Resolve Oracle Database Remote Login Identity Authentication

After a long time learning about remote login to the Oracle database, I have some tips. Now I will share with you the remote login and authentication of the Oracle database. After reading this article, you will certainly have a lot of GAINS, I hope this article will teach you more things.

1. Operating System verification on the server

1. Configure the SQLNET. ORA File

The parameter NAMES. DIRECTORY_PATH = (TNSNAMES, ONAMES, HOSTNAME) indicates the method used to parse the host string used for client connection. TNSNAMES indicates that TNSNAMES is used. ORA file to parse; ONAMES indicates that Oracle uses its own Name Server Oracle Name Server) for parsing. Currently, Oracle recommends using the Lightweight Directory Access Protocol LDAP to replace ONAMES; HOSTNAME indicates that the host file is used, DNS, NIS, and so on; parameter SQLNET. AUTHENTICATION_SERVICES = (NONE, CNT) indicates the authentication method used by the user to connect to the Oracle server. NONE indicates the identity authentication of the Oracle database, and the operating system is authenticated by the operating system. Both methods can be used.

2. Create an operating system group and add users to the group.

The domain users and local users in the ORA_DBA group can log on to Oracle without the Oracle user name and password. When users in the group log on to the database and have SYSDBA permissions on multiple instances, you can create a group like ORA_SID_DBA, where SID indicates the Instance name. Similarly, members in the ora_scheduler group have the permissions of the SYSOPER role.

3. logon Method

 
 

  
  
C:> sqlplus "/as sysdba" or C:> sqlplus nolog, and then SQL> connect/as sysdba
 
 

4. The influence of Remote_Login_Passwordfile in init. ora on identity authentication.

Three Optional values:
NONE:
The default value indicates that the Oracle system does not use password files. Privileged users who perform identity authentication through the operating system have SYSORA and SYSOPER permissions.

Three Optional values:
NONE:
The default value indicates that the Oracle system does not use password files. Privileged users who perform identity authentication through the operating system have SYSORA and SYSOPER permissions.

EXCLUSIVE:

1). indicates that only one database instance can use a password file;

2) grant SYSORA and SYSOPER permissions to other users than SYS.

SHARED:
1). indicates that multiple database instances can use password files;
2) The SYSORA and SYSOPER permissions cannot be assigned to users other than SYS.
Therefore, to log on as an operating system, set Remote_Login_Passwordfile to NONE.

5. when the logged-on user is not a member of the ORA_DBA group or the ora_region group, you must create the same user name for the current operating system user in Oracle. If the current user is a domain user, the user name is domainnameyourname, for a local computer user, the name is computernameyourname.

Creation method:

 
 

  
  
create "domainnameyourname" identified externally;   
  
  
grant connect to "domainnameyourname";   
 
 

In Windows, add AUTH_PREFIX_DOMAIN under the HKEY_LOCAL_MACHINESOFTWAREORACLEHOME0 registry with the value set to FALSE. You can ignore the domain name when creating an Oracle user. In this way, init. A parameter in ora affects how the database matches a windows user and an Oracle user OS _authent_prefix = "". The default value is null. this parameter is unavailable before Oracle8i, and OPS $ is used as the username prefix. (the maximum length of the Oracle user name is 30 characters ).

Ii. Operating System verification for remote clients

First, set the following parameter in the init. ora file: REMOTE_ OS _AUTHENT = TRUE. Oracle does not recommend operating system verification on a remote client, because the client is not verified by the operating system user on the server, but is used for windows verification by the client itself for fear of operating systems, in this way, the client can establish a corresponding windows machine name and user name to cheat the Oracle operating system verification.

For example, the following Oracle user is created:

 
 

  
  
create "zlzyk" identified externally;   
  
  
grant connect to "zlzyk";   
 
 

If there is a machine named ZL that creates a user named zyk and uses @ OracleSTR to log on to the Oracle server for connection), the cause of this problem is that no user name or password is required, oracle uses the client operating system for verification. It cannot distinguish whether zl is a domain name or a machine name.

Windows authentication on the Oracle database server is easy to implement and makes it easy for logged-on users to access the database. However, this authentication model is not suitable for remote clients because of the high security risk.

Iii. Enhancement of Operating System Identity Authentication supported by Oracle 9i

Oracle 9i can be integrated with the Active Directory. Using Oracle Enterprise Security Manager to manage user permissions Enterprise user authentication is a new external centralized authentication mode called global user authentication, oracle 9i External user authentication only adopts local client operating system authentication ).

Oracle9i runs in a win2000 or above domain. The Registry HKEY_LOCAL_MACHINESOFTWAREORACLEHOMEID. The parameter OSAUTH_X509_NAME is set to true (the default value is false. If this parameter does not exist, it is added to the REG_EXPAND_SZ type ). Note: Windows NT 4.0 domain does not support this method.

1. Code required to modify the Oracle storage process
2. Summary of Oracle stored procedures
3. Code for implementing the Oracle storage process
4. In-depth high-performance dynamic Oracle SQL Development
5. Analysis of Oracle SQL optimization rules