Oracle Advanced Security Administrator's Guide
Release 8.1.6
A76932-01

Library
Product
Contents

Prev

Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  R  S  T  U  V  W 

A

accounting, RADIUS, 4-22
activating checksumming and encryption, 2-7
adapters, 1-11
addCertChain(byte[]) - oracle.security.ssl.OracleSSLCredential.addCertChain(byte[]), F-22
addCertChain(String) - oracle.security.ssl.OracleSSLCredential.addCertChain(java.lang.String), F-22
addTrustedCert(byte[]) - oracle.security.ssl.OracleSSLCredential.addTrustedCert(byte[]), F-22
addTrustedCert(String) - oracle.security.ssl.OracleSSLCredential.addTrustedCert(java.lang.String), F-22
administrative context, 17-6
architecture of SSL
in an Oracle environment, 10-3
with other authentication methods, 10-8
assigning new pincode to SecurID card, 7-12
asynchronous (challenge-response) authentication mode in RADIUS, 4-6
attack
data modification, 2-5
replay, 2-5
attributes
orclDBDistinguishedName, E-2
orclDBGlobalName, E-2
orclDBNativeUser, E-2
orclDBRoleOccupant, E-2
orclDBServerMember, E-2
orclDBServerRole, E-2
orclDBTrustedDomain, E-2
authenticated RPC
protocol adapter includes, 12-3
authentication, 1-6, 1-11
biometric, 8-1
configuring multiple methods, 11-4
modes in RADIUS, 4-5
authorization, 1-10

B

benefits of Oracle Advanced Security, 1-4
Biometric Authentication Service
authenticating users, 8-15
enabling, 8-8
overview, 8-2
troubleshooting, 8-16
Biometric Manager
installation, 8-5

C

CDS
naming adapter components, 12-4
naming adapter includes, 12-4
using to perform name lookup, 14-15
cds_attributes file
modifying for name resolution in CDS, 14-15
Cell Directory Service
using to perform name lookup, 14-15
Cell Directory Service (CDS), naming adapter includes, 12-4
CERN proxy server, 10-10
certificate
definition, 10-4
certificate authority
definition, 10-4
challenge-response (asynchronous) authentication in RADIUS, 4-6
checksumming and encryption, activating, 2-7
checksums, 1-5
cipher suites
SSL, B-12
client authentication in SSL, requiring, 10-28
combining SSL with other authentication methods, 10-7
configuration files
CyberSAFE, B-2
Kerberos, B-5
needed for servers in DCE, 14-4
SecurID, B-5
configuring
a server in DCE, 14-4
Biometric Manager, 8-12
cipher suites in SSL, 10-22
clients for DCE integration, 14-12
clients to use CDS, 14-15
clients to use DCE CDS naming, 14-15
CyberSafe authentication service parameters, 5-6
DCE CDS for use by Oracle DCE Integration, 13-3
DCE GSSAPI authentication, 9-2
DCE to use DCE Integration, 13-2
enterprise domain, 17-28
enterprise user security, 17-20
Identix authentication, 8-8
Kerberos authentication service parameters, 6-5
Oracle as a SecurID client, 7-4
Oracle for Net8/DCE, 14-1
Oracle server with CyberSafe, 5-3
Oracle server with Kerberos, 6-3
RADIUS authentication, 4-10
schemaless users, 17-13
SecurID authentication service, 7-7
server for DCE Integration, 14-4
SSL, 10-10
on the client, 10-11
on the server, 10-19
Thin JDBC support, 3-1
connecting
across cells, 14-6
to an Oracle database
to verify roles, 14-9
to an Oracle database in DCE, 15-1
to an Oracle server in DCE, 15-3
with username/password, 15-3
without username and password, 15-3
to another cell, 14-6
connecting with username/password
with authentication configured, 11-2
createServerSocket(int) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.createServerSocket(int), F-31
createServerSocket(int, int) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.createServerSocket(int, int), F-31
createServerSocket(int, int, InetAddress) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.createServerSocket(int, int, java.net.InetAddress), F-32
createSocket(InetAddress, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.net.InetAddress, int), F-44
createSocket(InetAddress, int, InetAddress, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.net.InetAddress, int, java.net.InetAddress, int), F-44
createSocket(Socket) - oracle.security.ssl.OracleSSLSocketFactory.createSocket(java.net.Socket), F-42
createSocket(Socket) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.net.Socket), F-45
createSocket(String, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.lang.String, int), F-46
createSocket(String, int, InetAddress, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.lang.String, int, java.net.InetAddress, int), F-46
creating
an Oracle server account, 8-13
Oracle directories in CDS, 13-3
principals and accounts, 13-2
CyberSafe, 1-8
authentication parameters, B-2
enabling authentication, 5-2
sample for sqlnet.ora file, A-3
system requirements, 1-13
troubleshooting, 5-11
CyberSafe Challenger
system requirements, 1-13

D

data
integrity, 1-5
privacy, 1-4
data integrity, 1-5
data modification attack, 2-5
data privacy and integrity
components of, 12-3
DCE
address parameters in listener.ora and tnsnames.ora files, 14-2
address parameters in protocol.ora file, 14-12
backward compatibility, 12-2
CDS naming adapter components, 12-4
communication and security, 12-3
components, 12-3
configuration files required, 14-4
configuring a server, 14-4
configuring clients for DCE integration, 14-12
configuring clients to use DCE CDS naming, 14-15
configuring to use DCE Integration, 13-2
connecting clients without access to DCE and CDS, 16-2
connecting to an Oracle server, 15-3
externally-authenticated accounts, 14-5
limitations, 12-5
overview, 12-2
sample address in tnsnames.ora file, 14-16
sample listener.ora file, 16-2
sample parameter files, 16-2
sample tnsnames.ora file, 16-2
SERVER_PRINCIPALparameter, 14-17
SERVICE parameter, 14-17
setting up external roles,, 14-7
starting the listener, 15-2
syntax for mapping groups to Oracle roles, 14-7
verifying DCE groups are mapped to OS roles, 14-9
DCE GSSAPI authentication
configuring, 9-2
connecting to an Oracle server, 9-4
creating the DCE principal, 9-2
when to use, 9-1
with Oracle DCE integration, 9-1
DCE principal
for DCE GSSAPI authentication, 9-2
DCE Secure Core services, 12-5
dce_service_name, verifying, 15-2
DCE.AUTHENTICATION parameter, 14-12
DCE.LOCAL_CELL_USERNAMES parameter, 14-12
DCE.PROTECTION parameter, 14-12
DCE.TNS_ADDRESS_OID parameter, 14-12
DCE.TNS_ADDRESS.OID parameter
modifying in protocol.ora file, 14-16
defining users
in multi-cell environment, 14-6
DES, 1-5
DES encryption algorithm, 2-3
DES40 encryption algorithm, 2-3
Diffie-Hellman key negotiation algorithm, 2-6
directories
conceptual overview, 17-3
Directory Information Tree (DIT), 17-3
distinguished names, 17-3
Distributed Computing Environment
overview, 12-2
distributed directories
naming contexts and, 17-4

E

encryption, 1-12
encryption and checksumming
activating, 2-7
client checksum level setting, A-8
client checksum selected list, A-9
client encryption level setting, A-5
client encryption selected list, A-7
client profile encryption, A-10
negotiating, 2-8
parameter settings, 2-11
parameters supported by Oracle Advanced Security, A-1
server checksum level setting, A-8
server checksum selected list, A-9
server encryption level setting, A-5
server encryption selected list, A-6
enterprise domain, 17-6
setting up, 17-28
enterprise roles, 17-5
enterprise user login
troubleshooting, 17-32
enterprise user security, 17-1
administrative context, 17-6
architecture, 17-11
components, 17-5, 17-19
enterprise domains, 17-6
enterprise roles, 17-5
enterprise users, 17-5
global roles, 17-6
groups
OracleDBCreators, 17-8
OracleDBSecurity, 17-8
OracleNetAdmins, 17-8
installing and configuring, 17-20
Oracle Conext, 17-6
Oracle Enterprise Security Manager, 17-2
OracleDBSecurity container, 17-9
overview, 17-2
schemaless users, 17-12
enterprise users, 17-5
entries
distinguished names of, 17-3
naming, 17-3
export controls, placed on encryption technology, 2-2
external authentication, 12-3
external roles, Net8t/DCE, configuring, 14-7
externally-authenticated accounts
creating and naming, 14-5

F

failure of fingerprint authentication, 8-16
false finger threshold, 8-3
features, new
encryption algorithm changes, 2-2
enterprise user security, 17-1
FIPS 140-, D-1
Java SSL, F-1
Oracle Enterprise Login Assistant, 19-1
Oracle Enterprise Security Manager, 20-1
Oracle Wallet Manager, 18-1
RADIUS authentication, 4-1
SSL authentication, 10-1
Thin JDBC support, 3-1
fingerprint
accuracy, 8-2, 8-4
authentication failure, 8-16
FIPS 140-1
configuration, xxv
sqlnet.ora parameters, D-2
firewalls
and SSL, 10-10

G

getCipherSuite() - oracle.security.ssl.OracleSSLSession.getCipherSuite(), F-36
getCipherSuite() - oracle.security.ssl.SSLSocketSession.getCipherSuite(), F-50
getCreationTime() - oracle.security.ssl.OracleSSLSession.getCreationTime(), F-36
getCreationTime() - oracle.security.ssl.SSLSocketSession.getCreationTime(), F-50
getDefaultCipherSuites() - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.getDefaultCipherSuites(), F-33
getDefaultCipherSuites() - oracle.security.ssl.OracleSSLSocketFactoryImpl.getDefaultCipherSuites(), F-47
getId() - oracle.security.ssl.OracleSSLSession.getId(), F-36
getId() - oracle.security.ssl.SSLSocketSession.getId(), F-50
getLastAccessedTime() - oracle.security.ssl.OracleSSLSession.getLastAccessedTime(), F-37
getLastAccessedTime() - oracle.security.ssl.SSLSocketSession.getLastAccessedTime(), F-50
getNegotiatedProtocolVersion() - oracle.security.ssl.OracleSSLSession.getNegotiatedProtocolVersion(), F-37
getPeerCertificateChain() - oracle.security.ssl.OracleSSLSession.getPeerCertificateChain(), F-37
getPeerCertificateChain() - oracle.security.ssl.SSLSocketSession.getPeerCertificateChain(), F-50
getPeerHost() - oracle.security.ssl.OracleSSLSession.getPeerHost(), F-38
getPeerHost() - oracle.security.ssl.SSLSocketSession.getPeerHost(), F-50
getPeerRawCertificateChain() - oracle.security.ssl.OracleSSLSession.getPeerRawCertificateChain(), F-38
getSessionContext() - oracle.security.ssl.OracleSSLSession.getSessionContext(), F-38
getSessionContext() - oracle.security.ssl.SSLSocketSession.getSessionContext(), F-50
getSupportedCipherSuites() - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.getSupportedCipherSuites(), F-33
getSupportedCipherSuites() - oracle.security.ssl.OracleSSLSocketFactoryImpl.getSupportedCipherSuites(), F-47
getValue(String) - oracle.security.ssl.OracleSSLSession.getValue(java.lang.String), F-38
getValue(String) - oracle.security.ssl.SSLSocketSession.getValue(java.lang.String), F-50
getValueNames() - oracle.security.ssl.OracleSSLSession.getValueNames(), F-39
getValueNames() - oracle.security.ssl.SSLSocketSession.getValueNames(), F-50
Global Directory Service (GDS), 12-4
global roles, 17-6

H

handshake
SSL, 10-6
hash
used by the Biometric Authentication Adapter, 8-3
used in the Biometric Authentication Service, 8-2
high security threshold, 8-3
HTTPS, 10-6

I

Identix
authentication parameters, B-2
configuring authentication, 8-8
sample for sqlnet.ora file, A-3
Identix Biometric, system requirements, 1-13
Identix TouchNet II Desktop Sensor, 8-15
Identix TouchNet II Hardware Interface, 8-4
IIOP (Internet Inter-ORB Protocol)
secured by SSL, 10-6
initialization parameter file
parameters for clients and servers using CyberSafe, B-2
parameters for clients and servers using Kerberos, B-5
parameters for clients and servers using RADIUS, B-6
parameters for clients and servers using SecurID, B-5
parameters for clients and servers using SSL, B-11
installing
key of server, 13-2
internet, 10-6
Internet Domain Service (DNS), 12-4
invalidate() - oracle.security.ssl.OracleSSLSession.invalidate(), F-39
invalidate() - oracle.security.ssl.SSLSocketSession.invalidate(), F-50

J

Java Byte Code Obfuscation, 3-4
Java Database Connectivity
JDBC, 3-2
JDBC
authentication not supported, 3-3
configuration parameters, 3-5
implementation of Oracle Advanced Security, 3-2
Java Database Connectivity, 3-2
Oracle Advanced Security features, 3-3
Oracle extensions, 3-2
Oracle O3LOGON, 3-3
thin driver features, 3-3

K

Kerberos, 1-8
authentication adapter utilities, 6-12
enabling authentication, 6-2
sample for sqlnet.ora file, A-3
system requirements, 1-13
troubleshooting, 6-15
kinstance (CyberSafe), 5-3
kinstance (Kerberos), 6-3
kservice (Kerberos), 6-3

L

LAN environments
vulnerabilities of, 1-3
LDAP schema, E-1
limitations of SSL, 10-10
listener
starting in the DCE environment, 15-2
starting in the DEC environment, 15-2
listener endpoint, setting on server when configuring SSL, 10-30
listener.ora file
OSS.SOURCE.MY_WALLET parameter, 10-21
parameters for DCE, 14-4
SSL_CLIENT_AUTHENTICATION parameter, 10-22
loading Oracle service names into CDS, 14-17
logging into Oracle
using DCE authentication, 15-3
using SecurID authentication, 7-10
when SecurID is in next code mode, 7-13
with PINPAD card, 7-14
with standard card, 7-13

M

managing roles with RADIUS server, 4-24
mapping DCE groups
to Oracle roles, 14-7
MD5 algorithm, 1-5
used by the Biometric Authentication Service, 8-2
MD5 message digest algorithm, 2-5
Multi-Protocol Interchange, not supported with DCE, 12-5
multi-threaded server
not supported with DCE, 12-5

N

NAMES.DIRECTORY_PATH parameter, 14-19
naming contexts
and distributed directories, 17-4
naming directory entries, 17-3
Net8 Native Authentication, 8-15
Netscape Communications Corporation, 10-2
new features, 17-1
encryption algorithm changes, 2-2
FIPS 140-1, D-1
Java SSL, F-1
Oracle Enterprise Login Assistant, 19-1
Oracle Enterprise Security Manager, 20-1
Oracle Wallet Manager, 18-1
RADIUS authentication, 4-1
SSL authentication, 10-1
Thin JDBC support, 3-1

O

obfuscation, 3-4
object classes
orclDBEnterpriseDomain, E-2
orclDBEnterpriseRole, E-2
orclDBEntryLevelMapping, E-2
orclDBServer, E-2
orclDBSubtreeLevelMapping, E-2
okdstry
Kerberos adapter utility, 6-12
okinit
Kerberos adapter utility, 6-12
oklist
Kerberos adapter utility, 6-12
ORA-1004 error, 17-33
ORA-1017 error, 17-33
ORA-12560 error, 17-33
ORA-12650 error message, A-7
Oracle Advanced Security
checksum sample for sqlnet.ora file, A-2
configuration parameters, 3-5
disabling authentication, 11-2
encryption and checksumming parameters supported, A-1
encryption sample for sqlnet.ora file, A-2
features for thin JDBC, 3-3
Java implementation, 3-2, 3-4
SSL features, 10-2
Oracle Connection Manager, 1-12
Oracle Context, 17-6
Oracle Enterprise Login Assistant
described, 17-20
disabling, 19-3
enabling, 19-2
Oracle Enterprise Manager, 8-5
Oracle Enterprise Security Manager, 17-13
described, 17-20
introduction, 20-2
schemaless users, 17-12
Oracle Internet Directory
described, 17-20
Oracle Java SSL
cipher suite, F-3
class hierarchy, F-19
example, F-4
features, F-2
interface hierachy, F-19
Oracle parameter SID, 14-17
Oracle parameters
authentication, 1-14
Oracle Password Protocol, 3-4
Oracle schema, E-1
Oracle service names, registering in CDS, 12-4
Oracle Wallet Manager
described, 17-19
key management, F-4
overview, 18-2
OracleDBCreators group, 17-8
OracleDBSecurity group, 17-8
OracleDBSecurityAdmins group, E-3, E-4
OracleNetAdmins group, 17-8, E-4
oracle.net.crypto_checksum_client parameter, 3-6
oracle.net.crypto_client parameter, 3-7
oracle.net.encryption_client parameter, 3-5
oracle.net.encryption_types_client parameter, 3-6
OracleSSLCredential - oracle.security.ssl.OracleSSLCredential, F-21
OracleSSLCredential() - oracle.security.ssl.OracleSSLCredential.OracleSSLCredential(), F-22
OracleSSLProtocolVersion - oracle.security.ssl.OracleSSLProtocolVersion, F-23
OracleSSLServerSocket - oracle.security.ssl.OracleSSLServerSocket, F-25
OracleSSLServerSocket(int) - oracle.security.ssl.OracleSSLServerSocket.OracleSSLServerSocket(int), F-26
OracleSSLServerSocket(int, int) - oracle.security.ssl.OracleSSLServerSocket.OracleSSLServerSocket(int, int), F-26
OracleSSLServerSocket(int, int, InetAddress) - oracle.security.ssl.OracleSSLServerSocket.OracleSSLServerSocket(int, int, java.net.InetAddress), F-27
OracleSSLServerSocketFactory - oracle.security.ssl.OracleSSLServerSocketFactory, F-28
OracleSSLServerSocketFactory() - oracle.security.ssl.OracleSSLServerSocketFactory.OracleSSLServerSocketFactory(), F-28
OracleSSLServerSocketFactoryImpl - oracle.security.ssl.OracleSSLServerSocketFactoryImpl, F-30
OracleSSLServerSocketFactoryImpl() - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.OracleSSLServerSocketFactoryImpl(), F-31
OracleSSLSession - oracle.security.ssl.OracleSSLSession, F-35
OracleSSLSession() - oracle.security.ssl.OracleSSLSession.OracleSSLSession(), F-36
OracleSSLSocketFactory - oracle.security.ssl.OracleSSLSocketFactory, F-41
OracleSSLSocketFactory() - oracle.security.ssl.OracleSSLSocketFactory.OracleSSLSocketFactory(), F-41
OracleSSLSocketFactoryImpl - oracle.security.ssl.OracleSSLSocketFactoryImpl, F-43
OracleSSLSocketFactoryImpl() - oracle.security.ssl.OracleSSLSocketFactoryImpl.OracleSSLSocketFactoryImpl(), F-44
orclDBDistinguishedName attribute, E-2
orclDBEnterpriseDomain object class, E-2
orclDBEnterpriseRole object class, E-2
orclDBEntryLevelMapping object class, E-2
orclDBGlobalName attributes, E-2
orclDBNativeUser attribute, E-2
orclDBRoleOccupant attribute, E-2
orclDBServer object class, E-2
orclDBServerMember attribute, E-2
orclDBServerRole attribute, E-2
orclDBSubtreeLevelMapping object class, E-2
orclDBTrustedDomain attribute, E-2
OS_AUTHENT_PREFIX parameter, 1-15
CyberSafe authentication, 5-8
OS_ROLES parameter, setting, 14-7
OSS.SOURCE.MY_WALLET parameter, 10-12, 10-21

P

parameters
authentication, B-1
CyberSafe, B-2
Identix, B-2
Kerberos, B-5
RADIUS, B-6
SSL, B-11
configuration for JDBC, 3-5
encryption and checksumming, 2-11
SecurID, B-5
performance of SSL compared to Net8, 10-10
PINPAD cards
using SecurID, 7-11
PKI, 1-8
prerequisites, for Biometric Authentication Service installation, 8-5
protocol.ora file
DCE address parameters in, 14-12
DCE.AUTHENTICATION parameter, 14-12
DCE.LOCAL_CELL_USERNAMES parameter, 14-12
DCE.PROTECTION parameter, 14-12
DCE.TNS_ADDRESS_OID parameter, 14-12
parameter for CDS, 14-14
protocols, 1-12
public key infrastructure, 1-8
putValue(String, Object) - oracle.security.ssl.OracleSSLSession.putValue(java.lang.String, java.lang.Object), F-39
putValue(String, Object) - oracle.security.ssl.SSLSocketSession.putValue(java.lang.String, java.lang.Object), F-51

R

RADIUS, 1-8
accounting, 4-22
asynchronous (challenge-response) authentication mode, 4-6
authentication modes, 4-5
authentication parameters, B-6
challenge-response (asynchronous) authentication, 4-6
challenge-response (asynchronous) authentication, customizing challenge-response user interface, C-1, D-1
Challenge-Response user interface, C-2
configuring, 4-10
customizing the Challenge-Response user interface, C-2
location of secret key, 4-17
smartcards and, 1-8, 4-5, 4-8, 4-18, C-2
synchronous authentication mode, 4-5
system requirements, 1-13
Radius
sample for sqlnet.ora file, A-3
RC4 encryption algorithm, 1-4, 2-4
RC4_128 encryption algorithm, 2-4
realm (CyberSafe), 5-3
realm (Kerberos), 6-3
rejected PIN code
reasons for, 7-13
REMOTE_OS_AUTHENT parameter, 1-15
CyberSafe authentication, 5-8
setting for DCE, 14-5
removeCertChainCert(int) - oracle.security.ssl.OracleSSLCredential.removeCertChainCert(int), F-22
removeTrustedCert(int) - oracle.security.ssl.OracleSSLCredential.removeTrustedCert(int), F-22
removeValue(String) - oracle.security.ssl.OracleSSLSession.removeValue(java.lang.String), F-40
removeValue(String) - oracle.security.ssl.SSLSocketSession.removeValue(java.lang.String), F-51
replay attack, 2-5
required SSL version, setting on server, 10-27
requiring client authentication in SSL, 10-28
roles
managing with RADIUS server, 4-24
roles, external, mapping to DCE groups, 14-7
RSA encryption, 1-4

S

schemaless users
SSL, 17-13
secret key, 8-5
location in RADIUS, 4-17
Secure Sockets Layer
industry standard protocol, 10-2
See SSL
SecurID, 4-6
authentication parameters, B-5
creating users for authentication, 7-8
enabling authentication, 7-2
sample for sqlnet.ora file, A-4
system requirements, 1-13
token cards, 4-5, 4-6
troubleshooting, 7-15
types of cards, 7-10
using with Oracle client tools, 7-10
security
between Oracle and non-Oracle clients and servers, 10-6
policy for biometrically identified users, 8-3
protocol adapter includes, 12-3
SERVER_PRINCIPALparameter
DCE parameter, 14-17
SERVICE parameter, B-2
setPrivateKey(byte[], String) - oracle.security.ssl.OracleSSLCredential.setPrivateKey(byte[], java.lang.String), F-22
setPrivateKey(String, String) - oracle.security.ssl.OracleSSLCredential.setPrivateKey(java.lang.String, java.lang.String), F-22
setSSLCredentials(OracleSSLCredential) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.setSSLCredentials(oracle.security.ssl.OracleSSLCredential), F-33
setSSLCredentials(OracleSSLCredential) - oracle.security.ssl.OracleSSLServerSocketFactory.setSSLCredentials(oracle.security.ssl.OracleSSLCredential), F-29
setSSLCredentials(OracleSSLCredential) - oracle.security.ssl.OracleSSLSocketFactoryImpl.setSSLCredentials(oracle.security.ssl.OracleSSLCredential), F-47
setSSLCredentials(OracleSSLCredential) - oracle.security.ssl.OracleSSLSocketFactory.setSSLCredentials(oracle.security.ssl.OracleSSLCredential), F-42
setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.setSSLProtocolVersion(int), F-34
setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLServerSocketFactory.setSSLProtocolVersion(int), F-29
setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLServerSocket.setSSLProtocolVersion(int), F-27
setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.setSSLProtocolVersion(int), F-48
setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLSocketFactory.setSSLProtocolVersion(int), F-42
setSSLSessionContext(byte[]) - oracle.security.ssl.OracleSSLSession.setSSLSessionContext(byte[]), F-40
setWallet(String, String) - oracle.security.ssl.OracleSSLCredential.setWallet(java.lang.String, java.lang.String), F-22
single sign-on, 12-3, 15-3
smartcards, 1-9, 4-5
and RADIUS, 1-8, 4-5, 4-8, 4-18, C-2
smit utility
restarting cdsadv service, 14-16
SQL*Net, level required by Biometric Athentication Service, 8-5
SQLNET.AUTHENTICATION_GSSAPI_ parameter, B-2
SQLNET.AUTHENTICATION_GSSAPI_SERVICE parameter, 5-7, 9-3
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8
SQLNET.AUTHENTICATION_SERVICES parameter, 4-11, 5-7, 6-8, 7-8, 8-10, 9-3, 10-18, 10-19, 10-30, 11-3, 11-5, B-2
SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 2-14, A-8
SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 2-14, A-8
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 2-14, A-9
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 2-14, A-9
SQLNET.CRYPTO_SEED parameter, 2-13, A-10
SQLNET.ENCRYPTION_CLIENT parameter, 2-13, A-5
SQLNET.ENCRYPTION_SERVER parameter, 2-12, A-5
SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 2-13, A-7
SQLNET.ENCRYPTION_TYPES_SERVER parameter, 2-12, A-6
SQLNET.FIPS_140 parameter, D-3
SQLNET.IDENTIX_FINGERPRINT_DATABASE parameter, 8-10
SQLNET.IDENTIX_USE_MD5HASH parameter, B-2
SQLNET.KERBEROS5_CC_NAME parameter, 6-9
SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9
SQLNET.KERBEROS5_CONF parameter, 6-9
SQLNET.KERBEROS5_CONF_MIT parameter, 6-10
SQLNET.KERBEROS5_KEYTAB parameter, 6-10
SQLNET.KERBEROS5_REALMS parameter, 6-10
sqlnet.ora file
Common sample, A-3
CyberSafe sample, A-3
Identix sample, A-3
Kerberos sample, A-3
modifying so CDS can resolve names, 14-19
NAMES.DIRECTORY_PATH parameter, 14-19
Oracle Advanced Security checksum sample, A-2
Oracle Advanced Security encryption sample, A-2
OSS.SOURCE.MY_WALLET parameter, 10-12, 10-21
parameters for clients and servers using CyberSafe, B-2
parameters for clients and servers using Identix, B-2
parameters for clients and servers using Kerberos, B-5
parameters for clients and servers using RADIUS, B-6
parameters for clients and servers using SecurID, B-5
parameters for clients and servers using SSL, B-11
parameters for FIPS 140-1, D-2
Radius sample, A-3
sample, A-2
SecurID sample, A-4
SERVICE parameter, B-2
SQLNET.AUTHENTICATION_GSSAPI_ parameter, B-2
SQLNET.AUTHENTICATION_GSSAPI_SERVICE parameter, 5-7, 9-3
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8
SQLNET.AUTHENTICATION_SERVICES parameter, 5-7, 6-8, 7-8, 8-10, 9-3, 10-18, 10-19, 10-30, 11-3, 11-5, B-2
SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 2-14, A-8
SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 2-14, A-8
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 2-14, A-9
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 2-14, A-9
SQLNET.CRYPTO_SEED parameter, 2-13, A-10
SQLNET.ENCRYPTION_CLIENT parameter, A-5
SQLNET.ENCRYPTION_SERVER parameter, 2-12, A-5
SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 2-13, A-7
SQLNET.ENCRYPTION_TYPES_SERVER parameter, 2-12, A-6
SQLNET.FIPS_140 parameter, D-3
SQLNET.IDENTIX_FINGERPRINT_DATABASE parameter, 8-10
SQLNET.IDENTIX_USE_MD5HASH parameter, B-2
SQLNET.KERBEROS5_CC_NAME parameter, 6-9
SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9
SQLNET.KERBEROS5_CONF parameter, 6-9
SQLNET.KERBEROS5_CONF_MIT parameter, 6-10
SQLNET.KERBEROS5_KEYTAB parameter, 6-10
SQLNET.KERBEROS5_REALMS parameter, 6-10
SSL sample, A-2
SSL_CIPHER_SUITES parameter, 10-27
SSL_CLIENT_AUTHENTICATION parameter, 10-29
SSL_CLIENT_AUTHETNICATION parameter, 10-12
SSL_VERSION parameter, 10-18, 10-28
Trace File Set Up sample, A-2
SQLNET.RADIUS_ALTERNATE parameter, 4-20
SQLNET.RADIUS_ALTERNATE_PORT parameter, 4-20
SQLNET.RADIUS_ALTERNATE_RETRIES parameter, 4-20
SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter, 4-20
SQLNET.RADIUS_CLASSPATH parameter, 4-18
SQLNET.RADIUS_SEND_ACCOUNTING parameter, 4-23
SSL, 1-8
application level firewalls, 10-10
authentication modes, 10-2
authentication parameters, B-11
authentication process in an Oracle environment, 10-6
authorization, 10-10
certificate, 10-4
certificate authority, 10-4
cipher suites, B-12
configuring, 10-22
client authentication parameter, B-13
components in an Oracle environment, 10-4
configuring cipher suites, 10-22
configuring on the client, 10-11
configuring on the server, 10-19
enabling, 10-10
handshake, 10-6
limitations, 10-10
performance, 10-10
privileges, 10-10
requiring client authentication, 10-28
roles, 10-10
sample for sqlnet.ora file, A-2
schemaless users, 17-13
Secure Sockets Layer, 10-2
system requirements, 1-14
version parameter, B-13
wallet, 10-4
wallet location, parameter, B-14
with other authentication methods, 10-7
SSL_CIPHER_SUITES parameter, 10-27
SSL_CLIENT_AUTHENTICATION parameter, 10-12, 10-22, 10-29
SSL_VERSION parameter, 10-18, 10-28
SSL_Version_2_0 - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_2_0, F-23
SSL_Version_3_0 - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_3_0, F-24
SSL_Version_3_0_Only - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_3_0_Only, F-24
SSL_Version_3_0_With_2_0_Hello - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_3_0_With_2_0_Hello, F-24
SSL_Version_Undetermined - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_Undetermined, F-24
SSLSocketSession - oracle.security.ssl.SSLSocketSession, F-49
SSLSocketSession() - oracle.security.ssl.SSLSocketSession.SSLSocketSession(), F-50
SSLSocketTest - oracle.security.ssl.SSLSocketTest, F-52
standard cards
using SecurID, 7-11
synchronous authentication mode, RADIUS, 4-5
System Environment Variable, 8-15
system requirements, 1-13
CyberSafe, 1-13
DCE integration, 12-2
Identix Biometric, 1-13
Kerberos, 1-13
RADIUS, 1-13
SecurID, 1-13
SSL, 1-14

T

Thin JDBC support, 3-1
threshold level, 8-3, 8-4
tnsnames.ora file
loading into CDS using tnnfg, 14-17
modifying to load connect descriptors into CDS, 14-16
renaming, 14-18
token cards, 1-9
toString() - oracle.security.ssl.OracleSSLCredential.toString(), F-22
TouchNet II, 8-4
trace file
set up sample for sqlnet.ora file, A-2
triple-DES encryption algorithm, 2-4

U

user account, 8-14

V

viewing mapping in CDS namespace, for listener endpoint, 15-2

W

wallets
auto login, 18-10
changing a password, 18-9, 19-3
closing, 18-8
creating, 18-6
definition, 10-5
deleting, 18-9
managing, 18-6
managing certificates, 18-11
managing trusted certificates, 18-14
opening, 18-7
saving, 18-8
setting location, 10-22
WAN environments
vulnerabilities of, 1-3
Prev
Oracle
Copyright © 1999 Oracle Corporation.
All Rights Reserved.

Library
Product
Contents