RE: os authenticated accounts

  • From: "Powell, Mark D" <mark.powell@xxxxxxx>
  • To: <oracle-l@xxxxxxxxxxxxx>
  • Date: Tue, 4 Mar 2008 14:02:30 -0500

 
I have always preferred to set the os_authent_prefix='' rather than
OPS$.

I am not sure if trying to limit the node access is practical since I do
not think the node checking can be associated to usernames in the sqlnet
layer.  You might need to resort to checking the IP for any OS
authenticated accounts in an after logon database event trigger.


-- Mark D Powell --
Phone (313) 592-5148


-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of QuijadaReina, Julio
C
Sent: Tuesday, March 04, 2008 9:52 AM
To: 'mdemenko@xxxxxxxxx'; joe_dba@xxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: RE: os authenticated accounts

Yes, it is possible.
The following parameters on your database init.ora relating to this are
(if my memory serves me correctly):
remote_os_authent=true
os_authent_prefix=ops$

Create the account you will use on your Linux box. Then create the
externally identified account on your database. From your Linux client
you should be able to connect by issuing 'sqlplus /' after setting the
client environment.

A word of caution: anyone knowing your database tnsnames and the name of
the account could potentially connect to your database. That sounds
pretty bad! You might want to look into tcp.validnode_checking and
tcp.invited_nodes pars on your server's sqlnet.ora and/or have the OS
firewall setting that opens the listener port only to your linux client.

Julio

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Maxim Demenko
Sent: Tuesday, March 04, 2008 1:05 AM
To: joe_dba@xxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: os authenticated accounts

Joe Smith schrieb:
> Is it possible to use OS authenticated accounts ( i.e. identified 
> externally ) between two servers?
>
> I have a linux box with with an oracle client install and an aix 
> server with EE installed.
>
> The external account was originally on the aix server.  We want to 
> move the 3rd party app and the account to a linux box.
>
> thanks.
>
>
> ----------------------------------------------------------------------
> -- Shed those extra pounds with MSN and The Biggest Loser! Learn more.
> <http://biggestloser.msn.com/>
You may look on the external users identified by ssl certificates (if
you are on 10g onwards).
Not sure about additional licensing costs (i.e. whether it is part of
ASO or not).

Best regards

Maxim
--
//www.freelists.org/webpage/oracle-l


--
//www.freelists.org/webpage/oracle-l


--
//www.freelists.org/webpage/oracle-l

Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 03-2008