Oracle Advanced Security Administrator's Guide Release 8.1.6 A76932-01 |
|
This chapter describes what you need to do to configure DCE to use Oracle DCE Integration after Oracle DCE Integration has been successfully installed.
This chapter contains the following topics:
See the list of related books and papers in "Related Publications" in the Preface.
More Information:
The following is a list of tasks with examples you need to follow to configure DCE to use DCE Integration. The tasks assume that a DCE cell has been configured and the machines being used are part of that cell.
As the DCE cell administrator, you need to perform the following tasks:
First, add server principals using a procedure like the one below:
% dce_login cell_admin password % rgy_edit Current site is: registry server at /.../cell1/subsys/dce/sec/master rgy_edit=>do p Domain changed to: principal rgy_edit=> add oracle rgy_edit=> do a Domain changed to: account rgy_edit=> add oracle -g none -o none -pw oracle_password -mp cell_admin_password rgy_edit=> quit
bye
In this example, you just created a DCE principal named oracle. The principal has a corresponding account with password password. The account does not belong to any DCE group or DCE profile.
You only need to do this once after DCE Integration has been installed. Also, you only need to do this procedure for the Oracle database server, not for the client.
In this step by step procedure, you install the key of the server into a keytab file: dcepa.key. This keytab file contains the password of the principal under which the Net8 listener starts. The Net8 listener reads this file to authenticate itself to DCE. You only need to do this once after DCE Integration has been installed. Also, you only need to do this procedure for the Oracle database server, not for the client.
.Enter the following commands to generate the keytab file.
% dce_login cell_admin password % rgy_edit Current site is: registry server at /.../cell1/subsys/dce/sec/master rgy_edit=> ktadd -p oracle -pw Oracle_password -f $ORACLE_HOME/dcepa/admin/dcepa.key rgy_edit=>quit bye
The /.:/subsys/oracle/names directory contains objects that map Net8 service names to connect descriptors, which are used by the CDS naming adapter.
The /.:/subsys/oracle/service_registry directory also contains objects that map the service name in DCE addresses to the network endpoint which is used by both DCE protocol adapter clients and servers.
Perform the steps in this section after installing DCE Integration for the first time in a cell.
% dce_login cell_admin Enter Password:(password not displayed) $ cdscp cdscp> create dir /.:/subsys/oracle cdscp> create dir /.:/subsys/oracle/names cdscp> create dir /.:/subsys/oracle/service_registry cdscp> exit
Perform the following steps to add the principal oracle to the cds-server group.
$ dce_login cell_admin Enter Password: (password not displayed) $ rgy_edit rgy_edit=> domain group Domain changed to: group rgy_edit=> member subsys/dce/cds-server -a oracle rgy_edit=> exit
Load Oracle service names into the Cell Directory Service.
More Information:
For instructions on how to configure clients and load Oracle service names into CDS, see Chapter 14, "Configuring Oracle for Oracle DCE Integration". |
|
![]() Copyright © 1999 Oracle Corporation. All Rights Reserved. |
|