Study on external identity authentication of Oracle Database

Source: Internet
Author: User
Tags lightweight directory access protocol ldap oracle database sqlplus

The following article is mainly talking about the external identity authentication of Oracle database research, I am in a good reputation of the site, found a brief on the external identity of Oracle database authentication of some of the practical relevant information, to be shared.

Operating system authentication on a server

1. Configure Sqlnet.ora Files

The parameter names.directory_path= (TNSNAMES, Onames, HOSTNAME) indicates how the host string used to resolve the client connection is resolved. TNSNames representations are resolved using a Tnsnames.ora file, Onames represents Oracle using its own name server (Oracle name server) to resolve, and Oracle is currently proposing to replace Onames with Lightweight Directory Access Protocol LDAP; Hostname represents the use of host files, Dns,nis, etc. to resolve; parameter sqlnet.authentication_services= (none,nts) Indicates which authentication method is used when a user connects to an Oracle server, none represents Oracle database authentication, and NTS represents the operating system authentication, which can be combined in two ways.

2. Set up the corresponding operating system group and users to join the group

Domain Users and local users in the ORA_DBA group can log on to Oracle without the need for an Oracle username and password and users of that group have SYSDBA permissions after they log on to the database (for multiple instances, you can create a group ora_sid_dba like this, where the SID refers to the instance name). : The members in the Ora_oper group have sysoper role permissions.

3. Login mode

C:\>sqlplus "/As SYSDBA"

Or C:\>sqlplus Nolog, then Sql>connect/as sysdba

The impact of Remote_login_passwordfile in 4.init.ora on authentication.

Three optional values:

NONE:

A default value that indicates that the Oracle system does not use a password file, and that privileged users who authenticate through the operating system have Sysora and Sysoper permissions.

EXCLUSIVE:

1). Indicates that only one instance of the database can use the password file;

2. Allows Sysora and Sysoper permissions to be assigned to users other than Sys.

SHARED:

1). Indicates that a password file can be used for multiple database instances;

2. Sysora and Sysoper permissions are not allowed to be assigned to users other than Sys.

Therefore, if you want to log on as an operating system, Remote_login_passwordfile should be set to none

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.