Authentication and Password Security - Implementing Database Security and Auditing

Databases Reference

In-Depth Information

Table 4.1

Contents of V$SESSION_CONNECT_INFO Matching the Logon Information in V$SESSION

AUTHENTICATION

_TYPE

SID

OSUSER

NETWORK_SERVICE_BANNER

138

DATABASE

RON-SNYHR85G9DJ\ronb

Oracle Advanced Security: NTS authen-

tication service adapter for 32-bit Win-

dows: Version 2.0.0.0.0

138

DATABASE

RON-SNYHR85G9DJ\ronb

Oracle Advanced Security: encryption

service for 32-bit Windows: Version

10.1.0.2.0 - Production

138

DATABASE

RON-SNYHR85G9DJ\ronb

Oracle Advanced Security: crypto-check-

summing service for 32-bit Windows:

Version 10.1.0.2.0 - Production

It turns out that on Windows, Oracle also suggests that you use operating

system authentication as a best practice. When using operating system

authentication, Oracle has several parameters you can use to fine-tune the

authentication process. These are initially set up in

, but you can

init.ora

look at the values by selecting from

or by signing on to

V$PARAMETER

SQL*Plus and running

. This lists all of the current param-

eters. The following four parameters (with the default values in a 10g instal-

lation) are relevant in the context of using operating system authentication:

SHOW PARAMETERS

remote_os_authent boolean FALSE

remote_os_roles boolean FALSE

os_authent_prefix string OPS$

os_roles boolean FALSE

The first parameter—

—is equivalent to the

remote_os_authent

CLIENT

authentication for DB2, and you should always set it to FALSE. If set to

true, it means that the server trusts that the client has authenticated the

user on the remote operating system and does not require further authenti-

cation. In the same spirit,

,

because this parameter allows a client authenticated remotely to enable

operating system roles. The

should be set to

remote_os_roles

FALSE

controls the mapping

between operating system users on the server to database users. Users who

have already been authenticated by the server's operating system can sign

onto Oracle without entering a password. The question is how the user-

names in both systems are related. This parameter is appended as a prefix

to the username used by the operating system and is useful in situations

where you may have the same usernames in the database as in the operat-

os_authent_prefix

Implementing Database Security and Auditing

Search WWH ::

Custom Search

Home