Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
V
W
X
A
- accounting, RADIUS, 4-19
- activating checksumming and encryption, 2-6
- adapters, 1-15
- architecture of SSL
- in an Oracle environment, 7-3
- with other authentication methods, 7-9
- asynchronous (challenge-response) authentication mode in RADIUS, 4-5
- authenticated RPC
- protocol adapter includes, 10-4
- authentication, 1-8, 1-15
- configuring multiple methods, 9-5
- methods, 1-11
- modes in RADIUS, 4-4
- authorization, 1-14
B
- benefits of Oracle Advanced Security, 1-5
C
- C:\ORANT, defined, xxxii
- C:\ORAWIN95, defined, xxxii
- Cell Directory Service (CDS)
- cds_attributes file
- modifying for name resolution in CDS, 12-14
- naming adapter components, 10-5
- naming adapter includes, 10-5
- Oracle service names, 10-5
- using to perform name lookup, 12-14
- certificate authority, 7-4, 8-2
- certificates
- creation, 8-2
- definition, 7-4
- challenge-response (asynchronous) authentication in RADIUS, 4-5
- cipher block chaining mode, 1-6
- cipher suites
- SSL, B-10
- client authentication in SSL, requiring, 7-29
- combining SSL with other authentication methods, 7-8
- configuration files
- CyberSafe, B-2
- Kerberos, B-3
- configuring
- clients for DCE integration, 12-11
- clients to use DCE CDS naming, 12-13
- CyberSafe authentication service parameters, 5-6
- DCE to use DCE Integration, 11-2
- Kerberos authentication service parameters, 6-5
- Oracle Net/DCE external roles, 12-7
- Oracle server with CyberSafe, 5-3
- Oracle server with Kerberos, 6-3
- RADIUS authentication, 4-10
- shared schemas, 15-20
- SSL, 7-14
- on the client, 7-14, 8-9
- on the server, 7-24
- Thin JDBC support, 3-1
- connecting
- across cells, 12-6
- to an Oracle database
- to verify roles, 12-8
- to an Oracle server in DCE, 13-3
- with username/password, 13-3
- without username and password, 13-3
- with username/password, 9-2
- creating
- Oracle directories in CDS, 11-3
- principals and accounts, 11-2
- CyberSafe, 1-12
- authentication parameters, B-2
- enabling authentication, 5-2
- sample for sqlnet.ora file, A-3
- system requirements, 1-18
- CyberSafe Challenger
- system requirements, 1-18
D
- Data Encryption Standard (DES), 2-2
- DES40 encryption algorithm, 2-3
- Triple-DES encryption, 1-6
- triple-DES encryption algorithm, 2-2
- data integrity, 1-7
- data privacy, 1-5
- DCE.AUTHENTICATION parameter, 12-11
- DCE.LOCAL_CELL_USERNAMES parameter, 12-11
- DCE.PROTECTION parameter, 12-11
- DCE.TNS_ADDRESS_OID parameter, 12-11
- DCE.TNS_ADDRESS.OID parameter
- modifying in protocol.ora file, 12-15
- Diffie-Hellman key negotiation algorithm, 2-5
- digital signatures, 8-2
- Distributed Computing Environment (DCE)
- backward compatibility, 10-2
- CDS naming adapter components, 10-5
- communication and security, 10-4
- components, 10-4
- configuration files required, 12-4
- configuring a server, 12-4
- configuring clients for DCE integration, 12-11
- configuring clients to use DCE CDS naming, 12-13
- configuring server, 12-4
- configuring to use DCE Integration, 11-2
- connecting
- to an Oracle database, 13-1
- connecting clients without access to DCE and CDS, 14-2
- connecting to an Oracle server, 13-3
- externally-authenticated accounts, 12-5
- listener.ora parameters, 12-2
- mapping groups to Oracle roles,syntax, 12-7
- overview, 10-3
- protocol.ora file parameters, 12-11
- REMOTE_OS_AUTHENT parameter, 12-5
- sample address in tnsnames.ora file, 12-15
- sample listener.ora file, 14-3
- sample parameter files, 14-3
- sample tnsnames.ora file, 14-3
- Secure Core services, 10-7
- setting up external roles, 12-7
- starting the listener, 13-2
- tnsnames.ora files, 12-2
- verifying DCE group mapping, 12-8
- verifying dce_service_name, 13-2
E
- encryption, 1-17
- encryption and checksumming
- activating, 2-6
- client profile encryption, A-10
- negotiating, 2-8
- parameter settings, 2-10
- server encryption level setting, A-5
- server encryption selected list, A-7
- enterprise user security, 15-1
- certificate service, 15-32
- components, 15-7, 15-27
- database clients, 15-52
- database configuration, 15-35
- directory service, 15-32
- enterprise domains, 15-8, 15-53, 15-62
- enterprise roles, 15-7
- enterprise users, 15-7, 15-54, 15-57
- global roles, 15-7
- groups
- OracleDBCreators, 15-10
- OracleDBSecurity, 15-10
- Oracle Enterprise Security Manager, 15-4
- overview, 15-3
- private key decryption fails, 15-74
- roles, 15-49
- schemas, 15-49
- shared schemas, 15-19
- SSL, 15-39
- troubleshooting, 15-73, 15-74
- default username not supported, 15-73
- invalid username/password, 15-73
- no global roles, 15-72
- ORA-28030, 15-74
- tracing, 15-75
- Entrust Technologies, Inc., 8-2
- Entrust/PKI for Oracle, 8-4
- Entrust/PKI Software, 1-11, 8-1, 8-2
- authentication, 8-7, 8-8
- authority, 8-5
- certificate revocation, 8-3
- components, 8-4
- configuring
- client, 8-10
- server, 8-11
- creating database users, 8-13
- Entelligence, 8-5
- IPSEC Negotiator Toolkit, 8-6
- issues and restrictions, 8-13
- key management, 8-3
- profiles, 8-8
- administrator-created, 8-8
- user-created, 8-9
- RA, 8-5
- toolkit server login, 8-5
F
- features, new
- enterprise user security, 15-1
- FIPS 140-1, D-1
- Java SSL, E-1
- Oracle Enterprise Login Assistant, 17-1
- Oracle Enterprise Security Manager, 18-1
- Oracle Wallet Manager, 16-1
- RADIUS authentication, 4-1
- SSL authentication, 7-1, 8-1
- Federal Information Processing Standard, 1-6
- FIPS, 1-6
- FIPS 140-1
- configuration, xxv
- sqlnet.ora parameters, D-2
G
- Global Directory Service (GDS), 10-5
H
- handshake
- SSL, 7-6
- HTTPS, 7-7
I
- IIOP (Internet Inter-ORB Protocol)
- secured by SSL, 7-7
- initialization parameter file
- parameters for clients and servers using CyberSafe, B-2
- parameters for clients and servers using Kerberos, B-3
- parameters for clients and servers using RADIUS, B-4
- parameters for clients and servers using SSL, B-9
- installing
- key of server, 11-2
- internet, 7-7
- Internet Domain Service (DNS), 10-5
J
- Java Byte Code Obfuscation, 3-4
- JDBC
- configuration parameters, 3-5
- implementation of Oracle Advanced Security, 3-2
- Oracle extensions, 3-2
- Oracle O3LOGON, 3-3
- thin driver features, 3-3
K
- Kerberos, 1-12
- authentication adapter utilities, 6-12
- enabling authentication, 6-2
- sample for sqlnet.ora file, A-3
- system requirements, 1-18
- kinstance (CyberSafe), 5-3
- kinstance (Kerberos), 6-3
- kservice (Kerberos), 6-3
L
- LAN environments
- vulnerabilities of, 1-2
- LDAP, 1-14
- Listener, 15-40
- listener
- starting in the DCE environment, 13-2
- listener endpoint, setting on server when configuring SSL, 7-31
- listener.ora file, 15-43
- parameters for DCE, 12-4
- logging into Oracle
- using DCE authentication, 13-3
M
- managing roles with RADIUS server, 4-21
- mapping DCE groups
- to Oracle roles, 12-7
- MD5 message digest algorithm, 2-4
- Multi-Protocol Interchange
- not supported with DCE, 10-8
N
- NAMES.DIRECTORY_PATH parameter, 12-17
- Netscape Communications Corporation, 7-2
- network protocol boundaries, 1-17
- new features, 15-1
- FIPS 140-1, D-1
- Java SSL, E-1
- Oracle Enterprise Login Assistant, 17-1
- Oracle Enterprise Security Manager, 18-1
- Oracle Wallet Manager, 16-1
- RADIUS authentication, 4-1
- SSL authentication, 7-1, 8-1
O
- obfuscation, 3-4
- okdstry
- Kerberos adapter utility, 6-12
- okinit
- Kerberos adapter utility, 6-12
- oklist
- Kerberos adapter utility, 6-12
- ORA-1004 error, 15-73
- ORA-1017 error, 15-73
- ORA-12560 error, 15-74
- ORA-12650 error message, A-8
- Oracle Advanced Security
- checksum sample for sqlnet.ora file, A-2
- configuration parameters, 3-5
- disabling authentication, 9-3
- encryption sample for sqlnet.ora file, A-2
- Java implementation, 3-2, 3-4
- SSL features, 7-2
- Oracle Connection Manager, 1-17
- Oracle Enterprise Login Assistant, 15-27
- Oracle Enterprise Security
- procedure, 15-31
- Oracle Enterprise Security Manager, 15-20
- introduction, 18-2
- Oracle Java SSL
- cipher suite, E-3
- features, E-3
- Oracle Net, 15-40
- Oracle parameters
- authentication, 9-7
- Oracle Password Protocol, 3-4
- Oracle service names
- loading into CDS, 12-16
- Oracle Wallet Manager, 15-28
- key management, E-4
- Oracle Wallet manager, 8-2, 15-44
- ORACLE_BASE
- explained, xxxii
- ORACLE_HOME
- explained, xxxii
- OracleDBCreators group, 15-10
- OracleDBSecurity group, 15-10
- OS_AUTHENT_PREFIX parameter, 9-8
- CyberSafe authentication, 5-8
- OS_ROLES parameter, setting, 12-7
- OSS.SOURCE.MY_WALLET parameter, 7-18, 7-25
P
- parameters
- authentication, B-1
- CyberSafe, B-2
- Kerberos, B-3
- RADIUS, B-4
- SSL, B-9
- configuration for JDBC, 3-5
- encryption and checksumming, 2-10
- PKI, 1-11, 8-2
- protocol adapter error, 15-74
- protocol.ora file
- DCE.AUTHENTICATION parameter, 12-11
- DCE.LOCAL_CELL_USERNAMES parameter, 12-11
- DCE.PROTECTION parameter, 12-11
- DCE.TNS_ADDRESS_OID parameter, 12-11
- parameter for CDS, 12-12
- protocols, 1-17
- public key infrastructure, 1-11, 8-2
- public/private key pair, 8-2
R
- RADIUS, 1-11
- accounting, 4-19
- asynchronous (challenge-response) authentication mode, 4-5
- authentication modes, 4-4
- authentication parameters, B-4
- challenge-response (asynchronous) authentication, 4-5
- challenge-response (asynchronous) authentication, customizing challenge-response user interface, C-1, D-1
- Challenge-Response user interface, C-2
- configuring, 4-10
- customizing the Challenge-Response user interface, C-3
- location of secret key, 4-16
- sample for sqlnet.ora file, A-3
- smartcards and, 1-11, 4-8, 4-17, C-2
- synchronous authentication mode, 4-4
- system requirements, 1-18
- RC4 encryption algorithm, 1-6, 2-3
- realm (CyberSafe), 5-3
- realm (Kerberos), 6-3
- REMOTE_OS_AUTHENT parameter
- CyberSafe authentication, 5-8
- requiring client authentication in SSL, 7-29
- restrictions, 1-19
- revocation, 8-3
- roles
- managing with RADIUS server, 4-21
- roles, external, mapping to DCE groups, 12-7
- RSA, 1-6
S
- secret key
- location in RADIUS, 4-16
- Secure Sockets Layer
- industry standard protocol, 7-2
- See SSL
- Secure Sockets Layer (SSL), 8-2
- SecurID, 4-5
- token cards, 4-5
- security
- between Oracle and non-Oracle clients and servers, 7-7
- Internet, 1-2
- Intranet, 1-2
- threats, 1-2
- data tampering, 1-3
- dictionary attacks, 1-3
- eavesdropping, 1-2
- falsifying identities, 1-3
- password-related, 1-3
- SERVICE parameter, B-2
- shared schema, 15-49
- shared schemas, 15-20
- SSL, 15-20
- single sign-on, 1-11, 8-3, 13-3
- smartcards, 1-12
- and RADIUS, 1-11, 4-8, 4-17, C-2
- SQLNET.AUTHENTICATION_GSSAPI_ parameter, B-2
- SQLNET.AUTHENTICATION_GSSAPI_SERVICE parameter, 5-7
- SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8
- SQLNET.AUTHENTICATION_SERVICES parameter, 4-12, 5-7, 6-8, 7-23, 7-30, 7-31, 9-4, 9-5, B-2
- SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 2-14, A-6
- SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 2-14, A-6
- SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 2-14, A-9
- SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 2-14, A-9
- SQLNET.CRYPTO_SEED parameter, 2-12, A-10
- SQLNET.ENCRYPTION_CLIENT parameter, 2-12, A-5
- SQLNET.ENCRYPTION_SERVER parameter, 2-12, A-5
- SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 2-12, A-8
- SQLNET.ENCRYPTION_TYPES_SERVER parameter, 2-12, A-7
- SQLNET.FIPS_140 parameter, D-3
- SQLNET.KERBEROS5_CC_NAME parameter, 6-9
- SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9
- SQLNET.KERBEROS5_CONF parameter, 6-9
- SQLNET.KERBEROS5_CONF_MIT parameter, 6-9
- SQLNET.KERBEROS5_KEYTAB parameter, 6-10
- SQLNET.KERBEROS5_REALMS parameter, 6-10
- sqlnet.ora file, 15-42
- Common sample, A-3
- CyberSafe sample, A-3
- Kerberos sample, A-3
- modifying so CDS can resolve names, 12-17
- NAMES.DIRECTORY_PATH parameter, 12-17
- Oracle Advanced Security checksum sample, A-2
- Oracle Advanced Security encryption sample, A-2
- OSS.SOURCE.MY_WALLET parameter, 7-18, 7-25
- parameters for clients and servers using CyberSafe, B-2
- parameters for clients and servers using Kerberos, B-3
- parameters for clients and servers using RADIUS, B-4
- parameters for clients and servers using SSL, B-9
- parameters for FIPS 140-1, D-2
- RADIUS sample, A-3
- sample, A-2
- SERVICE parameter, B-2
- SQLNET.AUTHENTICATION_GSSAPI_ parameter, B-2
- SQLNET.AUTHENTICATION_GSSAPI_SERVICE parameter, 5-7
- SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8
- SQLNET.AUTHENTICATION_SERVICES parameter, 5-7, 6-8, 7-23, 7-30, 7-31, 9-4, 9-5, B-2
- SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 2-14, A-6
- SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 2-14, A-6
- SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 2-14, A-9
- SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 2-14, A-9
- SQLNET.CRYPTO_SEED parameter, 2-12, A-10
- SQLNET.ENCRYPTION_CLIENT parameter, A-5
- SQLNET.ENCRYPTION_SERVER parameter, 2-12, A-5
- SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 2-12, A-8
- SQLNET.ENCRYPTION_TYPES_SERVER parameter, 2-12, A-7
- SQLNET.FIPS_140 parameter, D-3
- SQLNET.KERBEROS5_CC_NAME parameter, 6-9
- SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9
- SQLNET.KERBEROS5_CONF parameter, 6-9
- SQLNET.KERBEROS5_CONF_MIT parameter, 6-9
- SQLNET.KERBEROS5_KEYTAB parameter, 6-10
- SQLNET.KERBEROS5_REALMS parameter, 6-10
- SSL sample, A-2
- SSL_CLIENT_AUTHENTICATION parameter, 7-30
- SSL_CLIENT_AUTHETNICATION parameter, 7-18
- SSL_VERSION parameter, 7-23, 7-29
- Trace File Set Up sample, A-2
- SQLNET.RADIUS_ALTERNATE parameter, 4-19
- SQLNET.RADIUS_ALTERNATE_PORT parameter, 4-19
- SQLNET.RADIUS_ALTERNATE_RETRIES parameter, 4-19
- SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter, 4-19
- SQLNET.RADIUS_SEND_ACCOUNTING parameter, 4-20
- SSL, 1-11, 8-1, 8-2, 15-39
- authentication parameters, B-9
- authentication process in an Oracle environment, 7-6
- authorization, 7-13
- certificate, 7-4
- certificate authority, 7-4
- cipher suites, B-10
- client authentication parameter, B-11
- components in an Oracle environment, 7-4
- configuring on the client, 7-14, 8-9
- configuring on the server, 7-24
- enabling, 7-14, 8-8
- handshake, 7-6
- privileges, 7-13
- requiring client authentication, 7-29
- roles, 7-13
- sample for sqlnet.ora file, A-2
- Secure Sockets Layer, 7-2
- shared schemas, 15-20
- system requirements, 1-18
- version parameter, B-11
- wallet, 7-4
- wallet location, parameter, B-13
- with other authentication methods, 7-8
- SSL_CLIENT_AUTHENTICATION parameter, 7-18, 7-30
- SSL_VERSION parameter, 7-23, 7-29
- synchronous authentication mode, RADIUS, 4-4
- system requirements, 1-18
- CyberSafe, 1-18
- DCE integration, 10-2
- Kerberos, 1-18
- RADIUS, 1-18
- SSL, 1-18
T
- Thin JDBC support, 3-1
- TNS lost connection, 15-73
- tnsnames.ora file, 15-43
- loading into CDS using tnnfg, 12-16
- modifying to load connect descriptors into CDS, 12-15
- renaming, 12-17
- token cards, 1-13
- trace file
- set up sample for sqlnet.ora file, A-2
- trust points, 8-2
V
- viewing mapping in CDS namespace, for listener endpoint, 13-2
W
- wallets
- changing a password, 16-18
- closing, 16-14
- creating, 16-12
- definition, 7-5
- deleting, 16-17
- managing, 16-12
- managing certificates, 16-20
- managing trusted certificates, 16-24
- opening, 16-13
- saving, 16-16
- setting location, 7-17, 7-25
X
- X.509, 8-3