Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 9i and Active Directory - SSO

Re: Oracle 9i and Active Directory - SSO

From: Kashish <kashish_at_rocketmail.com>
Date: 3 Dec 2004 13:13:03 -0800
Message-ID: <5531250b.0412031313.36bcfb53@posting.google.com>


Gerry,

Thanks for the reply.

I agree that we Remote Authentication isn't advised.

However, per Oracle manuals, the second flavor of WNA (Windows Native Authentication) internally uses Kerberos if the Server is integrated with Active Directory - but that requires Enterprise User and Role setup with AD.

What I am looking for is simply a Single Sign On without creating whole lot of schema objects with AD. If Oracle Server running on Windows platform can talk to AD using Kerberos, then we would achieve SSO as the user does not have to sign on again.

I was trying to make it run on Windows and it keeps coming up with ORA-12638 error.

Any further assistance will be greatly appreciated.

Cheers!

"Gerry Sinkiewicz" <sinkiege_at_snet.net> wrote in message news:<XZOrd.1534$nE7.756_at_newssvr17.news.prodigy.com>...
> "Kashish" <kashish_at_rocketmail.com> wrote in message
> news:5531250b.0412011545.d313ae_at_posting.google.com...
> > Can anyone describe what are the options for integrating Oracle 9i
> > with MS Active Directory for Single Sign On?
> >
> > The configuration we have is:
> > 1) Win 2K Active Directory.
> > 2) a) Oracle 9i Servers on Win 2K.
> > b) Oracle 9i Servers on Unix.
> >
> > What is the difference between Windows Native Authenctication (that
> > internally uses Kerberos) and Oracle Advanced Security with Kerberos?
> >
> > Thanks in advance for your help.
>
> MS Active Directory is an LDAP.
> If you use remote OS authentication and externally authenticated Oracle user
> IDs (hehe),
> then you would not need Oracle Advanced Security.
> But since most would advise against both items I mentioned above, the answer
> is Advanced
> Security with Kerberos, which I suppose would authenticate via the MS AD,
> and be more
> secure than those two items that can be "spoofed".
>
> Oracle Advanced Security with Kerberos would talk to the MS AD without
> regard to platform
> (Unix or Windows).
>
> As for single signon, if you require just one entry of password, then it is
> time to read the manuals.
Received on Fri Dec 03 2004 - 15:13:03 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US