Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.server -> Re: hide password for client sessions
"John Leslie" <johnleslie_at_madasafish.com> wrote in message
news:4412dd31.0403150218.4d04be9e_at_posting.google.com...
> <<It requires no O/S setup>>
>
> Doesn't it a least require a unix account with the same name?
>
> John
No.
Here's a test of me on my Windows XP laptop client and my Linux Advanced Server 3 10g machine.
SQL> create user Howard identified externally;
User created.
SQL> grant create session to Howard;
Grant succeeded.
C:\Documents and Settings\Howard>sqlplus /@lx10
SQL*Plus: Release 9.2.0.1.0 - Production on Mon Mar 15 22:38:21 2004
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - Production
With the Partitioning, OLAP and Data Mining options
The only other catch is to get a client to log in using normal username/password authentication, and query the OSUSER column in v$session. If you can see their real (O/S) username in that, like this:
SQL> select username, osuser from v$session;
USERNAME OSUSER ------------------------------ ------------------------------ DBSNMP oracle SYSTEM Howard
...then this technique will work for you. Trouble might start, I guess, if you do connection multiplexing via an application server or similar shennanigans.
Regards
HJR
>
> "Howard J. Rogers" <hjr_at_dizwell.com> wrote in message
news:<4051a485$0$3956$afc38c87_at_news.optusnet.com.au>...
> > "John Leslie" <johnleslie_at_madasafish.com> wrote in message
> > news:4412dd31.0403120110.63bd27b9_at_posting.google.com...
> > > For security reasons I do not want my users to specify a password to
> > > an oracle user when starting an application on their PC. The
> > > application connects using Oracle 9.2 client. Can I default the
> > > password somewhere...in the sqlnet.ora file or somewhere?
> > >
> > > N.B. using OS authentication is not an oprion.
> >
> >
> > Why? O/S authentication is, of course, nothing of the sort. O/S
> > authentication for ordinary users (create user fred identified
externally)
> > ultimately ends up being data dictionary authentication, with Oracle
merely
> > confirming that the O/S user has an entry in the data dictionary.
> >
> > It requires no O/S setup, if that was your concern, unlike the true O/S
> > authentication that exists for privileged users (connect / as sysdba),
which
> > requires O/S groups and memberships of said groups to be set up
correctly.
> >
> > Regards
> > HJR
Received on Mon Mar 15 2004 - 05:43:29 CST
![]() |
![]() |