12:56 PM, Stephens, Chris <> wrote:

        I was under the impression that the only way to integrate windows accounts with Oracle database authentication was to purchase the Advanced Security options and make use of the Kerberos stuff. The documentation seems to be misleading in this area. There is mention of being able to use WNA and that WNA functionality comes with the Oracle client though it seems that it only works with Windows NT and Windows 2000.

        I have yet to find a clear explanation of what my options are for this integration.

        Can anyone shed some light on this?          

This may help: tm#BGBEIIDH  

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

        This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by email reply.

Received on Tue Jan 13 2009 - 08:59:20 CST

Original text of this message