Operating System - HP-UX
1748129 Members
3537 Online
108758 Solutions
New Discussion юеВ

Why cannot user OS authentication in Oracle 8.1.7 ?

 
Chris Fung
Frequent Advisor

Why cannot user OS authentication in Oracle 8.1.7 ?

Hi there,

I created a Unix account called dbaudit and then create a corresponding Oracle account which identified externally.

However, I could not login with "sqlplus /". What's going wrong with my DB setting ??

Attached please find my init.ora file for your reference.

Appreciated for your advice.

Cheers,

Chris
7 REPLIES 7
Sanjay Kumar Suri
Honored Contributor

Re: Why cannot user OS authentication in Oracle 8.1.7 ?

Have you given?

GRANT connect TO user_name;

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
Michael Schulte zur Sur
Honored Contributor

Re: Why cannot user OS authentication in Oracle 8.1.7 ?

Hi,

were you meant to say sqlplus "/ as sysdba"?
If not post the error message.
Is the user part of the dba group?

greetings,

Michael
James A. Donovan
Honored Contributor

Re: Why cannot user OS authentication in Oracle 8.1.7 ?

The Oracle user account must be defined as follows:

From Metalink Note# 18088.1
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_id=18088.1&p_database_id=NOT

3.3) Identified Externally: --------------------------- In order for a database account to accept connections without a password the database logon must be created with an 'IDENTIFIED EXTERNALLY' clause.

Eg: CREATE USER OSUSER_SCOTT IDENTIFIED EXTERNALLY;

This will allow SCOTT to 'CONNECT /'. This will NOT allow SCOTT to connect as OSUSER_SCOTT in any other manner

CREATE USER OSUSER_SCOTT IDENTIFIED BY XYZ;

The user must supply the username AND password to connect as the account has actually been created as requiring database authentication.

Ie: 'CONNECT /'
will *NOT* work
'CONNECT OSUSER_SCOTT/XYZ'

will connect. If the OS_AUTHENT_PREFIX is set to OPS$ a user can connect in either manner if created with a password. This is more of a security risk as there are 2 ways to access the database account.

Eg: CREATE USER OPS$SCOTT IDENTIFIED BY XYZ;
Allows the user to 'CONNECT /' or 'CONNECT OPS$SCOTT/XYZ'.
Remember, wherever you go, there you are...
Yogeeraj_1
Honored Contributor

Re: Why cannot user OS authentication in Oracle 8.1.7 ?

hi,

i believe the missing parameter is in your init.ora.

Modify it to:

os_authent_prefix = "ops$"

hope this helps!

regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Sanjay Kumar Suri
Honored Contributor

Re: Why cannot user OS authentication in Oracle 8.1.7 ?

os_authent_prefix = "" is already defined in the init.ora.

As per the Oracle documentation:
OS_AUTHENT_PREFIX specifies a prefix that Oracle uses to authenticate users attempting to connect to the server. Oracle concatenates the value of this parameter to the beginning of the user's operating system account name and password. When a connection request is attempted, Oracle compares the prefixed username with Oracle usernames in the database.

The default value of this parameter is OPS$ for backward compatibility with previous versions. However, you might prefer to set the prefix value to "" (a null string), thereby eliminating the addition of any prefix to operating system account names.

sks
A rigid mind is very sure, but often wrong. A flexible mind is generally unsure, but often right.
Victor Fridyev
Honored Contributor

Re: Why cannot user OS authentication in Oracle 8.1.7 ?

Hi,

Add to init.ora the following strings:

os_authent_prefix = ""
remote_os_authent = TRUE

and restart the instance.
Entities are not to be multiplied beyond necessity - RTFM
Ken_109
Advisor

Re: Why cannot user OS authentication in Oracle 8.1.7 ?

Be careful with setting REMOTE_OS_AUTHENT=TRUE...This causes the oracle server to allow anyone on the network to connect to the oracle account, not just users authenticated on the host OS...