Re: t have two problemms about oracle authentication,can you help me?
Date: 24 Jul 2006 00:10:35 -0700
Message-ID: <1153725035.612437.296220_at_i3g2000cwc.googlegroups.com>
Dave wrote:
> ldd600_at_163.com wrote:
> > Sybrand Bakker wrote:
> >> On 19 Jul 2006 23:24:14 -0700, ldd600_at_163.com wrote:
> >>
> >>> -----------------------------------------------------------------------------------------------------------------
> >>> Can you explain what "not possile and Oracle Advanced Networking
> >>> Option" means for me? I am confused.
> >> I don't think I'm going to waste more time on this.
> >> Either you should express yourself completely or succinctly, or you
> >> should not post at all. You shouldn't however, change the rules of the
> >> game and complain you are confused.
> >> I am as much as confused as you because your question didn't make
> >> sense. There is no such concept as 'lock a role'.
> >> Everyone can juggle with different sessions of the same user; in the
> >> end it is the same user, with the same properties.
> >>
> >> --
> >> Sybrand Bakker, Senior Oracle DBA
> > Bakker, I'm so sorry, because english is not my native language,and my
> > english is very poor. I have tried my best to express myself more
> > clearly. I don't use the word "confused" to complain about something,
> > I just used it to express that I didn't understand something.
> >
> > I just want to specify some roles to be enabled for the current
> > session. Any roles not listed are disabled for the current session.
> >
>
> I don't think language is the issue here. "client identifier such as
> ic card's number" isn't going to make any sense regardless of the
> language in which it is expressed unless "ic card's number" is a local
> idiom. I've no idea what an ic is, I know what an IC is; that's short
> for Integrated Circuit, but as far as I know "ic" isn't an English word.
>
> (quick sanity check performed with
> http://www.answers.com/main/ntquery?gwp=13&s=ic )
>
> Password protected roles might do what you want. But this will most
> likely require the application to be modified. One thing I don't
> understand though: if you can't modify the application, how are you
> planning to transmit the "ic card" info to the database?
>
> I'm not sure what the Advanced Networking Option is called in 10g; the
> 8.0 ANO docs are on Oracle Technet; the following link might work:
> http://download.oracle.com/docs/cd/A64702_01/doc/network.805/a58229/ch1.htm#740291
> The DCE stuff (picked as an example of stuff documented in the 8.0 ANO
> doc) is also covered in the 10g doc:
> http://download.oracle.com/docs/cd/B14117_01/network.101/b10772/toc.htm
> This is possibly the doc Sybrand thinks you should read.
>
> If you're reading this Sybrand, my feeling is that he wants to connect
> to Oracle with username, password and something, then have the logon
> trigger act on that something to set the roles for the session.
> Pointing him to ANO suggests you think this is possible, but ANO appears
> to be quite a large area so could you give one or two more clues, or
> possibly even a direct chapter reference? I've scanned the contents but
> nothing seems to jump out at me, and I haven't really got the time to
> read the whole manual in detail.
>
> Rereading the following: "That means restricting db_user's privileges
> and roles only in the session ,but not revoking them from the db_user.
> In this way, another user who uses a different ic card but the same
> oracle account db_user can get more privileges and roles in his session."
>
> To use password protected roles you'd need some way of translating an
> "ic card" into a role name and password. The application would connect
> to the Oracle schema then select the roles for which it has that info.
> This way you'd probably get the behaviour you want, if my understanding
> is correct.
>
> "The privileges and roles have granted to the db_user before."
>
> But in this solution the privileges and roles would NOT have been
> granted to the db_user; they would be chosen by the application after
> connect based on the translation from the "ic card" information.
>
> This is all based on guesswork, so if I'm way off mark, you definitely
> need to provide a full and detailed explanation of exactly what you
> want, preferably after reading several Oracle manuals which should AT
> LEAST include the Oracle Database Concepts manual so that you have an
> idea of what terminology to use. Correct terminology is absolutely
> vital to clear communication, particularly when sales droids like
> muddying the waters by inventing their own words that are vague and
> often misleading (Microsoft's overuse of the .Net buzzword a couple of
> years ago is a prime example, leading people to all sorts of silly
> questions like "is my toaster .Net compatible, because listening to
> Microsoft it sounds like my house will implode if it isn't")
>
> Dave.
Thanks Dave
We don't have Authentication Server ,so we can't use Advanced Networking Option.The authentication and authorization must be done by the logon trigger within oracle server.
[Quoted] Environment variables such as IP address, hostname etc are transmitted to Oracle server by SQL*NET or NET8 protocol,I want to know whether I can transmit the token of IC to Oracle in the same way. Received on Mon Jul 24 2006 - 09:10:35 CEST