Because external authentication checks the domain name you are logged into. You can't log into a local user JKILCHOE and connect to the externally authenticated database user "MYDOMAIN\JKILCHOE".
Beth -----Original Message----- Sent: Friday, June 20, 2003 4:05 PM To: Multiple recipients of list ORACLE-L (my question follows) > -----Original Message----- > From: Seefelt, Beth [mailto:[EMAIL PROTECTED] > > I disagree. Remote OS authentication is not inherently insecure in > Windows like it is in Unix. If you prefix the account names with the > domain name, a user would not only have to spoof the username, he > would have to spoof the domain name too. At that point, you probably > have bigger problems than access to your database. Also, in that > situation, > only the security token is going over the network, not your > password in > clear text. The caveat is that you should be using the > *domain name* as the prefix, not OPS$. I don't understand how to accomplish this in practice. I currently sign on to the Windows Network for domain MYDOMAIN with userid JKILCHOE. By running the query suggested by Mr. Nanda I see that Oracle thinks my username is jkilchoe: SQL> select sys_context ('userenv', 'os_user') from dual SYS_CONTEXT('USERENV','OS_USER') --------------------------------------------------------- jkilchoe If I set os_authent_prefix = MYDOMAIN and create an Oracle username MYDOMAINJKILCHOE how does that stop someone else from creating a local user JKILCHOE on their machine, signing on to their local machine as JKILCHOE, and then using SQL*Net to connect to the database as MYDOMAINJKILCHOE ? -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jacques Kilchoer INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Seefelt, Beth INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
