Databases
cancel
Showing results for 
Search instead for 
Did you mean: 

Oracle External Authentication Issues

Andrew Stolz
Occasional Visitor

Oracle External Authentication Issues

I would like to have Windows clients accessing an Oracle database on a Unix box and I would like them to be set up under external authentication.

For example, if I have a user called "andrew" on a domain called "DOM" I find I can only connect when the database user account is set up as "andrew" (with external auth). The session table shows the username as "andrew".

I imagine this would pose a big security risk - any user from any domain or OS (that can see the database) with the user name "andrew" could access the database.

I have run another test with the Oracle DB on Windows. This time I set up a user called "DOM\andrew" and I can connect (and the session table shows the username as "DOM\andrew").

Can't I have it so only "DOM\andrew" can connect to Oracle on a Unix box while "DOM_TWO\andrew" cannot???

Note that I don't just want to set the OS_AUTHENT_PREFIX to the domain name because this does not fix the problem.

Your help would be really appreciated.

Thanks,
Andrew
6 REPLIES
Steven E. Protter
Exalted Contributor

Re: Oracle External Authentication Issues

Oracle has a componeent called OID which will let you authenticate in users from an external LDAP server.

Last time I asked our oracle folks that could not be done with just the normal Windows Active Directory login authentication scheme.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Andrew Stolz
Occasional Visitor

Re: Oracle External Authentication Issues

Thanks for the response.

I have done some reading and if I have it right, I configure the OID to get a set of users from the AD via a script. Then these users will be externally authienticated by their Windows domain\username and password.

That right? I'll give it a go.

Thanks,
Andrew
Hamdy Al-Sebaey
Regular Advisor

Re: Oracle External Authentication Issues

Steven,

OID (Oracle internet direcotry) has to work with IAS (oracle application server),So if you want to use it u 'll need to use SSO single sign on, it is a long story.
For you Andrew, you have different kinds of security & authen. to deel with your question(database only) for example on oracle 10g you 've a lot of security features (VPD "virtual private" DB or OLS "oracle label security".
I think it is better to go to otn.oracle.com and search for security features.
Goodluck & regards,
Hamdy
Thanks for sharing knowledge
Steven E. Protter
Exalted Contributor

Re: Oracle External Authentication Issues

I don't know the methodology because we have not implemented it yet.

Oracle does assure me that you will be able to autenticate into ias and the database using your windows yourname@domain.net user id using Active Directory or LDAP.

The portion of OID I referred to integrates with LDAP.

It is a good idea to to to otn.oracle.com and learn more.


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Andrew Stolz
Occasional Visitor

Re: Oracle External Authentication Issues

Will do. Thanks for your help.
Andrew Stolz
Occasional Visitor

Re: Oracle External Authentication Issues

The company has several domains but has a unique user id policy (regardless of domain). As the database is in a secure environment, I have chosen to use external authentication where the oracle users are created with a name equal to the windows user name (without domain).

I have also applied audit triggers to tables with sensitive data as an extra means of security. The trigger stores username, osuser, machine, process and program info from v$session as well as the data change and timestamp.