Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
I will make a deal with you: If you refer me to a company that needs
database support, from a few hours per week to full time, and I am able to sign
a contract with them.
Then I will give you 10% of the monthly
contract or deal price every month. When
the contract ends, and we re-sign the contract, I will again give you 10% of
the monthly contract price. This will go
on until the company no longer employs or contracts me or my agents to look
after their databases.
I can do this, because that 10% is my
marketing budget. When we re-sign the
contract, in the future, it may depend on you giving the thumbs up again, and
that is worth 10% of the monthly contract price, to be given to you as
commission.
Contact:
Franz
Security,
Authentication Methods - Part 2
Authentication by the Operating System
On some operating systems, Oracle can use information
maintained by the operating system, to authenticate users. There are benefits to this approach:
·
Once a user is
authenticated by the operating system, that user can connect to oracle without
having to specify a username or password
For example the user would connect
to the operating system user account, and then connect to the oracle database
like this:
# sqlplus /
·
Because the control
over user authentication is centralized in the operating system, Oracle does
not need to manage user passwords.
Oracle still needs to maintain the usernames in the database.
·
Audit trails in the
database, and in the operating system can use the same user names.
When the operating system is used to authenticate database
users, managing distributed database environments and database links requires
special care.
Authentication by the Network
Authentication over a network is handled either by the SSL
protocol, or by a third-party service.
To use a network authentication service with Oracle, you will need to
install the enterprise edition of the Oracle database server with the advanced
security option.
·
Authentication using
SSL
·
Authentication using
third-party services
·
Authentication using
Kerberos
·
Authentication that is
PKI-based
·
Authentication with
RADIUS
·
Using Directory-Based
services
Authentication Using SSL
The Secure Socket Layer (SSL) protocol is an application
layer protocol. It can be used for user authentication to a database, and it is
independent of global user management in Oracle Internet Directory. Users can
use SSL to authenticate to the database even without a directory server in
place.
Authentication Using Third-Party Services
Authentication over a network makes use of third-party
network authentication services. Prominent examples include Kerberos, Public
Key Infrastructure (PKI), the Remote Authentication Dial-In User Service
(RADIUS), and directory-based services.
If network authentication services are available to you,
then Oracle can accept authentication from the network service. If you use a
network authentication service, then some special considerations arise for
network roles and database links.
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Classifieds
No comments:
Post a Comment