Pages

Sunday, March 27, 2016

OS Authentication

OS Authentication

-Once authenticated by the operating system, users can connect to Oracle more conveniently, without specifying a user name or password. For example, an operating-system-authenticated user can invoke SQL*Plus and skip the user name and password prompts by entering the following:
SQLPLUS /

-With control over user authentication centralized in the operating system, Oracle need not store or manage user passwords, though it still maintains user names in the database.

-Audit trails in the database and operating system use the same user names.

Note: When an operating system is used to authenticate database users, managing distributed database environments and database links requires special care.

OS Authentication Configuration Steps

1. Create OS user
2. Set below parameters.
alter system set os_authent_prefix = ‘OPS$’ scope=spfile;
Note: Default parameter value is “OPS$”

If OS user is member of domain group then also set below parameter.

alter system set remote_os_authent=TRUE scope=spfile;
Note: Default parameter value is FALSE,

3. Edit sqlnet.ora file and set below line to NTS
Sqlnet.authentication_services=(NTS)

4. Bounce database
shutdown immediate
startup

5. Create Oracle User for OS authentication

First check OS username
select sys_context(‘USERENV’,’OS_USER’) from dual;

create user “OPS$USERNAME” identified by EXTERNALLY;

Note: Oracle username is must be same as OS user name and must be started with “OPS$”.

6. Test to connect through OS authentication

sqlplus /

No comments:

Post a Comment