Databases Reference
In-Depth Information
the server and passes it some client identifiers, like the hostname and an
operating system name. It does not pass the username and password yet;
rather, it calls a system call at the operating system level and retrieves the
operating system user that is being used. The database does not try to
authenticate this operating system username; it just accepts this informa-
tion and proceeds to negotiate an authentication protocol with the database
(all within the TNS layer). When the two agree to an authentication
method, the client sends the login name and password to the database using
the Oracle Password Protocol (also called O3LOGON)—a protocol that
uses DES encryption to ensure that the password cannot be easily retrieved
by an eavesdropper.
Note that this means that for every connection, the database knows the
user not only at the database level but also at the operating system level.
This information may be important to you for audit or security purposes,
and you can retrieve it from
. For example, the following data
V$SESSION
and can be useful when you want to better
categorize who is logged into the database:
fields are taken from
V$SESSION
USERNAME:
SYSTEM
OSUSER:
RON-SNYHR85G9DJ\ronb
MACHINE:
WORKGROUP\RON-SNYHR85G9DJ
MODULE:
SQL*Plus
There is more information regarding the authentication process in
; for example, the right-most column of Table 4.1
lists additional authentication information for my SQL*Plus session. Note
that the authentication type is native (DATABASE):
V$SESSION_CONNECT_INFO
Table 4.1
Contents of
Matching the Logon Information in
V$SESSION_CONNECT_INFO
V$SESSION
AUTHENTICATION
_TYPE
SID
OSUSER
NETWORK_SERVICE_BANNER
138
DATABASE
RON-SNYHR85G9DJ\ronb
Oracle Bequeath NT Protocol Adapter
for 32-bit Windows: Version 10.1.0.2.0 -
Production
138
DATABASE
RON-SNYHR85G9DJ\ronb
Oracle Advanced Security: authentica-
tion service for 32-bit Windows: Version
10.1.0.2.0 - Production
Search WWH ::
Custom Search