Re: Bequeath connections

From: Maxim Demenko <>
Date: Fri, 29 Jan 2010 20:10:57 +0100
Message-ID: <4b6332bf$0$6591$>

On 29.01.2010 18:17, joel garry wrote:
> On Jan 29, 1:47 am, Shakespeare<> wrote:
>> Op 29-1-2010 3:30, vsevolod afanassiev schreef:> Thanks for this information. It seems that there are 4 lines in this
>>> view for each session.
>>> If session connected through listener then first line has
>>> network_service_banner = 'TCP/IP NT Protocal Adapter'
>>> If session connected through Bequeath then first line has
>>> network_service_banner = 'Oracle Bequeath Network Protocol Adapter'
>>> What's about next 3 lines? They start from 'Oracle Advanced
>>> Security...' - I thought that
>>> Advanced Security is separately licensed option - and we don't even
>>> install it!
>> Then maybe your DBA forgot to deactivate it. If you don't do so, the
>> License Police may require you to pay the license.... even if you NEVER
>> used it.
>> Shakespeare
> Hmmm, I see the four entries per connection, but I don't see anything
> about Advanced Security in DBA_FEATURE_USAGE_STATISTICS or V_$OPTION
> (
> Maybe this is evidence of one of those things that are there for
> Oracle internal usage but not generally seen unless you install it? I
> don't have an Advanced Security to check. Given the high visibility
> of security issues, I would hope the base product would be secure...
> jg
> --
> is bogus.
> The perfectability of spam

Afaik, in the base product secured is only password transfer, nothing more, if you want your data to be transferred secure, you'll need either use secure channel (ipsec,tunnel over ssh,etc) or enable advanced security option. To my knowledge, ASO is installed, if you select enterprise edition, you can only deselect it if you choose custom install. The fact, that it is not reflected in dba_feature_usage_statistics is explained in the Note 843077.1 <quote>
The code changes in has isolated Oracle Advanced Security options as a set of adapters rather than feature in the database , due to which ASO should not be seen in DBA_FEATURE_USAGE_STATISTICS itself . </quote>
However, due to bug 5475037 it still may be shown there.

Whether the ASO is installed, can be verified with the shell script adapters, which yield output similar to

oracle$ adapters

Installed Oracle Net transport protocols are:


Installed Oracle Net naming methods are:

     Local Naming (tnsnames.ora)
     Oracle Directory Naming
     Oracle Host Naming

    Error!!! Oracle Names Server Naming is not completely installed!

Installed Oracle Advanced Security options are:

     RC4 40-bit encryption
     RC4 56-bit encryption
     RC4 128-bit encryption
     RC4 256-bit encryption
     DES40 40-bit encryption
     DES 56-bit encryption
     3DES 112-bit encryption
     3DES 168-bit encryption
     AES 128-bit encryption
     AES 192-bit encryption
     AES 256-bit encryption
     MD5 crypto-checksumming
     SHA-1 crypto-checksumming
     Kerberos v5 authentication
     RADIUS authentication

I think, to install ASO is not a violation against license terms, if it is not used, however i'm not sure, how oracle track the usage of it (as opposite to options in dba_feature_usage_statistics).

To deinstall ASO the most straightforward way would be via launch runInstaller.
There is a Note 1020065.102 which describes, how to remove all external references to authentication adapters for Oracle 7.3, which basically consists of regeneration of nautab.o (the script genautab produces the code) and recompilation all oracle components (rdbms, network, etc), but, it seems, genautab is no more included since oracle 9i (in Oracle 8i it is still here), and, maybe the process doesn't fully apply to recent Oracle versions, so the Oracle Installer would be the right choice.

Best regards

Maxim Received on Fri Jan 29 2010 - 13:10:57 CST

Original text of this message