Re: Connecting as internal across SQL*Net v1.
Date: 12 Dec 1994 21:44:50 GMT
Message-ID: <jwheat-1212941647340001_at_47.22.160.113>
In article <RWESSMAN.94Dec12075941_at_rwessman.us.oracle.com>, rwessman_at_rwessman.us.oracle.com (Rick Wessman) wrote:
> In article <3c63fj$l96_at_fang.dsto.gov.au> dip_at_mod.dsto.gov.au (David) writes:
>
> >
> >Oracle v7.1.3
> >SQL*Net v1
> >SunOS 4.1.3
> >
> >Hi All,
> >
> >I'm having a few problems connecting as internal over SQL*Net 1
> >and since Oracle support don't seem to have a solution I'm just
> >wondering if anyone of you out there may have had the same
> >problem and knows how to solve it.
> >
> >The problem is when trying to connect as internal over the
> >network (SQL*Net 1) I get the error:
> >
> > SQLDBA> connect internal
> > Password:
> > ORA-01031: insufficient privileges
> >
> >If though I'm on the server running Oracle and the enviroment
> >variable TWO_TASK is unset I am able to connect as internal
> >(and no password is prompted for).
>
> If you are using a SQL*Net protocol which is determined to be
> non-secure, then Oracle will prompt you for a password because it cannot
> determine securely that you can become the DBA. If the TWO_TASK variable
> is not set, the default is to use the pipe driver. Since the Oracle
> server is the child of the client, it is possible for the server to
> determine the user ID of the client securely. It can then consult the
> operating system to see if you can become the DBA.
>
> >
> >I have set the remote_os_authent and remote_os_roles oracle
> >variables to be true in the init.ora file for the db and
> >shutdown and restarted the db but still no luck.
> For "normal" (non-DBA) users, this will work. But, because the
> "internal" user is so powerful, it won't.
We're experiencing a challenge of a slightly different nature. We wish to connect Mac's and PC's to a HP Server using SQL*NET V1 (1.1 on the server and 1.5 on the clients).
We currently use Security Dynamics/ACE SecurID cards to authenticate telnet sessions.
Please post your replies to this group.
Thanks, in advance
Jon Wheat Received on Mon Dec 12 1994 - 22:44:50 CET