Preface

Oracle Advanced Security (formerly Oracle Advanced Networking Option) provides enhanced security and authentication to the Net8 network. This guide provides generic information on each Oracle Advanced Security feature.

This Preface contains the following topics:

• What This Guide Contains

• How This Guide Is Organized

• Notational Conventions

• Terms and Abbreviations

• Related Publications

• Your Comments Are Welcome

What This Guide Contains

This guide contains generic information on how to configure Net8 network to use Oracle Advanced Security. Use this guide with the guide that describes how to install and configure Oracle Advanced Security on your particular platform.

You can install and configure Oracle Advanced Security with other Oracle networking products and configure everything at once, or you can add Oracle Advanced Security to an already existing network.

How This Guide Is Organized

This guide is organized into the following parts:

• Part I: "Oracle Advanced Security Features"

• Part II: "Oracle DCE Integration"

• Part III: "Oracle8i Security/Directory Integration"

• Part IV: "Appendixes"

Each part describes a different set of Oracle Advanced Security features.

Part I: Oracle Advanced Security Features

Chapter 1, "Introduction to Oracle Advanced Security"

This chapter provides an overview of Oracle Advanced Security single sign-on and security features. These features include:

• network security

• data encryption

• data integrity checking

• external authentication

• single sign-on

• authorizations

  Note: These features have been previously packaged as Oracle Advanced Networking Option and Secure Network Services.

This chapter also includes a brief overview of the authentication methods available with this release.

Chapter 2, "Configuring Data Encryption and Integrity"

This chapter describes how to configure data encryption and integrity within an existing Net8 release 8.1.6 network.

Chapter 3, "Thin JBDC Support"

This chapter provides an overview of the Java implementation of Oracle Advanced Security, which allows Thin Java Database Connectivity (JDBC) clients to connect securely to Oracle8i databases.

Chapter 4, "Configuring RADIUS Authentication"

This chapter describes how to configure Oracle for use with RADIUS (Remote Authentication Dial-In User Service). It provides an overview of how RADIUS works within an Oracle environment, and describes how to enable RADIUS authentication and accounting. It also introduces the challenge-response user interface that third party vendors can customize to integrate with third party authentication devices.

Chapter 5, "Configuring CyberSafe Authentication"

This chapter describes how to configure Oracle for use with CyberSafe, and provides a brief overview of steps to configure CyberSafe to authenticate Oracle users.

Chapter 6, "Configuring Kerberos Authentication"

This chapter describes how to configure Oracle for use with MIT Kerberos and provides a brief overview of steps to configure Kerberos to authenticate Oracle users.

Chapter 7, "Configuring SecurID Authentication"

This chapter describes how to configure SecurID authentication in combination with the Oracle server and Oracle clients for use with the Security Dynamics ACE/Server and token cards. It includes system requirements and known limitations. It also contains troubleshooting information if you experience problems while configuring SecurID authentication.

Chapter 8, "Configuring Identix Biometric Authentication"

This chapter describes how to configure and use Oracle biometric authentication, which enables use of the Identix fingerprint authentication device.

Chapter 9, "Configuring DCE GSSAPI Authentication"

This chapter describes how to configure Oracle DCE GSSAPI authentication to provide DCE authentication even if you are not using other DCE services in your network.

Chapter 10, "Configuring Secure Socket Layer Authentication"

This chapter describes the SSL feature of Oracle Advanced Security and explains how to configure SSL.

Chapter 11, "Choosing and Combining Authentication Methods"

This chapter describes how to use conventional username/password authentication even if you have configured another authentication service. It also describes how to configure the network to use one or more authentication services in the network using Oracle Advanced Security and how to set up more than one authentication service on a client or on a server.

Part II: Oracle DCE Integration

Chapter 12, "Overview of Oracle DCE Integration"

This chapter provides a brief discussion of OSF DCE and Oracle DCE Integration.

Chapter 13, "Configuring DCE for Oracle DCE Integration"

This chapter describes what you need to do to configure DCE to use Oracle DCE Integration. It also describes how to configure the DCE CDS naming adapter.

Chapter 14, "Configuring Oracle for Oracle DCE Integration"

This chapter describes the DCE parameters that you need to add to the configuration files to enable clients and servers to access Oracle servers in the DCE environment. It also describes some Oracle Server configuration that you need to perform, such as setting up DCE groups to map to external roles. Additionally, it describes how to configure clients to use the DCE CDS naming adapter.

Chapter 15, "Connecting to an Oracle Database in DCE"

This chapter describes how to connect to an Oracle database in a DCE environment.

Chapter 16, "DCE and Non-DCE Interoperability"

This chapter describes how clients outside of DCE can access Oracle databases using another protocol such as TCP/IP.

Part III: Oracle8i Security/Directory Integration

Chapter 17, "Managing Enterprise User Security"

This chapter describes Oracle directory and security integration. It describes its components and provides an overview of the interaction between the components.

Chapter 18, "Using Oracle Wallet Manager"

This chapter describes how to configure and use the Oracle Wallet Manager.

Chapter 19, "Oracle Enterprise Login Assistant"

This chapter describes how to configure and use the Oracle Enterprise Login Assistant.

Chapter 20, "Using Oracle Enterprise Security Manager"

This chapter describes how an Enterprise DBA uses Oracle Enterprise Security Manager to administer database security in an enterprise domain of Oracle8i databases.

Part IV: Appendixes

Appendix A, "Data Encryption and Integrity Parameters"

This appendix describes Oracle Advanced Security data encryption and integrity configuration parameters.

Appendix B, "Authentication Parameters"

This appendix describes Oracle Advanced Security authentication configuration file parameters.

Appendix C, "Integrating Authentication Devices Using RADIUS"

This appendix explains how third party authentication device vendors can integrate their devices and customize the graphical user interface used in RADIUS challenge-response authentication.

Appendix D, "Oracle Advanced Security FIPS 140-1 Settings"

This appendix provides the required configuration parameter options required to provide the FIPS 140-1 Level 2 evaluated configuration.

Appendix E, "LDAP Directory Schema for Oracle Database Security"

This appendix describes the object classes and attributes defined in the LDAP directory schema for Oracle database security.

Appendix F, "Oracle Implementation of Java SSL"

This appendix provides an overview of components and usage of the Oracle implementation of Java SSL.

Notational Conventions

The following syntax conventions are used in this guide:

Italic Font	Italic characters indicate that the parameter, variable, or expression in the command syntax must be replaced by a value that you provide. Italics can also indicate emphasis or the first mention of a technical term.
Monospace Font	Monospace font indicates something the computer displays.
Bolded Monospace Font	Bolded monospace font indicates: Terms defined in the Glossary Text you need to enter exactly as shown.
Punctuation	Punctuation other than brackets and vertical bars must be entered as shown.
[ ]	Brackets enclose optional items. Do not enter the brackets.
( )	Parentheses enclose all SQL*Net and Net8 Keyword-Value pairs in connect descriptors. They must be entered as part of the connect descriptor, as in (KEYWORD=value).
|	A vertical bar represents a choice of two or more options. You must enter one of the options separated by the vertical bar. Do not enter the vertical bar.
UPPERCASE	Uppercase characters within the text represent parameters.

Terms and Abbreviations

Refer to the following table for a list of terms and abbreviations used in this document and their definitions.

Term or Abbreviation	Definition
CDS	Cell Directory Service
DCE	Distributed Computing Environment
GSSAPI	Generic Security Services Application Programming Interface
JDK	Java Development Kit
JRE	Java Runtime Environment
OSF	Open Software Foundation
PIN	Personal Identification Number

Related Publications

Refer to the appropriate Oracle platform-specific documentation to install and configure Oracle Advanced Security software on your particular platform.

In addition, see the following Oracle documents for information that applies across platforms:

• Net8 Administrator's Guide

• Oracle8i Distributed Database Systems

• Oracle8i Enterprise JavaBeans and CORBA Developer's Guide

• Oracle8i JDBC Developer's Guide and Reference

• Oracle Internet Directory Administrator's Guide

For information on roles and privileges, see:

• Oracle8i Administrator's Guide

For third-party vendor documentation on security and single sign-on features see:

• RADIUS Administrator's Guide

• Security Dynamics' ACE/Server Installation Manual, Release 3.3

• Security Dynamics' ACE/Server Version 3.3 Administration Manual

• ACE/Server Version 2.0 Client for UNIX

• CyberSafe TrustBroker Release Notes, Release 5.2.6

• CyberSafe TrustBroker Administrator's Guide, Release 5.2.6

• CyberSafe TrustBroker Navigator Administrator's Guide, Release 5.2.6

• CyberSafe TrustBroker UNIX User's Guide, Release 5.2.6

• CyberSafe TrustBroker Windows and Windows NT User's Guide, Release 5.2.6

For information on MIT Kerberos see:

• CyberSafe Trust Broker documentation

• Notes on building and installing Kerberos from Kerberos V5 source distribution

• CNS (Cygnus Network Security) documentation from http://www.cygnus.com/library-dir.html

For additional information about the Open Software Foundation (OSF) Distributed Computing Environment (DCE), see the following OSF documents published by Prentice Hall, Inc.:

• Transarc DCE User's Guide and Reference

• Transarc DCE Application Development Guide

• Transarc DCE Application Development Reference

• Transarc DCE Administration Guide

• Transarc DCE Administration Reference

• Transarc DCE Porting and Testing Guide

• Application Environment Specification/Distributed Computing

• Transarc DCE Technical Supplement

For information about Identix products, see the following Identix documentation.

Client side documentation:

• Identix TouchNet II User's Guide

Server side documentation:

• Identix TouchNet II System Administrator's Guide

Your Comments Are Welcome

We value and appreciate your comment as an Oracle user and reader of our manuals. As we write, revise, and evaluate our documentation, your opinions are the most important feedback we receive.

You can send comments and suggestions about this reference to the Information Development department at the following e-mail address:

infodev@us.oracle.com

If you prefer, you can send letters or faxes containing your comments to:

Server Technologies Documentation Manager

Oracle Corporation

500 Oracle Parkway, 4OP12

Redwood Shores, CA 94065

Fax: (650) 506-7228 Attn.: Information Development