Re: OS authentication question

From: bdbafh <bdbafh_at_gmail.com>
Date: Wed, 16 Jan 2008 14:43:31 -0800 (PST)
Message-ID: <11be4e34-54ed-4310-bb44-1e7584622f4c@i12g2000prf.googlegroups.com>

On Jan 16, 4:23 pm, GS <G..._at_GS.com> wrote:
> Database is 9.2.0.8 running on W2K server, clients are windows xp pro
> running 9i client.
>
> We've not used OS authentication here for any databases yet, so this is
> relatively new to me. To make our SOX compliance easier we are thinking
> about going to OS authentication for a lot of our app's that run on
> Oracle databases, since our network passwords are now very stringent and
> the beancounters are saying the database passwords need to meet the same
> criteria, but if the users connect with the complex OS password then we
> are ok.
>
> So, on a test database I created a login for myself with the following:
>
> create user "ops$my_domain\my_network_username" identified externally;
> grant connect, create session et. to the new user (me)
>
> I enter "sqlplus /nolog" then "connect / @testdb" and I am in with no
> password, as expected. So far so good, so I take an existing user in the
> test database, and from EOM I highlight this user and choose create like
> so he will have the correct roles etc., then add
> "ops$my_domain\his_domain_username" in the database. We try from his
> machine to connect via sqlplus the same way I did, and I am getting
> invalid username/password errors. I double checked the new username I
> created for him and all looks fine.
>
> The servers sqlnet.ora file has SQLNET.AUTHENTICATION_SERVICES= (NTS), I
> thought I might need that on the client side too but my machine is
> SQLNET.AUTHENTICATION_SERVICES= (NONE) and I can connect ok. I am on my
> way back over to check his sqlnet.ora file, but is there something else
> I am missing here?
>
> thanks in advance

One could use an LDAP server for authenticating via the operating system, such as MS Active Directory.

Assuming that you're running Oracle Standard Edition (or Standard Edition One), try running the cost of an upgrade of the existing database server licenses to Enterprise Edition with the Advanced Networking Option (or is it the Advanced Security Option) at 50K USD per cpu.
If you're running on a quad core, dual cpu box that will run around 200K USD plus annual support and maintenance will scale accordingly.

Float a (list) cost of 300K per database server over a 5 year period at the bean counters and watch them change their tune.

Unfunded mandates can be fun.

-bdbafh Received on Wed Jan 16 2008 - 16:43:31 CST

This message: [ Message body ]
Next message: joel garry: "Re: can someone please explain what this blog tagging this is all about?"
Previous message: bdbafh: "Re: 10g listener configuration"
In reply to: GS: "OS authentication question"
Next in thread: GS: "Re: OS authentication question"
Reply: GS: "Re: OS authentication question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message