RE: database authentication by windows credentials

  • From: "Stephens, Chris" <chris_stephens@xxxxxxxxxxxx>
  • To: "Jared Still" <jkstill@xxxxxxxxx>
  • Date: Tue, 13 Jan 2009 08:59:20 -0600

I don't see anything in that document that specifies how to use AD user
accounts to authenticate to an Oracle database.  The section titled
"Integration with Windows Login Credentials" lists the following two


Integration with Windows Login Credentials

Oracle database and configuration tools can use the login credentials of
the Windows user currently logged on to connect to Active Directory
without having to re-enter the login credentials. This feature has two

*       Oracle clients and databases can securely connect to Active
Directory and retrieve the net service name.
*       Oracle configuration tools can connect automatically to Active
Directory and configure Oracle Database and net service name objects.
The enabled tools include Oracle Net Configuration Assistant and
Database Configuration Assistant.

Neither one of those allows me to use AD for user authentication.


There is mention of interaction between Enterprise Users and Active
Directory but after looking at the Enterprise User Administrator's
Guide, it appears that OID and Kerberos (which implies Advanced Security
Option) is necessary.


C Integrating Enterprise User Security with Microsoft Active Directory

Enterprise users make use of Oracle Internet Directory, which is a part
of the Oracle Identity Management infrastructure. If your organization
uses a third party directory like Active Directory to store and manage
user entries, then you can integrate it with Oracle Internet Directory
to manage Enterprise User Security.

Kerberos authentication for enterprise users can make use of tickets
issued by a kerberos Key Distribution Center (KDC) running on a
Microsoft Windows domain controller.




From: Jared Still [mailto:jkstill@xxxxxxxxx] 
Sent: Monday, January 12, 2009 5:20 PM
To: Stephens, Chris
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: database authentication by windows credentials


On Mon, Jan 12, 2009 at 12:56 PM, Stephens, Chris
<chris_stephens@xxxxxxxxxxxx> wrote:

        I was under the impression that the only way to integrate
windows accounts with Oracle database authentication was to purchase the
Advanced Security options and make use of the Kerberos stuff.  The
documentation seems to be misleading in this area.  There is mention of
being able to use WNA and that WNA functionality comes with the Oracle
client though it seems that it only works with Windows NT and Windows

        I have yet to find a clear explanation of what my options are
for this integration. 

        Can anyone shed some light on this?


This may help:

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

        This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law.  If the reader of 
this message is not the intended recipient or the employee or agent responsible 
for delivering this message to the intended recipient, you are hereby notified 
that any dissemination, distribution or copying of this communication is 
strictly prohibited.  If you have received this
communication in error, please notify us immediately by email reply.

Other related posts: