Re: SQLNET authorization question

From: <jl34778_at_corp02.d51.lilly.com>
Date: 12 Nov 93 22:26:38 EST
Message-ID: <1993Nov12.222638.1_at_corp02.d51.lilly.com>


In article <2962198356.1.p00775_at_psilink.com>, "David Trahan" <p00775_at_psilink.com> writes:
> Greetings!
>
> I'm familiar with using SQLNET between two VAXen over DECNET.
> When you use a tool on node MYVAX and connect to an instance on
> YOURVAX, a server process get's kicked off on my behalf on YOURVAX
> through which I communicate all SQL commands. The server process runs
> as "my" username since MYVAX and YOURVAX share an authorization database.
>
> How does this work if I'm connecting from a PC which obviously
> doesn't have the concept of a username? When I connect (say over
> TCP/IP), what username is used on the server to run my server process?
> Do I somehow have to specify an operating system username and password
> to login as? If so, where is this specified? Is the situation
> different on a Unix server?
>
>
You can specify the VAX userid/password in the connect string the same way that you would in a DECnet copy command.

$ SQLPLUS oraid/orapass_at_D:node"""vaxid vaxpass"""::"""TASK=ORDNDEV"""

The extra double quotes are required if you enter the command from DCL. If you are in SQLPLUS, you only need one double quote around the various strings.

You can also set up a DECnet object to map users to a default account, say SQLNET. You would use NCP to create the DECnet object. I don't remember the syntax of the command, but it basically tells DECnet the username, password, and command procedure to execute when someone invokes that object.

So, if you defined a DECnet object ORDNsid, the command

$ SQLPLUS oraid/orapass_at_D:node-sid

would be handled by creating a process owned by the default account. This allows you to require that your PC clients have ORACLE IDs, but not VAX IDs.

Note: You should NOT have an OPS$account defined in your ORACLE database for the default account. That would allow anyone to get in with a /.

I am not familiar with using DECnet under UNIX. We use TCP/IP for all our connections from UNIX boxes. Proxy logins are disabled, and all TCP/IP connections are mapped to the same SQLNET account that we use for the DECnet connections.

-- 
Bob Swisshelm                | swisshelm_at_Lilly.com     | 317 276 5472
Eli Lilly and Company        | Lilly Corporate Center  | Indianapolis, IN 46285
Received on Sat Nov 13 1993 - 04:26:38 CET

Original text of this message