Bulbul,
Your question can be broken up into basically three parts.
(1) Setting SQLNET.AUTHENTICATION_SERVICES is used for authenticating users
for single sign-on applications. For instance, you are using kerberos
authentication method and using Oracle Adanced Networking Option. Anyone
authenticated to the OS has already passed the test by Kerberos, and you
decide to let the person in without further authentication by Oracle (i.e.
userid, password). In this case, you would set
SQLNET.AUTHENTICATION_SERVICES= (kerberos5). Imagine you are visiting the
White House after visiting US Capitol. At the Capitol, they checked you out
and made sure you are indeed Bulbul; i other words you are who you claim to
be - a process we refer to as authentication. Now suppose you were escorteed
to White Huose in a Secret Service van sorroeunded by a dozen agents. At the
White House, the gurards may decided to let you enter without further
authentication. Why? Becuase they know the authentication done at Capitol
was rigorous enough and can be trusted. This is similar to a user
authenticated by Kerberos and Oracle assumes that the proces is reliable
anough to let the user in.
You are using (none) because you do not want to rely on the authentication
service provided by others.
(2) remote_os_authent means the user is authenticated in whatever manner in
the _client_ operating system, not the server. The user may have no account
with the server.
(3) If remote_os_authent is false, but the database has a user OPS$BULBUL
identified externally; a user named bulbul on the _server_ can login as
"sqlplus /", but a user named BULBUL on a remote machine will not be able
to.
Hope this helps.
Arup Nanda
www.proligence.com
----- Original Message -----
To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]>
Sent: Saturday, June 21, 2003 2:19 AM
> Arup , the procedure you gave is correct and works fine.
> I tried it out on win32 with 9.2.0.1.0.
> But I had to set SQLNET.AUTHENTICATION_SERVICES= (none) in sqlnet.ora
> My fundamentals are really weak , so please forgive the stupid
> questions : These steps create a database user who will be
> authenticated by the operating system , right ? I assume that the
> authenticating os is the one which runs the database and not the os
> running on the remote client machine . If yes , then this would mean
> that all these externally identified users would have to somehow log
> onto the os of the database server.
>
>
> However why does this procedure work only when remote_os_authent=true
> ?
> I had posted this same question a while ago , did not get any
> satisfactory answers , though people told me that
> remote_os_authent=true is a security problem.
>
> But it doesn't seem to work without that.
> Any ideas of enabling "sqlplus /" without remote_os_authent=true ?
> Wouldn't remote_os_authent=true allow remote client machines to
> authenticate their users which can then log in to the database as
> long as they know the name of the externally authenticated username
> and value of os_authent_prefix
>
> ----- Original Message -----
> To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]>
> Sent: Friday, June 20, 2003 01:15
>
>
> Sure.
>
> Just declare these in your init.ora
>
> os_authent_prefix=OPS$
> remote_os_authent=TRUE
>
> bounce the database, add a user called OPS$<the Windows username>,
> e.g. OPS$AK if your Windows login id is AK as
>
> create user ops$ak identified externally
>
> From windows connect as "/@servicename", e.g. sqlplus /@service1
>
> If it doesn't work, the OS user may be different. Use this query while
> connected to the database from Windows cleint.
>
> SQL> select sys_context('USERENV','OS_USER') from dual;
>
> See what OS username comes up; use that instead.
>
> HTH.
>
> Arup Nanda
> www.proligence.com
>
>
> ----- Original Message -----
> From: AK
> To: Multiple recipients of list ORACLE-L
> Sent: Thursday, June 19, 2003 1:10 PM
> Subject: oracle authentication from windows
>
>
> We want our client users ( forms user ) to just enter windows
> password and then automatically able to get in to oracle .Is there a
> way oracle can authenticate from windows ( or active directory ) .
> enbadding password in runform.exe not an option .
>
> thanks,
> -ak
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: <[EMAIL PROTECTED]
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Arup Nanda
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
