Re: SQL*Net and logging-on to a database server

From: Karel Sprenger <ks_at_ic.uva.nl>
Date: Wed, 9 Mar 1994 13:54:03
Message-ID: <ks.15.000DE6AB_at_ic.uva.nl>

In article <fragante.763158491_at_unixg.ubc.ca> fragante_at_unixg.ubc.ca (Gv Fragante) writes:

>We are establishing a client-server model with Oracle7 in Sun machines and
>OracleTools in PC and Mac platforms. We use SQL*Net V1.1.x to establish the
>connection.

>In the Oracle7 database, users are created with the OPS$ naming convention.
>As everyone knows, this makes things simpler for the users to log onto Oracle
>by just entering "/" at the log-on screen.

>Now in our client front-ends (ie. Forms V4.0), when we attempt to connect to
>the database server, it does not recognize the "/" anymore. I know this is
>an operating system-specific problem, but does anyone know a workaround so
>that the users don't have to specify OPS$<name> and the password? In all cases
>at our installation, the users don't even know what password the DBA assigned
>to their OPS$<name> account because the DBA wanted to keep things "transparent"
>as possible.

>I know there is a SQLNET_USERNAME parameter in the SQL*Net configuration files,
>but this strongly lacks any security measures.

>At the minimum, we would like the users to enter their Unix (ie. Sun machine)
>name and password at the Oracle log-on screen, and this in turn should
>activate the corresponding OPS$<name> in the Oracle7 database.

OPS$ accounts do NOT have an associated ORACLE password. In fact the password entry in the DBA_USERS table is set to "EXTERNAL" and God knows what password has to be entered to result in "EXTERNAL" after ORACLE's encryption.

OPS$ accounts should not be used in Client/Server settings such as yours. There is a server configuration parameter that would allow this, but given the inherent insecurity of the DOS/Windows platform you should leave this parameter as it is now. The parameter is intended for situations where you want to do c/s with the client on a Unix system for instance. Under DOS/Windows users do NOT login, so they don't have an operating system username.

The best you can do is to provide ORACLE username/password combinations for every user. It's perfectly OK to use the Unix usernames, i.e., to have both OPS$KAREL and KAREL in the DBA_USERS table. The second entry will have a "normal" ORACLE password, the first one will have "EXTERNAL".

Hope this helps.

Regards,
Karel

| Karel Sprenger                              | Email: ks_at_ic.uva.nl    |
| Informatiseringscentrum                     | phone: +31-20-525 2302 |
| Universiteit van Amsterdam                  |        +31-20-525 2741 |

This message: [ Message body ]
Next message: Tommy Wareing: "Re: Parameters in PRO*C functions"
Previous message: John Novak: "Re: Oracle access trough Excel"
In reply to: Gv Fragante: "SQL*Net and logging-on to a database server"
In reply to Gv Fragante: "SQL*Net and logging-on to a database server"
Next in thread: Tommy Wareing: "Re: Parameters in PRO*C functions"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message