Oracle Advanced Security Administrator's Guide Release 8.1.6 A76932-01 |
|
This appendix lists describes encryption and data integrity parameters supported by Oracle Advanced Security. It also includes an example of a sqlnet.ora
file generated after you perform the network configuration described in Chapter 2 and Chapter 10.
This appendix covers the following topics:
This section contains a sample sqlnet.ora
configuration file for a set of clients with similar characteristics and a set of servers with similar characteristics. The file includes examples of Oracle Advanced Security encryption and data integrity parameters.
#Trace file setup trace_level_server=16 trace_level_client=16 trace_directory_server=/orant/network/trace trace_directory_client=/orant/network/trace trace_file_client=cli trace_file_server=srv trace_unique_client=true
#ASO Encryption sqlnet.encryption_server=accepted sqlnet.encryption_client=requested sqlnet.encryption_types_server=(RC4_40) sqlnet.encryption_types_client=(RC4_40)
#ASO Checksum sqlnet.crypto_seed = "-kdje83kkep39487dvmlqEPTbxxe70273" sqlnet.crypto_checksum_server=requested sqlnet.crypto_checksum_client=requested sqlnet.crypto_checksum_types_server = (MD5) sqlnet.crypto_checksum_types_client = (MD5)
#SSL oss.source.my_wallet = (SOURCE= (METHOD = FILE) (METHOD_DATA = DIRECTORY=/wallet) SSL_CIPHER_SUITES=(SSL_DH_anon_WITH_RC4_128_MD5) SSL_VERSION= 3 SSL_CLIENT_AUTHENTICATION=FALSE
#Common automatic_ipc = off sqlnet.authentication_services = (beq) names.directory_path = (TNSNAMES)
#Kerberos sqlnet.authentication_services = (beq, kerberos5) sqlnet.authentication_kerberos5_service = oracle sqlnet.kerberos5_conf= /krb5/krb.conf sqlnet.kerberos5_keytab= /krb5/v5srvtab sqlnet.kerberos5_realms= /krb5/krb.realm sqlnet.kerberos5_cc_name = /krb5/krb5.cc sqlnet.kerberos5_clockskew=900
#CyberSafe sqlnet.authentication_services = (beq, cybersafe) sqlnet.authentication_gssapi_service = oracle/cybersaf.us.oracle.com sqlnet.authentication_kerberos5_service = oracle sqlnet.kerberos5_conf= /krb5/krb.conf sqlnet.kerberos5_keytab= /krb5/v5srvtab sqlnet.kerberos5_realms= /krb5/krb.realm sqlnet.kerberos5_cc_name = /krb5/krb5.cc sqlnet.kerberos5_clockskew=900
#Identix sqlnet.authentication_services = (beq, identix) sqlnet.identix_fingerprint_database = identix_scanner sqlnet.identix_fingerprint_database_user = ofm_client sqlnet.identix_fingerprint_database_password = ofm_client sqlnet.identix_fingerprint_method = oracle
#Radius sqlnet.authentication_services = (beq, RADIUS ) sqlnet.radius_authentication_timeout = (10) sqlnet.radius_authentication_retries = (2) sqlnet.radius_authentication_port = (1645) sqlnet.radius_send_accounting = OFF sqlnet.radius_secret = /orant/network/admin/radius.key sqlnet.radius_authentication = radius.us.oracle.com sqlnet.radius_challenge_response = OFF sqlnet.radius_challenge_keyword = challenge sqlnet.radius_challenge_interface = oracle/net/radius/DefaultRadiusInterface sqlnet.radius_classpath = /jre1.1/
#SecurID sqlnet.authentication_services = (beq, securid )
If you do not specify any values for Server Encryption, Client Encryption, Server Checksum, or Client Checksum, the corresponding configuration parameters do not appear in the sqlnet.ora
file. However, Oracle Advanced Security defaults to ACCEPTED.
If no encryption or data integrity algorithm is specified on the Server Encryption, Client Encryption, Server Checksum, or Client Checksum pages, the server side of the connection uses the first algorithm in its own list of installed algorithms that also appears in the client's list of installed algorithms.
Encryption and data integrity function independently of each other: encryption can be activated while data integrity is off, and data integrity can be activated while encryption is off.
There are nine parameters to enable data encryption and integrity. The parameters are described in the following sections.
Table A-1 describes server encryption level settings.
Table A-2 describes client encryption level settings.
Table A-3 describes the encryption selected list.
Table A-4 describes the encryption selected list.
Table A-5 describes server integrity level settings.
Table A-6 describes client integrity level settings.
Table A-7 describes the server integrity selected list.
Table A-8 describes the client integrity selected list.
SQLNET.CRYPTO_SEED = "
10-70 random characters"
The characters that form the value for this parameter are used when generating cryptographic keys. The more random the characters entered into this field are, the stronger the keys are. You set this parameter by entering from 10 to 70 random characters into the above statement.
This parameter must be present in the sqlnet.ora
file whenever data encryption or integrity is turned on.
|
Copyright © 1999 Oracle Corporation. All Rights Reserved. |
|