ORACLE DATABASE PROBLEM AND SOLUTIONS: Oracle User Management :#02

Sunday, January 14, 2018

Oracle User Management :#02

External OS User Authentication in Oracle

External Authentication requires the creation of user accounts that are maintained by Oracle. Passwords are administered by an external service such as the operating system or a network service.

This option is generally useful when a user logs on directly to the machine where the Oracle server is running.
A database password is not used for this type of login.
In order for the operating system to authenticate users, a DBA sets the init.ora
parameter OS_AUTHENT_PREFIX to some set value – the default value is OPS$ in order to provide for backward compatibility to earlier versions of Oracle
This prefix is used at the operating system level when the user's account username.
You can also use a NULL string (a set of empty double quotes: "" ) for the prefix so that the Oracle username exactly matches the Operating System user name. This eliminates the need for any prefix.

SQL> show parameter os_authent_prefix
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
os_authent_prefix string ops$
SQL>

If the OS_AUTHENT_PREFIX parameter is Not NULL, then set the parameter with the following command if using spfile.

SQL> alter system set OS_AUTHENT_PREFIX='' scope=spfile;

Restart the service of the Database.

The REMOTE_OS_AUTHENT parameter can be set to force acceptance of a client operating system user name from a nonsecure connection.
If the REMOTE_OS_AUTHENT parameter is FALSE (don’t allow OS authentication) set the parameter to TRUE
This is NOT a good security practice.
Setting REMOTE_OS_AUTHENT = FALSE creates a more secure configuration based on server based authentication of clients.
Changes in the parameter take effect the next time the instance starts and the database is mounted.

SQL> alter system set remote_os_authent=true scope=spfile;
System altered.

SQL> show parameter os_au
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
os_authent_prefix string ops$
remote_os_authent boolean TRUE
SQL>
SQL> create user ops$oracle identified externally;
User created.
SQL>
SQL> grant create session to ops$oracle;
Grant succeeded.

[oracle@localhost admin]$ sqlplus /
SQL*Plus: Release 11.2.0.4.0 Production on Thu Jan 11 08:30:49 2018
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> select user from dual;

USER
------------------------------
OPS$ORACLE

SQL>

ANURAG PANDEY

I am Anurag Pandey, working as Cloud Database Architect | Migration & Modernization Expert . Database Administration and Implementation. Provide technical guidance and work with global team. Extensive Experience in Database Installation and Configuration, Real Application Cluster (RAC), ASM, Dataguard , Patching, Upgrade, RMAN, Performance Tuning, Backup and Recovery, Azure, Google, AWS Cloud, AWS RDS, MySQL, Database Migration Service(DMS),CloudEndure - MGN, Azure Site Recovery, Azure Migrate, Datapump, terraform automation, Ansible

ORACLE DATABASE PROBLEM AND SOLUTIONS

Sunday, January 14, 2018

Oracle User Management :#02

External OS User Authentication in Oracle

No comments:

Post a Comment