Oracle Advanced Security Administrator's Guide Release 8.1.6 A76932-01 |
|
This appendix shows some sample configuration files with the necessary profile (sqlnet.ora
) and database initialization file authentication parameters when using the CyberSafe, Kerberos, SecurID, RADIUS, or SSL authentication. It includes the following sections:
Following is a list of parameters to insert into the configuration files for clients and servers using CyberSafe.
The following sections describe the parameters for Identix authentication
Description |
The server uses MD5 hashing to validate the authentication decision made on the client PC: values are YES and NO. |
Default |
YES |
Description |
The Identix key index the client uses when it generates its MD5 checksum: 0 <= value <= 256. |
Default |
0 |
Description |
This parameter specifies the verification threshold the server expects its Identix clients to use during fingerprint verification: 0 <= value <= 256. |
Default |
0 |
Description |
This parameter specifies the storage method used for storing fingerprint template files: format = [file/oracle] |
Default |
None |
Description |
This file method specifies the file location in which the fingerprint templates are stored: format = <path-to-file>. |
Default |
None |
Description |
This paramter specifies the database SQL*NET alias for the Oracle fingerprint storage method: format = <db-alias>. |
Default |
None |
Description |
This parameter specifies the database user when using the Oracle fingerprint storage method: format = <username>. |
Default |
None |
Description |
This parameter specifies the database password when using the Oracle fingerprint storage method: format = <password>. |
Default |
None |
Following are two sets of parameters: Oracle database method and file system method. You are presented with the minimum set of Identix parameters you need to define for each method.
sqlnet.authentication_services = (beq, identix) sqlnet.identix_fingerprint_method = oracle sqlnet.identix_database_directory = identix_scanner sqlnet.identix_fingerprint_database_user sqlnet.identix_fingerprint_database_password
sqlnet.authentication_services = (beq, identix) sqlnet.identix_fingerprint_method = file sqlnet.identix_database_directory = /etc/ofm_storage
Following is a list of parameters to insert into the configuration files for clients and servers using Kerberos.
Following is list of parameters to insert into the configuration files for clients and servers using SecurID.
File Name | Configuration Parameters |
---|---|
|
SQLNET.AUTHENTICATION_SERVICES=(securid) |
initialization parameter file |
REMOTE_OS_AUTHENT=FALSE OS_AUTHENT_PREFIX="" |
The following sections describe the parameters for Identix authentication
Description |
Configure the client or the server to use the RADIUS adapter: value = radius. |
Default |
None |
Description |
To set the listening port of the primary RADIUS server. |
Default |
1645 |
Description |
To set the time to wait for response. |
Default |
5 |
Description |
To set the number of times to re-send. |
Default |
3 |
Description |
The file name and location of the RADIUS secret key. |
Default |
|
Description |
To set the listening port for the alternate RADIUS server. |
Default |
1645 |
Description |
To set the time to wait for response. |
Default |
|
Description |
To set the number of times to re-send messages. |
Default |
|
Description |
To turn challenge/response support ON/OFF. |
Default |
|
Description |
To set the keyword to request a challenge from the RADIUS server. User types no password on client. |
Default |
|
Description |
To set the name of the Java class that contains the graphical user interface when RADIUS is in the challenge-response (asynchronous) mode. |
Default |
|
Following are two set of sample sqlnet.ora
file RADIUS authentication parameters: one for "Static User Name and Password" and the other for "Challenge Response Mode".
The following sample sqlnet.ora
file shows the minimum set of RADIUS authentication parameters you need to configure for static user name and password PAP mode authentication with no accounting.
sqlnet.authentication_services = (radius) sqlnet.authentication = IP-address-of-RADIUS-server sqlnet.radius_secret = %ORACLE_HOME/network/security/radius.key (default value)
The following sample sqlnet.ora
file shows the minimum set of RADIUS authentication parameters you need to configure for challenge response mode authentication using token cards or biometric authentication methods.
sqlnet.authentication_services = (radius) sqlnet.authentication = IP-address-of-RADIUS-server sqlnet.radius_challenge_response = ON sqlnet.radius_secret = $ORACLE_HOME/network/security/radius.key (default value) sqlnet.authentication_interface = oracle/net/radius/DefaultRadiusInterface (default value) sqlnet.radius_classpath = %ORACLE_HOME/jlib/netradius.jar (default value)
REMOTE_OS_AUTHENT=FALSE OS_AUTHENT_PREFIX=""
There are two ways to configure a parameter:
sqlnet.ora
file.
Oracle Advanced Security supports the following cipher suites:
For any application that needs to access a wallet for loading the security credentials into the process space, you must specify the wallet location in the parameter file it reads. The syntax of the parameter for static configuration is as follows:
oss.source.my_wallet =
(SOURCE=
(METHOD=File)
(METHOD_DATA=
(DIRECTORY=your wallet location
)
)
)
The dynamic way of specifying this parameter is:
MY_WALLET_DIRECTORY = your_wallet_dir
The default wallet location is the $ORACLE_HOME
directory.
|
Copyright © 1999 Oracle Corporation. All Rights Reserved. |
|