Dated :- Jul.01 Last
Updated May 28, 2002
Tip : How do I
connect with oracle through OS
Authentication ?
For Domain authentication on NT set the parameter
OSAUTH_PREFIX_DOMAIN=TRUE in the registry
as follows :-
|
If You Have... |
Go to... |
|
One home directory |
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE |
|
Additional directories |
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\ HOMEID where ID is incremented for each additional Oracle
home directory on your computer. |
|
|
OSAUTH_PREFIX_DOMAIN = TRUE
Test case 1:-
Set the parameter in the INIT<SID>.ORA file
as
os_authent_prefix = "KK"
remote_os_authent = FALSE
Shutdown and start the database
DOM is the Domain name and WADHWAS is the
login name on NT machine.
SVRMGR> create user
"KKDOM\WADHWAS" identified by sam;
Statement processed.
SVRMGR> grant connect to
"KKDOM\WADHWAS" ;
Statement processed.
SVRMGR> connect /
ORA-01017: invalid username/password; logon
denied
SVRMGR> connect internal/oracle
Connected.
SVRMGR> drop user "KKDOM\WADHWAS"
;
Statement processed.
SVRMGR> create user
"KKDOM\WADHWAS" identified
externally;
Statement processed.
SVRMGR> grant connect to
"KKDOM\WADHWAS" ;
Statement processed.
SVRMGR> connect /
Connected.
Observation
:- If os_authent_prefix = "KK" is other than OPS$ , your password should be externally ,
otherwise you can not user OS Authentication.
TEST CASE 2:-
Set the parameter in the INIT<SID>.ORA file
as
OS_AUTHENT_PREFIX = "OPS$"
REMOTE_OS_AUTHENT = FALSE
Shutdown and restart the machine.
SVRMGR> connect internal/oracle
Connected.
SVRMGR> shutdown abort;
ORACLE instance shut down.
SVRMGR> startup
ORACLE instance started.
Total System Global Area 57124108 bytes
Fixed Size 70924 bytes
Variable Size 40198144 bytes
Database Buffers 16777216 bytes
Redo Buffers 77824 bytes
Database mounted.
Database opened.
SVRMGR> create user
"OPS$DOM\WADHWAS" identified
by sam;
Statement processed.
SVRMGR> grant connect to
"OPS$DOM\WADHWAS" ;
Statement processed.
SVRMGR> connect /
Connected.
SVRMGR>
Observation
:- If
os_authent_prefix = "OPS$"
you can assign a password other than
externally .
Connection from client machine
Login
to sqlplus from desktop
login
from sqlplus from DOS
C:\>sqlplus "OPS$DOM\WADHWAS"/SAM@ora816
SQL*Plus: Release 8.1.6.0.0 - Production on Fri
Jul 13 16:41:39 2001
(c) Copyright 1999 Oracle Corporation. All rights reserved.
Connected to:
Oracle8i Enterprise Edition Release 8.1.6.0.0 -
Production
With the Partitioning option
JServer Release 8.1.6.0.0 - Production
SQL> show user
USER is "OPS$DOM\WADHWAS"
SQL>
TEST CASE 3:-
Set the parameter in the INIT<SID>.ORA file
as
OS_AUTHENT_PREFIX = ""
REMOTE_OS_AUTHENT = FALSE
Client domain is DOM and machine
username is TESTUSER having admin rights
SVRMGR> shutdown abort;
ORACLE instance shut down.
SVRMGR> startup
ORACLE instance started.
Total System Global Area 57124108 bytes
Fixed Size 70924 bytes
Variable Size 40198144 bytes
Database Buffers 16777216 bytes
Redo Buffers 77824 bytes
Database mounted.
Database opened.
SVRMGR> create user "DOM\TESTUSER"
identified externally;
Statement processed.
SVRMGR> grant connect to
"DOM\TESTUSER";
Statement processed.
Connection
from client machine.
Login
to sqlplus from desktop
login
from sqlplus from DOS
C:\>sqlplus /@ora816
SQL*Plus: Release 8.1.6.0.0 - Production on Fri
Jul 13 16:54:14 2001
(c) Copyright 1999 Oracle Corporation. All rights reserved.
Connected to:
Oracle8i Enterprise Edition Release 8.1.6.0.0 -
Production
With the Partitioning option
JServer Release 8.1.6.0.0 - Production
SQL> show user
USER is "DOM\TESTUSER"
SQL>
TEST CASE 4 (When Client and
Server on the Same Machine):-
Assumption: 1) You do not want to specify
domain.
Set the parameter in the INIT<SID>.ORA file
as
OS_AUTHENT_PREFIX = "KK"
REMOTE_OS_AUTHENT = FALSE
REMOTE_OS_AUTHENT specifies whether remote clients will be authenticated with the
value of the OS_AUTHENT_PREFIX parameter
Set the parameter in the sqlnet.ora file (<ORACLE_HOME>/network/admin)
as
SQLNET.AUTHENTICATION_SERVICES=(NTS)
NOTE :- if sqlnet.authentication_services is not NTS in the sqlnet.ora , the REMOTE_OS_AUTHENT should be TRUE in the init<sid>.ora file.
Machine username is TESTUSER having admin
rights
SVRMGR> shutdown abort;
ORACLE instance shut down.
SVRMGR> startup
ORACLE instance started.
Total System Global Area 57124108 bytes
Fixed Size 70924 bytes
Variable Size 40198144 bytes
Database Buffers 16777216 bytes
Redo Buffers 77824 bytes
Database mounted.
Database opened.
SVRMGR> create user KKTESTUSER identified
externally;
Statement processed.
SVRMGR> grant connect to KKTESTUSER;
Statement processed.
C:\>sqlplus /
SQL*Plus: Release 8.1.6.0.0 - Production on Fri
Jul 13 16:54:14 2001
(c) Copyright 1999 Oracle Corporation. All rights reserved.
Connected to:
Oracle8i Enterprise Edition Release 8.1.6.0.0 -
Production
With the Partitioning option
JServer Release 8.1.6.0.0 - Production
SQL> show user
USER is "KKTESTUSER"
SQL>
Point to be
noted :-
ORA_DBA or
ORA_SID_DBA is a NT local group which you will have to create and you should
add the users who will connect as sysdba into this group. This group should be specified
in the SID_DESC in LISTENER.ORA file.
On UNIX , for OS
authentication , a unix login must exit which will match the database login for
authentication. Also some document say set sqlnet.authentication_services=NONE
YOUR
COMMENTS , FEEDBACK AND QUERIES ARE
MOST WELCOME !!!!!!!!!!!!!!
End of Tip
|
Welcome
to send comments or feedback at Wadhwa_s@Hotmail.com |
|
Sameer Wadhwa |
Copyright © Oracle Techniques All Rights Reserved |