Skip Headers
Oracle® Database Net Services Administrator's Guide
11g Release 1 (11.1)

B28316-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

9 Configuring Profiles

This chapter describes how to configure client and server configuration parameters in profiles. A profile is a collection of parameters that specifies preferences for enabling and configuring Oracle Net features on the client or database server. A profile is stored and implemented through the sqlnet.ora file.

This chapter contains these topics:

9.1 Profile Configuration Overview

You can use a profile to:

9.2 Profile Configuration During Installation

Oracle Universal Installer launches Oracle Net Configuration Assistant after software installation on the client and server. Oracle Net Configuration Assistant configures the order of the naming methods that the computer uses to resolve a connect identifier to a connect descriptor.

Configuration with the Oracle Net Configuration Assistant during installation results in the following entries in the sqlnet.ora file:

NAMES.DIRECTORY_PATH=(ezconnect,tnsnames)

NAMES.DIRECTORY_PATH specifies the priority order of the naming methods to use to resolve connect identifiers.

If the installed configuration is not adequate, you can use Oracle Net Manager to enhance the sqlnet.ora configuration.

9.3 Configuring Client Attributes for Names Resolution

The following sections describe available client configuration options:

9.3.1 Configuring a Default Domain for Clients

In environments where the client often requests names from a specific domain, it is appropriate to set a default domain in the client sqlnet.ora file with the NAMES.DEFAULT_DOMAIN parameter.

When a default domain is set, it is automatically appended to any unqualified net service name given in the connect string, and then compared to net service names stored in a tnsnames.ora file.

For example, if the client tnsnames.ora file contains a net service name of sales.us.example.com, the user can enter the following connect string:

CONNECT scott@sales
Enter password: password

In this example, sales gets searched as sales.us.example.com.

If the connect string includes the domain extension, such as in CONNECT scott@sales.us.example.com, the domain is not appended. If a net service name in a tnsnames.ora file is not domain qualified and this parameter is set, the net service name must be entered with a dot ("."). For example, if domain is set to us.example.com and the client tnsnames.ora file contains a net service name of sales, the user would enter the following connect string:

CONNECT scott@sales
Enter password: password

To specify a default domain:

  1. Start Oracle Net Manager.

  2. In the navigator pane, expand Local > Profile.

  3. From the list in the right pane, select Naming.

  4. Click the Methods tab.

  5. In the Default Domain field, enter the domain.

  6. Choose File > Save Network Configuration.

    The sqlnet.ora file should contain an entry that looks like the following:

    NAMES.DEFAULT_DOMAIN=us.example.com
    

9.3.2 Prioritizing Naming Methods

After naming methods are configured, as described in Chapter 8, "Configuring Naming Methods", they must be prioritized. The naming method at the top of the list is used first to resolve a connect identifier. If the first naming method in the list is unable to resolve the connect identifier, then the second method in the list is used.

To specify the order of naming methods:

  1. Start Oracle Net Manager.

  2. In the navigator pane, expand Local > Profile.

  3. From the list in the right pane, select Naming.

  4. Click the Methods tab.

    Table 9-1 describes the naming method values listed in the Methods tab.

    Table 9-1 Naming Method Values

    Naming Method Value Description

    TNSNAMES (local naming method)

    Select to resolve a net service name through the tnsnames.ora file on the client.

    See Also: "Configuring the Local Naming Method"

    LDAP (directory naming method)

    Select to resolve a database service name, net service name, or net service alias through a directory server.

    See Also: "Configuring the Directory Naming Method"

    EZCONNECT or HOSTNAME (easy connect naming or host naming method)

    Select to enable clients to use a TCP/IP connect identifier, consisting of a host name and optional port and service name, or resolve a host name alias through an existing names resolution service or centrally maintained set of /etc/hosts files.

    See Also: "Using the Easy Connect Naming Method"

    CDS (CDS external naming method)

    Set to resolve an Oracle Database name in a Distributed Computing Environment (DCE) environment.

    See Also: Oracle Database Advanced Security Administrator's Guide

    NIS (Network Information Service (NIS) external naming method)

    Set to resolve service information through an existing NIS.

    See Also: "Network Information Service"


  5. Select naming methods from the Available Methods list, and then click the right-arrow button.

    The selected naming methods move to the Selected Methods list.

  6. Order the naming methods according to the order in which you want Oracle Net to try to resolve the net service name or database service name. Select a naming method in the Selected Methods list, and then click Promote or Demote to move the selection up or down in the list.

  7. Choose File > Save Network Configuration.

    The sqlnet.ora file updates with the NAMES.DIRECTORY_PATH parameter:

    NAMES.DIRECTORY_PATH=(ldap, tnsnames)
    

9.3.3 Routing Connection Requests

Clients and servers acting as clients can be configured so connection requests are directed to a specific process. To configure this feature so that all connections use a particular server, you choose the Always Use Dedicated Server option in Oracle Net Manager. This sets the sqlnet.ora parameter USE_DEDICATED_SERVER to force the listener to spawn a dedicated server for all network sessions from the client. The result is a dedicated server connection, even if shared server is configured.

To route connection requests:

  1. Start Oracle Net Manager.

  2. In the navigator pane, expand Local > Profile.

  3. From the list in the right pane, select General.

  4. Click the Routing tab.

  5. Select the preferred way that you want connection requests routed.

    See Also:

    Table 9-3, "Advanced Settings in sqlnet.ora" for a description of the fields and options
  6. Choose File > Save Network Configuration.

9.4 Configuring Database Access Control

You can configure the sqlnet.ora file to allow access to some clients and deny access to others. Table 9-2 describes the available settings.

Table 9-2 Access Control Settings in sqlnet.ora

Oracle Net Manager Field/Option sqlnet.ora File Parameter Description

Check TCP/IP client access rights

TCP.VALIDNODE_CHECKING

Use to specify whether to screen access to the database.

If this field is selected, Oracle Net Manager checks the parameters TCP.EXCLUDED_NODES and TCP.VALIDNODE_CHECKING to determine which clients to allow access to the database. If this field is deselected, Oracle Net Manager does not screen clients.

Clients excluded from access

TCP.EXCLUDED_NODES

Use to specify which clients using the TCP/IP protocol are denied access to the database.

Clients allowed to access

TCP.INVITED_NODES

Use to specify which clients using the TCP/IP protocol are allowed access to the database.


To configure database access control:

  1. Start Oracle Net Manager.

See Also:

"Oracle Net Manager" on page 5-3
  1. In the navigator pane, expand Local > Profile.

  2. From the list in the right pane, select General.

  3. Click the Access Rights tab.

  4. Select the Check TCP/IP client access rights option.

  5. In the Clients excluded from access and Clients allowed to access fields, enter either a host name or an IP address for a client that you want to include or exclude, using commas to delimit entries placed on the same line.

9.5 Configuring Advanced Profile Information

Table 9-3 describes the advanced sqlnet.ora file settings that you can set.

Table 9-3 Advanced Settings in sqlnet.ora

Oracle Net Manager Field/Option sqlnet.ora File Parameter Description

Send operation Time Out

SQLNET.SEND_TIMEOUT

Use to specify the time, in seconds, for a database server to complete a send operation to clients to complete after connection establishment.

For environments in which clients shut down on occasion or abnormally, setting this parameter is recommended. If the database server is unable to complete a send operation in the time specified, then it logs an ORA-12535: TNS:operation timed out and ORA-12608: TNS: Send timeout occurred to the sqlnet.log file.

Without this parameter, the database server continues to send responses to clients that are unable to receive data due to a downed computer or a busy state.

You can also set this parameter on the client side to specify the time, in seconds, for a client to complete send operations to the database server after connection establishment. Without this parameter, the client may continue to send requests to a database server already saturated with requests.

Receive operation Time Out

SQLNET.RECV_TIMEOUT

Use to specify the time, in seconds, for a database server to wait for client data after connection establishment. A client must send some data within time interval.

For environments in which clients shut down on occasion or abnormally, setting this parameter is recommended. If a client does not send any data in time specified, then the database server logs an ORA-12535: TNS:operation timed out and ORA-12609: TNS: Receive timeout occurred to the sqlnet.log file.

Without this parameter, the database server continues to wait for data from clients that may be down or are experiencing difficulties.

You can also use this setting on the client side to specify the time, in seconds, for a client to wait for response data from the database server after connection establishment. Without this parameter, the client may wait for a long period of time for a response from a database server saturated with requests.

Connection Time Out

SQLNET.INBOUND_CONNECT_TIMEOUT

Specify the time, in seconds, for a client to connect with the database server and provide the necessary authentication information.

See Also: "Configuring the Listener and the Oracle Database To Limit Resource Consumption By Unauthorized Users" for complete information about configuring this setting

Total Send Buffer Size

SEND_BUF_SIZE

Specify the buffer space limit for send operations of sessions.

See Also: "Configuring I/O Buffer Space" for complete information about configuring this setting

Total Receive Buffer Size

RECV_BUF_SIZE

Specify the buffer space limit for receive operations of sessions.

See Also: "Configuring I/O Buffer Space" for complete information about configuring this setting

TNS Time Out Value

SQLNET.EXPIRE_TIME

Use to specify a specify the time interval, in minutes, to send a probe to verify that client/server connections are active. Setting a value greater than 0 ensures that connections are not left open indefinitely, due to an abnormal client termination. If the probe finds a terminated connection, or a connection that is no longer in use, it returns an error, causing the server process to exit. This setting is intended for the database server, which typically handles multiple connections at any one time.

Limitations on using this terminated connection detection feature are:

  • It is not allowed on bequeathed connections.

  • Though very small, a probe packet generates additional traffic that may downgrade network performance.

  • Depending on which operating system is in use, the server may need to perform additional processing to distinguish the connection probing event from other events that occur. This can also result in downgrading network performance.

Client Registration ID

SQLNET.CLIENT_REGISTRATION

Use to specify a unique identifier for a client. This identifier is passed to the listener with any connection request. The identifier can be any string up to 128 characters long.

Logon Authentication Protocol Version

SQLNET.ALLOWED_LOGON_VERSION

Use to define the minimum Oracle Database client version that is allowed to attempt connections to database instances under the control of the given code tree. Each connection attempt is tested. If the client or server does not meet the minimum version specified by its partner, then authentication fails with an ORA-28040 error.

Supported values include:

  • 11 for Oracle Database 11g authentication protocols (recommended for strongest protection)

  • 10 for Oracle Database 10g authentication protocols

  • 9 for Oracle9i authentication protocols

  • 8 for Oracle8i authentication protocols

The default value is 8. Note the following implications of setting the value to 11:

  • To take advantage of the password protections introduced in Oracle Database 11g, users must change their passwords so that old password verifiers are purged from the system.

  • Pre-Oracle Database Release 11.1 client applications or JDBC thin clients cannot authenticate to the Oracle database using password-based authentication.

See Also: Oracle Database Advanced Security Administrator's Guide

Turn Off UNIX Signal Handling

BEQUEATH_DETACH

Use to turn on or off UNIX signal handling.

Since the client application spawns a server process internally through the Bequeath protocol as a child process, the client application becomes responsible for cleaning up the child process when it completes. When the server process completes its connection responsibilities, it becomes a defunct process. Signal handlers are responsible for cleaning up these defunct processes. Setting this parameter configures the client profile to pass this process to the UNIX initialization process by disabling signal handlers.

Disable Out-of-Band Break

DISABLE_OOB

Use to turn on or off out-of-band breaks.

If deselected or set to off, enables Oracle Net to send and receive "break" messages using urgent data provided by the underlying protocol.

If selected or set to on, disables the ability to send and receive "break" messages using urgent data provided by the underlying protocol. Once enabled, this feature applies to all protocols used by this client.

See Also: Oracle operating system-specific documentation to determine if the protocol supports urgent data requests. TCP/IP is an example of a protocol that supports this feature.


To set advanced features:

  1. Start Oracle Net Manager.

  2. In the navigator pane, expand Local > Profile.

  3. From the list in the right pane, select General.

  4. Click the Advanced tab.

  5. Enter the values for the fields or options you want to set.

    See Also:

    Table 9-3, "Advanced Settings in sqlnet.ora" for a description of the fields and options
  6. Choose File > Save Network Configuration.

9.6 Configuring External Naming Methods

Configure required client parameters needed for the NIS external naming or the CDS external naming method in the profile. Table 9-4 describes the sqlnet.ora file external naming settings that you can set.

Table 9-4 External Naming Methods Settings in sqlnet.ora

Oracle Net Manager Field sqlnet.ora File Parameter Description

Cell Name

NAMES.DCE.PREFIX

Enter a valid DCE cell name (prefix).

Meta Map

NAMES.NIS.META_MAP

Specify the map, a special file that contains the database service name.


To configure external naming method parameters:

  1. Start Oracle Net Manager.

  2. In the navigator pane, expand Local > Profile.

  3. From the list in the right pane, select Naming.

  4. Enter a value in the appropriate field for the external naming method you are using.

  5. Choose File > Save Network Configuration.

9.7 Configuring Oracle Advanced Security

Oracle Advanced Security enables data encryption and integrity checking, enhanced authentication, single sign-on, and support for DCE. Oracle Advanced Security also provides centralized user management on LDAP-compliant directory servers and certificate-based single sign-on; this functionality relies on the Secure Sockets Layer (SSL).

To configure a client or server to use Oracle Advanced Security features:

  1. Start Oracle Net Manager.

  2. In the navigator pane, expand Local > Profile.

  3. From the list in the right pane, select Oracle Advanced Security.

    Each Oracle Advanced Security tab page enables you to configure a separate set of parameters.

    See Also:

    • Choose the Help button on the particular tab page

    • Oracle Advanced Security procedural topics in the Oracle Net Manager online help. To access these topics in the online help, choose Oracle Advanced Security > How To.

    • Oracle Database Advanced Security Administrator's Guide for further information about configuration

  4. Select or edit options as applicable.

  5. Choose File > Save Network Configuration.