Re: Authentication Problem
- From: "Jack van Zanen" <jack@xxxxxxxxxxxx>
- To: "Jared Still" <jkstill@xxxxxxxxx>
- Date: Tue, 5 Feb 2008 09:15:11 +1100
Hi Jared,
I agree with you on the security issue, but sometimes it is a requirement to
have this possibility.
If you create the database user with domain name as well doesn't this make
it a bit more secure, as this is more difficult to create such a user on
windows (not a windows admin so could be wrong)?
Jack
On 05/02/2008, Jared Still <jkstill@xxxxxxxxx> wrote:
>
> On Jan 30, 2008 6:53 PM, Jack van Zanen <jack@xxxxxxxxxxxx> wrote:
>
> >
> > When creating the domain user in the database you use double quotes (
> > "OPS$<domainname>\<username>"
> > ). It than becomes case sensitive as well. Make sure the case is spot
> > on.
> >
> > log on to the database as a dba user and look in v$session to see exact
> > spelling of your os account.
> >
> >
> > Jack
> >
> >
>
>
> Creating an account with domainnname/username is not necessary when
> connecting
> to Oracle on unix/linux from a windows client.
>
> I just created an account on 2 different databases on linux using
> "OPS$<myusername>".
> No domain name.
>
> One server knows how to authenticate via AD, the other does not.
>
> Both allowed an OS authenticated login from a Windows client.
>
> Setting remote_os_authent=true is a rather dangerous option.
>
> If is *extremely* easy for a windows client to gain ownership of the
> database when remote_os_authent=true.
>
> If you set it, you better be using invited_nodes in sqlnet.ora to limit
> who can get to the database.
>
> Jared
>
>
>
>
>
>
>
>
>
> --
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
--
J.A. van Zanen
Other related posts:
