Re: Connecting as internal across SQL*Net v1.

In article <3c63fj$l96_at_fang.dsto.gov.au> dip_at_mod.dsto.gov.au (David) writes:

>
>Oracle v7.1.3
>SQL*Net v1
>SunOS 4.1.3
>
>Hi All,
>
>I'm having a few problems connecting as internal over SQL*Net 1
>and since Oracle support don't seem to have a solution I'm just
>wondering if anyone of you out there may have had the same
>problem and knows how to solve it.
>
>The problem is when trying to connect as internal over the
>network (SQL*Net 1) I get the error:
>
> SQLDBA> connect internal
> Password:
> ORA-01031: insufficient privileges
>
>If though I'm on the server running Oracle and the enviroment
>variable TWO_TASK is unset I am able to connect as internal
>(and no password is prompted for).

If you are using a SQL*Net protocol which is determined to be non-secure, then Oracle will prompt you for a password because it cannot determine securely that you can become the DBA. If the TWO_TASK variable is not set, the default is to use the pipe driver. Since the Oracle server is the child of the client, it is possible for the server to determine the user ID of the client securely. It can then consult the operating system to see if you can become the DBA.

>
>I have set the remote_os_authent and remote_os_roles oracle
>variables to be true in the init.ora file for the db and
>shutdown and restarted the db but still no luck.
For "normal" (non-DBA) users, this will work. But, because the "internal" user is so powerful, it won't.

                                Rick
                                Rick Wessman
                                Network Management Products
                                Server Techologies
                                Oracle Corporation
                                rwessman_at_us.oracle.com