11
Choosing and Combining Authentication Methods

This chapter describes how to use conventional user name and password authentication even if you have configured another authentication method. It also describes how to configure the network to use one or more authentication methods using Oracle Advanced Security and how to set up more than one authentication method on a client or on a server.

This chapter covers the following topics:

• Connecting with User Name and Password

• Disabling Oracle Advanced Security Authentication

• Configuring Oracle For Multiple Authentication Methods

Connecting with User Name and Password

To connect to an Oracle server using a user name and password when an Oracle Advanced Security authentication method has been configured, disable the external authentication.

Disabling Oracle Advanced Security Authentication

Perform the following steps to disable authentication methods:

1. Start Net8 Assistant:
   • On UNIX, run netasst from $ORACLE_HOME/bin.

   • On Windows NT, choose Start > Programs > Oracle - HOME_NAME > Network Administration > Net8 Assistant.

2. In the navigator's pane, expand Local > Profile.

3. From the list in the right pane, select Oracle Advanced Security.

   The Oracle Advanced Security tabbed pages appear.

4. Click the Authentication tab.

   
   

5. Move an authentication method from the Selected Method list to the Available Methods list by selecting a method and clicking the left arrow [<].

6. Repeat until all methods are removed from the Selected Methods area.

7. Choose File > Save Network Configuration.

   The sqlnet.ora file updates with the following entry:

   SQLNET.AUTHENTICATION_SERVICES = (NONE)
   

A user can now connect to a database using the following user name and password format:

% sqlplus username/password@net_service_name

For example:

% sqlplus scott/tiger@emp

Configuring Oracle For Multiple Authentication Methods

Many networks use more than one authentication method on a single security server. For this reason, Oracle Advanced Security allows you to configure your network so that Oracle clients can use a specific authentication method and Oracle servers can accept any method specified.

This section describes how to set up Oracle servers and clients to use multiple authentication methods.

Set up multiple authentication methods on both client and server machines either by using the Net8 Assistant, or by using any text editor to modify the sqlnet.ora file.

The following instructions apply to both clients and servers.

To disable authentication methods:

1. Start Net8 Assistant:
   • On UNIX, run netasst from $ORACLE_HOME/bin.

   • On Windows NT, choose Start > Programs > Oracle - HOME_NAME > Network Administration > Net8 Assistant.

2. In the navigator's pane, expand Local > Profile.

3. From the list in the right pane, select Oracle Advanced Security.

   The Oracle Advanced Security tabbed pages appear.

4. Click the Authentication tab.

   
   

5. Select a method listed in the Available Methods list.

6. Move the method to the Selected Methods list by clicking the right arrow.

7. Repeat until you have added all of the required methods to the Selected Methods list.

8. Arrange the selected methods in order of desired use. To do this, select a method in the Selected Methods list, then click Promote or Demote to position it in the list.

9. Choose File > Save Network Configuration.

   The sqlnet.ora file updates with the following entry, listing the selected authentication methods:

   SQLNET.AUTHENTICATION_SERVICES = 
   (RADIUS|CYBERSAFE|KERBEROS5|SECURID|IDENTIX)