https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860426#M864014 The company has several domains but has a unique user id policy (regardless of domain). As the database is in a secure environment, I have chosen to use external authentication where the oracle users are created with a name equal to the windows user name (without domain).<BR /><BR />I have also applied audit triggers to tables with sensitive data as an extra means of security. The trigger stores username, osuser, machine, process and program info from v$session as well as the data change and timestamp. Tue, 14 Sep 2004 19:40:25 GMT Andrew Stolz 2004-09-14T19:40:25Z https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860420#M864008 I would like to have Windows clients accessing an Oracle database on a Unix box and I would like them to be set up under external authentication. <BR /><BR />For example, if I have a user called "andrew" on a domain called "DOM" I find I can only connect when the database user account is set up as "andrew" (with external auth). The session table shows the username as "andrew". <BR /><BR />I imagine this would pose a big security risk - any user from any domain or OS (that can see the database) with the user name "andrew" could access the database.<BR /><BR />I have run another test with the Oracle DB on Windows. This time I set up a user called "DOM\andrew" and I can connect (and the session table shows the username as "DOM\andrew"). <BR /><BR />Can't I have it so only "DOM\andrew" can connect to Oracle on a Unix box while "DOM_TWO\andrew" cannot??? <BR /><BR />Note that I don't just want to set the OS_AUTHENT_PREFIX to the domain name because this does not fix the problem.<BR /><BR />Your help would be really appreciated.<BR /><BR />Thanks,<BR />Andrew Fri, 10 Sep 2004 01:24:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860420#M864008 Andrew Stolz 2004-09-10T01:24:28Z https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860421#M864009 Oracle has a componeent called OID which will let you authenticate in users from an external LDAP server.<BR /><BR />Last time I asked our oracle folks that could not be done with just the normal Windows Active Directory login authentication scheme.<BR /><BR />SEP Fri, 10 Sep 2004 01:27:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860421#M864009 Steven E. Protter 2004-09-10T01:27:07Z https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860422#M864010 Thanks for the response.<BR /><BR />I have done some reading and if I have it right, I configure the OID to get a set of users from the AD via a script. Then these users will be externally authienticated by their Windows domain\username and password.<BR /><BR />That right? I'll give it a go.<BR /><BR />Thanks,<BR />Andrew Mon, 13 Sep 2004 01:01:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860422#M864010 Andrew Stolz 2004-09-13T01:01:53Z https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860423#M864011 Steven,<BR /><BR />OID (Oracle internet direcotry) has to work with IAS (oracle application server),So if you want to use it u 'll need to use SSO single sign on, it is a long story.<BR />For you Andrew, you have different kinds of security &amp; authen. to deel with your question(database only) for example on oracle 10g you 've a lot of security features (VPD "virtual private" DB or OLS "oracle label security".<BR />I think it is better to go to otn.oracle.com and search for security features.<BR />Goodluck &amp; regards,<BR />Hamdy Mon, 13 Sep 2004 14:25:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860423#M864011 Hamdy Al-Sebaey 2004-09-13T14:25:30Z https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860424#M864012 I don't know the methodology because we have not implemented it yet.<BR /><BR />Oracle does assure me that you will be able to autenticate into ias and the database using your windows yourname@domain.net user id using Active Directory or LDAP.<BR /><BR />The portion of OID I referred to integrates with LDAP.<BR /><BR />It is a good idea to to to otn.oracle.com and learn more.<BR /><BR /><BR />SEP Mon, 13 Sep 2004 14:39:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860424#M864012 Steven E. Protter 2004-09-13T14:39:35Z https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860425#M864013 Will do. Thanks for your help. Mon, 13 Sep 2004 19:13:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860425#M864013 Andrew Stolz 2004-09-13T19:13:52Z https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860426#M864014 The company has several domains but has a unique user id policy (regardless of domain). As the database is in a secure environment, I have chosen to use external authentication where the oracle users are created with a name equal to the windows user name (without domain).<BR /><BR />I have also applied audit triggers to tables with sensitive data as an extra means of security. The trigger stores username, osuser, machine, process and program info from v$session as well as the data change and timestamp. Tue, 14 Sep 2004 19:40:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/oracle-external-authentication-issues/m-p/4860426#M864014 Andrew Stolz 2004-09-14T19:40:25Z