Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: hide password for client sessions

Re: hide password for client sessions

From: Howard J. Rogers <hjr_at_dizwell.com>
Date: Mon, 15 Mar 2004 22:43:29 +1100
Message-ID: <405596ec$0$31904$afc38c87@news.optusnet.com.au> 






"John Leslie" <johnleslie_at_madasafish.com> wrote in message
news:4412dd31.0403150218.4d04be9e_at_posting.google.com...


> <<It requires no O/S setup>>

>

> Doesn't it a least require a unix account with the same name?

>

> John





No.



Here's a test of me on my Windows XP laptop client and my Linux Advanced
Server 3 10g machine.



SQL> create user Howard identified externally;



User created.



SQL> grant create session to Howard;



Grant succeeded.





On the client:



C:\Documents and Settings\Howard>sqlplus /@lx10



SQL*Plus: Release 9.2.0.1.0 - Production on Mon Mar 15 22:38:21 2004



Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.




Connected to:


Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - Production
With the Partitioning, OLAP and Data Mining options





Now I can assure you that the Linux box only has accounts for root and
oracle, not Howard. So no, you don't need to set up Unix accounts to make
this work. The only thing I did to make it all happen was to set
OS_AUTHENT_PREFIX="" in the init.ora. I also set REMOTE_OS_AUTHENT=true.



The only other catch is to get a client to log in using normal
username/password authentication, and query the OSUSER column in v$session.
If you can see their real (O/S) username in that, like this:



SQL> select username, osuser from v$session;


USERNAME                       OSUSER
------------------------------ ------------------------------
DBSNMP                         oracle
SYSTEM                         Howard





...then this technique will work for you. Trouble might start, I guess, if
you do connection multiplexing via an application server or similar
shennanigans.



Regards


HJR





>

> "Howard J. Rogers" <hjr_at_dizwell.com> wrote in message

news:<4051a485$0$3956$afc38c87_at_news.optusnet.com.au>...


> > "John Leslie" <johnleslie_at_madasafish.com> wrote in message

> > news:4412dd31.0403120110.63bd27b9_at_posting.google.com...

> > > For security reasons I do not want my users to specify a password to

> > > an oracle user when starting an application on their PC. The

> > > application connects using Oracle 9.2 client. Can I default the

> > > password somewhere...in the sqlnet.ora file or somewhere?

> > >

> > > N.B. using OS authentication is not an oprion.

> >

> >

> > Why? O/S authentication is, of course, nothing of the sort. O/S

> > authentication for ordinary users (create user fred identified

externally)


> > ultimately ends up being data dictionary authentication, with Oracle

merely


> > confirming that the O/S user has an entry in the data dictionary.

> >

> > It requires no O/S setup, if that was your concern, unlike the true O/S

> > authentication that exists for privileged users (connect / as sysdba),

which


> > requires O/S groups and memberships of said groups to be set up

correctly.


> >

> > Regards

> > HJR


Received on Mon Mar 15 2004 - 05:43:29 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US