Study on external identity authentication of Oracle Database

The following article is mainly talking about the external identity authentication of Oracle database research, I am in a good reputation of the site, found a brief on the external identity of Oracle database authentication of some of the practical relevant information, to be shared.

Operating system authentication on a server

1. Configure Sqlnet.ora Files

The parameter names.directory_path= (TNSNAMES, Onames, HOSTNAME) indicates how the host string used to resolve the client connection is resolved. TNSNames representations are resolved using a Tnsnames.ora file, Onames represents Oracle using its own name server (Oracle name server) to resolve, and Oracle is currently proposing to replace Onames with Lightweight Directory Access Protocol LDAP; Hostname represents the use of host files, Dns,nis, etc. to resolve; parameter sqlnet.authentication_services= (none,nts) Indicates which authentication method is used when a user connects to an Oracle server, none represents Oracle database authentication, and NTS represents the operating system authentication, which can be combined in two ways.

2. Set up the corresponding operating system group and users to join the group

Domain Users and local users in the ORA_DBA group can log on to Oracle without the need for an Oracle username and password and users of that group have SYSDBA permissions after they log on to the database (for multiple instances, you can create a group ora_sid_dba like this, where the SID refers to the instance name). : The members in the Ora_oper group have sysoper role permissions.

3. Login mode

C:\>sqlplus "/As SYSDBA"

Or C:\>sqlplus Nolog, then Sql>connect/as sysdba

The impact of Remote_login_passwordfile in 4.init.ora on authentication.

Three optional values:

NONE:

A default value that indicates that the Oracle system does not use a password file, and that privileged users who authenticate through the operating system have Sysora and Sysoper permissions.

EXCLUSIVE:

1). Indicates that only one instance of the database can use the password file;

2. Allows Sysora and Sysoper permissions to be assigned to users other than Sys.

SHARED:

1). Indicates that a password file can be used for multiple database instances;

2. Sysora and Sysoper permissions are not allowed to be assigned to users other than Sys.

Therefore, if you want to log on as an operating system, Remote_login_passwordfile should be set to none