- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Oracle under OpenVMS
Operating System - OpenVMS
1753506
Members
6179
Online
108794
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-26-2004 09:40 PM
тАО05-26-2004 09:40 PM
Hi to all,
I faced a problem with one of my biggest customers who have more than 40 alpha system running OpenVMS " He renewing his servers frequently" and he bought all alpah running OVMS because he wants the security features of the OVMS. After he implements the application ( Oracle Application ) he saw the OVMS is not there because the clients connect to the server using application & Oracle authentications not OVMS authentications so he wants to see all users connected to OVMS by issue SHOW USER or SHOW SYSTEM commands, he wants to use audit and account utility to check all users.
So can we do this by any way, Because he told me that I bought OVMS for this, so another time I will buy UNIX or any other platform if I can't use these features.
Please Advice.
I faced a problem with one of my biggest customers who have more than 40 alpha system running OpenVMS " He renewing his servers frequently" and he bought all alpah running OVMS because he wants the security features of the OVMS. After he implements the application ( Oracle Application ) he saw the OVMS is not there because the clients connect to the server using application & Oracle authentications not OVMS authentications so he wants to see all users connected to OVMS by issue SHOW USER or SHOW SYSTEM commands, he wants to use audit and account utility to check all users.
So can we do this by any way, Because he told me that I bought OVMS for this, so another time I will buy UNIX or any other platform if I can't use these features.
Please Advice.
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-26-2004 09:56 PM
тАО05-26-2004 09:56 PM
Solution
If I understand correctly, you must get the info out of Oracle. The client opens a TCPIP socket on the server and via this socket you talk with the server. The user name is validated by Oracle and not VMS.
Check http://www.integrigy.com/info/IntegrigySecuringOracleApplications.pdf
(I haven't used Oracle for 7 years)
Check http://www.integrigy.com/info/IntegrigySecuringOracleApplications.pdf
(I haven't used Oracle for 7 years)
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2004 01:02 AM
тАО05-27-2004 01:02 AM
Re: Oracle under OpenVMS
If your customer uses RDB, that will authenticate agains SYSUAF by default. Otherwise, think of using the ACME authentication module in VMS, but you'll need to do some specific programming. If you're running VMS 7.3-2, LDAP as another possibility, and Oracle can handle that.
I don't know Oracle that well, but I can think of the method that database usage is something else than system usage - and so Oracle will keep authentication to itself - INCLUDING user names, that doe NOT have to exist on the system, itself. The very same will apply to Unix, so swithing to Unix won't help!
Willem
I don't know Oracle that well, but I can think of the method that database usage is something else than system usage - and so Oracle will keep authentication to itself - INCLUDING user names, that doe NOT have to exist on the system, itself. The very same will apply to Unix, so swithing to Unix won't help!
Willem
Willem Grooters
OpenVMS Developer & System Manager
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-27-2004 01:56 AM
тАО05-27-2004 01:56 AM
Re: Oracle under OpenVMS
Mahmoud,
To clarify:
You're mixing two, in principle unrelated authentications: data access and system access.
Oracle runs it's DBMS under it's own username. Part of this is control over external connections (typically SQL*NET) that will take care of all connections.
The 'ordinary' user starts his application and will access the database using the middleware - running, indeed, as "ORACLE" (or similar), and will not login into the system to access the database. That means, Oracle has to take care of authentication. You won't see these users by their system names, since they do not log in, so SHO USERS or SHO SYSTEM won't help, simply because the do not own a process on the machine.
For database maintenance - so to acess the databasefiles themselves - you need to login onto the system, so these users - typically DBA or SYSMGR - will be traceble by SHOW USER or SHOW SYSTEM. Of course they can access the data inside the database itself, but even then, this access will NOT be traceble using OS-sepcified tools. It's even possible to block data access using (e.g) SQL, but still database files can be accessed directly.
In short:
* Accessing the DATA inside the database is controlled by the DBMS, not by the OS, since this has no means of awareness of this access.
* Accessing the SYSTEM on which the database runs, is controlled by the system; the database is not aware of the system's authentication.
This allows data access by users that have no access to the system itself, and it allows to disallow data access by users that do have access to the system.
These two are UNRELATED - but you may be able to link Oracle authentication to the OS (for VMS, you could think of ACME + LDAP). yet, I doubt you'll see the users show up in SHOW SYSTEM - unless they really logged in into the machine. It will definitely require some programming.
Having said that, you will understand that switching to another OS won't help you. Under Unix, you'll face exactly the same problem.
Willem
To clarify:
You're mixing two, in principle unrelated authentications: data access and system access.
Oracle runs it's DBMS under it's own username. Part of this is control over external connections (typically SQL*NET) that will take care of all connections.
The 'ordinary' user starts his application and will access the database using the middleware - running, indeed, as "ORACLE" (or similar), and will not login into the system to access the database. That means, Oracle has to take care of authentication. You won't see these users by their system names, since they do not log in, so SHO USERS or SHO SYSTEM won't help, simply because the do not own a process on the machine.
For database maintenance - so to acess the databasefiles themselves - you need to login onto the system, so these users - typically DBA or SYSMGR - will be traceble by SHOW USER or SHOW SYSTEM. Of course they can access the data inside the database itself, but even then, this access will NOT be traceble using OS-sepcified tools. It's even possible to block data access using (e.g) SQL, but still database files can be accessed directly.
In short:
* Accessing the DATA inside the database is controlled by the DBMS, not by the OS, since this has no means of awareness of this access.
* Accessing the SYSTEM on which the database runs, is controlled by the system; the database is not aware of the system's authentication.
This allows data access by users that have no access to the system itself, and it allows to disallow data access by users that do have access to the system.
These two are UNRELATED - but you may be able to link Oracle authentication to the OS (for VMS, you could think of ACME + LDAP). yet, I doubt you'll see the users show up in SHOW SYSTEM - unless they really logged in into the machine. It will definitely require some programming.
Having said that, you will understand that switching to another OS won't help you. Under Unix, you'll face exactly the same problem.
Willem
Willem Grooters
OpenVMS Developer & System Manager
OpenVMS Developer & System Manager
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP