Re: OS-authentification question

Peter Koch (koch_at_math.uni-duisburg.de) wrote: [...]
>I would like to force PC-users that log into our database to identify
>themselves by password, while at the same time unix-users that have
>already logged into the unix-host our database is running on are
>allowed to call "sqlplus /" without any further authentification.
>Unix-accounts and DB-accounts are of equal names and os_authent_prefix="".
>Is that possible?

Yes, as long as a given Oracle userid is used only one way or the other. In other words, UNIX user "joe" cannot logon as Oracle user "joe" (using "sqlplus /") and then later logon from a PC using "sqlplus joe/some_password_at_unixdb". This is because an Oracle userid is either IDENTIFIED EXTERNALLY or IDENTIFIED BY <password>, but not both.

To prevent PC users logging on with "/" you must not have REMOTE_OS_AUTHENT=TRUE in your init.ora file. The default for this parameter is FALSE. The control doesn't apply to PC users specifically, but to any user attempting to logon via Net.

Oracle8 is introducing new features in this area involving X.509 authentication mechanisms.

/b
--
Bill Manry - IBM Products Division - Oracle Corporation These are my opinions, not necessarily Oracle's. Remove "." from "B.Manry" to email me. Received on Tue Apr 21 1998 - 18:43:35 CDT