Re: Authentication w/o password?

Scott Overby wrote:
>
> Nathan Neulinger <nneul_at_umr.edu> wrote in article
> <5vmt5v$9hj$1_at_news.cc.umr.edu>...
> >
> > I am potentially going to be migrating a bunch of systems from an
> > Informix server to a Oracle server.
> >
> > Currently, authentication for the unix applications (which consist
> > primarily of perl scripts using isqlperl and DBD::Informix), is handled
> > using BSD authentication (verification using .rhosts and
 /etc/hosts.equiv)
> >
> > Is there a corresponding functionality in Oracle?
> >
> > Basically I need to be able to say:
> > If a user is from hosts A, B, or C, and claims to be USER1, and
> > the connection is from a secure port, trust that it really is USER1 and
> > log them into the database server as such.
> >
> > Alternatives are acceptable to me:
> > ident based authentication with a list of trusted hosts
> > authentication using an external process
> >

You can enable remote_os_authent in init.ora to turn OPS$ logins on and off. As noted this is a major hole unless some kind of host verification is in place.

To establish trusted hosts, use validnode checking for the sqlnet listener. Look in the sqlnet 2.3.x manual under protocol.ora. parameters, or do a search on "validnode". There's also an excluded nodes facility. One caveat is that ip numbers work better than names; I've found that putting names in the validnode list can crash the listener on solaris (sqlnet 2.3.2 or 2.3.3, I don't remember).

The advanced networking option includes kerberos and a few other authentication systems, along with nis and dce naming, etc. It costs extra. Received on Wed Sep 17 1997 - 00:00:00 CDT