Security :: Authentication For Connected User Database Links (release 11.x)
Jun 16, 2013
I know how to use database links in various forms, but I've been trying to think through how the authentication works for a connected user link in 11g. If I create the link like this,create public database link using 'orcl';then any user can use the link, provided they have an identical username/password in the two databases. With pre-11g passwords, it was understandable: the password was salted with the username, so the hash of the password would be the same in both databases, and I assumed that the logon through the link used some sort of IDENTIFIED BY VALUES mechanism. But in 11g, the salt will different in the two databases. So the hash will be different. And of course Oracle never stores the actual password. So I don't see how the authentication works.
View 4 Replies
ADVERTISEMENT
Jun 15, 2013
I know how to use database links in various forms, but I've been trying to think through how the authentication works for a connected user link in 11g. If I create the link like this,
create public database link using 'orcl';
then any user can use the link, provided they have an identical username/password in the two databases. With pre-11g passwords, it was understandable: the password was salted with the username, so the hash of the password would be the same in both databases, and I assumed that the logon through the link used some sort of IDENTIFIED BY VALUES mechanism. But in 11g, the salt will different in the two databases. So the hash will be different. And of course Oracle never stores the actual password. So I don't see how the authentication works.
View 1 Replies
View Related
Jan 24, 2013
We like to integrate the window LDAP to a new oracle database for user authentication. For example, this is a new test database and we don't have any users created.Now we like to figure out if we created the users with same id as in LDAP userid, how they can be authenticated externally by LDAP. I read and heard some info on OID provided by oracle but need some more step by step info to experiment.
View 3 Replies
View Related
Jul 17, 2012
When a user is renamed in Active Directory, they can no longer connect to the Oracle DB thru OS authentication. There is no OID/DIP integration.
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, HOSTNAME)
NAMES.DEFAULT_DOMAIN = cal.com.br
create user "CALRENATOH" IDENTIFIED EXTERNALLY
GRANT CREATE SESSION TO "CALRENATOH"
AD User CALRENATOH can connect to DB as 'sqlplus /'
But after renaming AD User CALRENATOH to CALRENATOH1 and dropping DB user CALRENATOH and creating DB user CALRENATOH1 drop user "CALRENATOH"; create user "CALRENATOH1" IDENTIFIED EXTERNALLY;
Now OS authentication 'sqlplus /' fails 'ORA-01017: invalid username/password; logon denied'..Once I recreate the DB user with old AD user name 'CALRENATOH', OS authentication succeeds. create user "CALRENATOH" IDENTIFIED EXTERNALLY;
C:Windowssystem32>set username
USERNAME=RENATOH1
C:Windowssystem32>sqlplus /@rmlab001
SQL*Plus: Release 11.1.0.6.0 - Production on Tue Jul 3 15:16:46 2012
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning and OLAP options
Why the Database is still looking for old AD user name? Does Oracle cache information about OS authenticated users?
View 0 Replies
View Related
Oct 16, 2012
how to mask data in oracle 11g database release 1
my environment is
Database: 11g release 1
os: AIX 6 (64 bit)
GC:10g release 1
View 12 Replies
View Related
Mar 28, 2013
I'd like to have my 11g database authenticate users against an OpenLDAP service. We'd still create accounts in the database, and do authorization within the database, but I'd just want to the user's passwords authenticated externally, against the OpenLDAP service. Is this possible? My searching through these forums and Google seems to indicate that you can do it if you run an Oracle Internet Directory (OID) service. I do not want to have to install and maintain an Oracle Internet Directory service. I'd like to do it without it.
I have a working PL/SQL function (below) that can authenticate a passed in username & password against our OpenLDAP directory. Is there any way for me to have Oracle call this function for the database user authentication? Or is there any other way for me to get the Oracle database to directly authenticate against OpenLDAP without having to run OID?
create or replace function ldap_authenticate(username varchar2, password varchar2)
return boolean is
begin
begin
if dbms_ldap.success = dbms_ldap.simple_bind_s(
[code]........
View 1 Replies
View Related
Jul 25, 2011
I have oracle 10g up and running on Solaris 10, from windows I would like to connect to sql plus through windows authentication, for that I have already made sure that remote_auth = true and have created user in oracle with OPS$. But still I cannot connect.
I have the same setup but with oracle on windows server, the os authentication from windows clients works just fine.
does oracle 10g on solaris 10 supports windows os authentication?
View 4 Replies
View Related
Aug 23, 2011
I have enabled Auditing in my oracle Database but I am not able to see any database for the operations of sys user or any other user in my "SYS.AUD$" and "SYS.FGA_LOG$" tables.
Value for the parameter "AUDIT_TRAIL" is set to "db,extended".
I am working as "SYS" user and I have shutdown and again startup the database but neither there was any information in both the tables nor I can see any files at the destination specified by "AUDIT_FILE_DEST".
View 10 Replies
View Related
Sep 16, 2011
How can i use OS authentication to login db?
SQL> connect / as sysdba
ERROR:
ORA-01031: insufficient privileges
sqlnet.ora text:
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
#SQLNET.AUTHENTICATION_SERVICES = (NTS)
SQLNET.INBOUND_CONNECT_TIMEOUT=1
View 18 Replies
View Related
Jan 5, 2013
What is happening here:
c:usersjohnhome>
c:usersjohnhome>orapwd file=%ORACLE_HOME%databasePWDorcl.ora password=oracle
c:usersjohnhome>sqlplus sys/garbage@orcl as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Sat Jan 5 18:25:06 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
orcl> sho user
USER is "SYS"
orcl> select sys_context('userenv','ip_address') from dual;
SYS_CONTEXT('USERENV','IP_ADDRESS')
---------------------------------------------------------------------------------------------------
127.0.0.1
orcl>Why can I get a sys login, when I am connecting through the listener and giving an incorrect password? The listening address is a loopback address, is Oracle clever enough to realize that I am in fact logged on to the server as a member of the OSDBA group? I didn't think that information was passed through SQL*Net.
View 3 Replies
View Related
Jul 15, 2013
I have been using oracle based database security but company now wants to handle with windows authentication.I have windows os 2008 R2 and oracle 11.2.0.3.
I also have set up the SQLNET.AUTHENTICATION_SERVICES= (NTS).I created user with create user "domainusername" identified Externally! but now how can i connection from application to database!
View 1 Replies
View Related
Sep 22, 2011
query to find the current user accessing the database
View 5 Replies
View Related
Nov 8, 2011
Is there a way to find out the user access the database?
View 1 Replies
View Related
Jun 19, 2013
Last week we have realized that a user who connects through SQL Developer(as nothing wrong found in application server logs) has made a serious change in the database which created a real mess. The user has done some mischief in some calculations by making some inserts and updates in some important tables in our production database.
How can I find which user or from which IP the change is made.
View 6 Replies
View Related
Jul 12, 2011
I have a doubt in locking user account in oracle database.I was told to drop some unusable users in database which my clients dont require them.I verified the dependent objects of those users but not sure if these users can be dropped.
Instead can i make those user accounts locked so that they cannot connect to database? Would there be any impact on database performance if i lock those user accounts?
Is locking an account and dropping users is similar in anyway?
View 12 Replies
View Related
Jun 9, 2011
I want to audit user connection on my reporting database, and send a report to application team on monthly basis, with a list of users who are not connected for a month and remove them.
What would be best method, i know there is LOGON trigger, or database level auditing.
View 14 Replies
View Related
Oct 20, 2010
If I'm looking on v$session - values in osuser column for some machines displayed with DOMAINNAME, and for other - without. Even same user (MYDOMAIN\ADMINISTRATOR) from 2 different machines displayed in 2 different ways on the same db:
MYDOMAIN\Administrator from machine A, and administrator from machine B.
Both machines are belongs to same windows domain. DB (oracle 10g) have no "DOMAIN" defined.
What make the difference? And can I somehow to affect this behaviour? I mean, can I define that all users will be displayed as DOMAINNAME\USERNAME or MACHINENAME\USERNAME(in case of no domain exists)?
View 8 Replies
View Related
Oct 20, 2010
If I'm looking on v$session - values in osuser column for some machines displayed with DOMAINNAME, and for other - without.Even same user (MYDOMAINADMINISTRATOR) from 2 different machines displayed in 2 different ways:
MYDOMAINAdministrator from machine A, and administrator from machine B.Both machines are belongs to same windows domain.
What make the difference?And can I somehow to affect this behaviour? I mean, can I define that all users will be displayed as DOMAINNAMEUSERNAME or MACHINENAMEUSERNAME(in case of no domain exists)?
View 6 Replies
View Related
Jul 27, 2010
Provide me the script which would track all the users security violations like ... say for example i want to find which users logged in and what he did in database prospective.
View 1 Replies
View Related
Mar 11, 2011
We are trying to implement the following security to our database.
As of now, the access rights are same for all the windows users logging into the Oracle application with the same Oracle user Id.
But now, we want to improve our security by granting different levels of rights to the users based on their Network Id even though they use the same Oracle User Id to log into the application.
We are not looking for the users to be identified externally.
(CREATE USER "OPS$ORACLE-BASE.COMTIM_HALL" IDENTIFIED EXTERNALLY;
GRANT CONNECT TO "OPS$ORACLE-BASE.COMTIM_HALL";
)
View 3 Replies
View Related
Dec 21, 2010
We have the database user called c88888 and is locked yesterday. I came to this with the following query.
select * from dba_users where username like 'C88888';
Due to invalid password the user was locked. Can we track who hit the database with the wrong password?
View 5 Replies
View Related
Jun 10, 2013
I am trying to retrieve info from multiple DBs and insert into a central DB via DB LINKS.The links are retrieved via a cursor.
However I keep coming up against 'PL/SQL: ORA-00942: table or view does not exist'..how to handle db_links using a cursor in a pl/sql block? The code is as follows:
DECLARE
db_link_rec VARCHAR2(30);
CURSOR db_link_cur IS
SELECT DB_LINK
from MESSAGING_PROD_LIST;
BEGIN
OPEN db_link_cur;
LOOP
FETCH db_link_cur INTO db_link_rec;
EXIT when db_link_cur%NOTFOUND;
[code]....
View 1 Replies
View Related
May 30, 2013
We are using the following statement to obtain a row lock in a table in the database(ORACLE 10G), SELECT * FROM {TABLE_NAME} WHERE ID = 1 for update and if we succeed grabbing the row lock we will continue to issue a update statement every 30 seconds to preserve the lock as far as possible. here is the update statement to preserve the lock,
UPDATE {TABLE_NAME} SET time = ? WHERE ID = 1.
As you see more longer we keep holding the row lock , more update statements are submitted in the pending transaction. In normal case our application can grab the exclusive row lock and works for a long time,however sometimes a connection reset exception is thrown and our application will close the connection(I assume the pending transaction will be rolled back by the database) and exit the JVM. Since other applications will keep trying to grab the same row lock to become the master role, we expect one of them can succeed but they are all failed because the database has not released the row lock as expected. how and when the row lock can get released in our use case?
View 14 Replies
View Related
Nov 29, 2011
am trying to downgrade my oracle database 10g release 10.2.0.2.0 to 10.2.0.1.0the reason for this is that i had to copy /oracle_home/bin utilities from 10.2.0.1 to 10.2.0.2 because of this most utilities like rman,dbca were not working.
i think i need to downgrade my oracle database 10g release to 10.2.0.1.0 right?i read some oracle documentations of database downgrade instruciting me to
>take full backup of oracle DB
>ORACLE_HOME/bin/emctl stop dbconsole
SQL> STARTUP DOWNGRADE
DROP USER sysman CASCADE;
>SQL> SPOOL downgrade.log
[code]....
View 1 Replies
View Related
Sep 12, 2011
User A contains tables, views, LOB's, types, procedures, triggers, sequences, indexes, synonyms. User B wants to have read-only privilege on the objects of User A.
I can provide select on privilege on tables and views. How about providing read-only privileges to other objects?
View 1 Replies
View Related
Jan 4, 2013
We have 11.2.0.3 RAC on Oracle Virtual Box,OEL 5.8. Storage is ASM on EMC SAN.Even when the database is not connected to application and thus open but idle and none is working on it, and all other virtual machines are powered off, we are still getting a continuous i/o in SAN.Since I am new to RAC setup I need to know the few things...
1.Is it normal behaviour?
2.If yes, what is the reason of this i/o? Is it due to continuous ping on voting disk?..write in OCR? automatic backup of OCR?
Attached File(s)
SAN_I0_Issue.png ( 65.33K )
Number of downloads: 2
View 2 Replies
View Related
May 15, 2010
Through RMAN i have to connect to two databases having same name but the databases are at two different nodes.Can RMAN recognise the 2 databases.If yes how? I want to know the command.
View 1 Replies
View Related
Jun 26, 2013
Is it possible to use Database authentication in APEX through database link, and how?Also is it posible to read roles from users through database link?
View 3 Replies
View Related
May 16, 2013
I have a view called V_MEDGEN_LISTRADIO but I can't run SELECT * FROM V_MEDGEN_LISTRADIO
ORA-02020: too many database links in useThe cause is that we call in the view 5 tables over dblink and the open_links parameter is set to 4.
What is strange is that when I run this select by adding a where clause then it works!
SELECT * FROM V_MEDGEN_LISTRADIO WHERE SPRR = 3645;
(use of index so all tables are not called ?)
View 4 Replies
View Related
Mar 13, 2013
Is Oracle Database 11g Release 2 (11.2.0.3.0) available for IBM AIX on POWER Systems (64-bit), Or do we need to upgrade 11.2.0.1 to 11.2.0.3.0.
View 4 Replies
View Related