Preface

Welcome to the Oracle Advanced Security Administrator's Guide for Release 9.0.1 of Oracle Advanced Security.

Oracle Advanced Security contains a comprehensive suite of security features that protect enterprise networks and securely extend them to the Internet. It provides a single source of integration with multiple network encryption and authentication solutions, single sign-on services, and security protocols.

The Oracle Advanced Security Administrator's Guide describes how to implement, configure and administer Oracle Advanced Security.

This preface contains these topics:

• Audience

• Organization

• Related Documentation

• Conventions

• Documentation Accessibility

Audience

The Oracle Advanced Security Administrator's Guide is intended for users and systems professionals involved with the implementation, configuration, and administration of Oracle Advanced Security including:

• Implementation consultants

• System administrators

• Security administrators

Organization

This document contains:

Part I: Introduction

Chapter 1, Introduction to Oracle Advanced Security

This chapter provides an overview of Oracle Advanced Security features provided with this release.

Part II: Encryption, Integrity, and JDBC

Chapter 2, Configuring Data Encryption and Integrity

This chapter describes how to configure data encryption and integrity within an existing Oracle Net Release 9.0.1 network.

Chapter 3, Thin JDBC Support

This chapter provides an overview of the Java implementation of Oracle Advanced Security, which lets Thin Java Database Connectivity (JDBC) clients securely connect to Oracle9i databases.

Part III: Configuring Authentication Methods

Chapter 4, Configuring RADIUS Authentication

This chapter describes how to configure Oracle for use with RADIUS (Remote Authentication Dial-In User Service). It provides an overview of how RADIUS works within an Oracle environment, and describes how to enable RADIUS authentication and accounting. It also introduces the challenge-response user interface that third party vendors can customize to integrate with third party authentication devices.

Chapter 5, Configuring CyberSafe Authentication

This chapter describes how to configure Oracle for use with CyberSafe, and provides a brief overview of steps to configure CyberSafe to authenticate Oracle users.

Chapter 6, Configuring Kerberos Authentication

This chapter describes how to configure Oracle for use with MIT Kerberos and provides a brief overview of steps to configure Kerberos to authenticate Oracle users.

Chapter 7, Configuring Secure Sockets Layer Authentication

This chapter describes the SSL feature of Oracle Advanced Security and explains how to configure SSL.

Chapter 8, Configuring Entrust-Enabled SSL Authentication

This chapter describes how to configure and use Entrust-enabled Oracle Advanced Security for Secure Socket Layer (SSL) authentication.

Chapter 9, Configuring Multiple Authentication Methods

This chapter describes the authentication methods that can be used with Oracle Advanced Security, and how to user conventional user name and password authentication. It also describes how to configure the network so that Oracle clients can user a specific authentication method, and Oracle servers can accept any method specified.

Part IV: Oracle DCE Integration

Chapter 10, Overview of Oracle DCE Integration

This chapter provides a brief discussion of Open Software Foundation (OSF) DCE and Oracle DCE Integration.

Chapter 11, Configuring DCE for Oracle DCE Integration

This chapter describes what you need to do to configure DCE to use Oracle DCE Integration. It also describes how to configure the DCE CDS naming adapter.

Chapter 12, Configuring Oracle9i for Oracle DCE Integration

This chapter describes the DCE parameters that you need to add to the configuration files to enable clients and servers to access Oracle servers in the DCE environment. It also describes some Oracle Server configuration that you need to perform, such as setting up DCE groups to map to external roles. Additionally, it describes how to configure clients to use the DCE CDS naming adapter.

Chapter 13, Connecting to an Oracle Database in DCE

This chapter describes how to connect to an Oracle database in a DCE environment.

Chapter 14, DCE and Non-DCE Interoperability

This chapter describes how clients outside of DCE can access Oracle databases using another protocol such as TCP/IP.

Part V: Oracle9i Enterprise User Security

Chapter 15, Managing Enterprise User Security

This chapter describes Oracle directory and security integration. It describes its components and provides an overview of the interaction between the components.

Chapter 16, Using Oracle Wallet Manager

This chapter describes how to configure and use the Oracle Wallet Manager.

Chapter 17, Using Oracle Enterprise Login Assistant

This chapter describes how to configure and use the Oracle Enterprise Login Assistant.

Chapter 18, Using Oracle Enterprise Security Manager

This chapter describes how an Enterprise DBA uses Oracle Enterprise Security Manager to administer database security in an enterprise domain of Oracle9i databases.

Part VI: Appendixes

Appendix A, Data Encryption and Integrity Parameters

This appendix describes Oracle Advanced Security data encryption and integrity configuration parameters.

Appendix B, Authentication Parameters

This appendix describes Oracle Advanced Security authentication configuration file parameters.

Appendix C, Integrating Authentication Devices Using RADIUS

This appendix explains how third party authentication device vendors can integrate their devices and customize the graphical user interface used in RADIUS challenge-response authentication.

Appendix D, Oracle Advanced Security FIPS 140-1 Settings

This appendix describes the Sqlnet.ora configuration parameters required to comply with the FIPS 140-1 Level 2 evaluated configuration.

Appendix E, Oracle Implementation of Java SSL

This appendix provides an overview of components and usage of the Oracle implementation of Java SSL.

Appendix F, Abbreviations and Acronyms

This appendix defines abbreviations and acronyms used in this document.

Related Documentation

For more information, see these Oracle resources:

• ACE/Server Administration Manual, from Security Dynamics

• ACE/Server Client for UNIX, from Security Dynamics

• ACE/Server Installation Manual, from Security Dynamics

• Oracle9i Net Services Administrator's Guide

• Oracle9i Heterogeneous Connectivity Administrator's Guide

• Oracle9i Enterprise JavaBeans Developer's Guide and Reference

• Oracle9i JDBC Developer's Guide and Reference

• Oracle Internet Directory Administrator's Guide

• Oracle9i Database Administrator's Guide

Many of the examples in this book use the sample schemas of the seed database, which is installed by default when you install Oracle. Refer to Oracle9i Sample Schemas for information on how these schemas were created and how you can use them yourself.

In North America, printed documentation is available for sale in the Oracle Store at

http://oraclestore.oracle.com/

Customers in Europe, the Middle East, and Africa (EMEA) can purchase documentation from

http://www.oraclebookshop.com/

Other customers can contact their Oracle representative to purchase printed documentation.

To download free release notes, installation documentation, white papers, or other collateral, please visit the Oracle Technology Network (OTN). You must register online before using OTN; registration is free and can be done at

http://technet.oracle.com/membership/index.htm

If you already have a username and password for OTN, then you can go directly to the documentation section of the OTN Web site at

http://technet.oracle.com/docs/index.htm

For information from third-party vendors, see:

• RADIUS Administrator's Guide

• CyberSafe TrustBroker Release Notes

• CyberSafe TrustBroker Administrator's Guide

• CyberSafe TrustBroker Navigator Administrator's Guide

• CyberSafe TrustBroker UNIX User's Guide, Release

• CyberSafe TrustBroker Windows and Windows NT User's Guide

• CyberSafe TrustBroker Client

• CyberSafe TrustBroker Server

• CyberSafe Trust Broker documentation

• Notes about building and installing Kerberos from Kerberos V5 source distribution

• Entrust/PKI for Oracle

• Administering Entrust/PKI on UNIX

• Transarc DCE User's Guide and Reference

• Transarc DCE Application Development Guide

• Transarc DCE Application Development Reference

• Transarc DCE Administration Guide

• Transarc DCE Administration Reference

• Transarc DCE Porting and Testing Guide

• Application Environment Specification/Distributed Computing

• Transarc DCE Technical Supplement

Conventions

This section describes the conventions used in the text and code examples of this documentation set. It describes:

• Conventions in Text

• Conventions in Code Examples

• Conventions for Windows Operating Systems

Conventions in Text

We use various conventions in text to help you more quickly identify special terms. The following table describes those conventions and provides examples of their use.

Convention	Meaning	Example
Bold	Bold typeface indicates terms that are defined in the text or terms that appear in a glossary, or both.	When you specify this clause, you create an index-organized table.
Italics	Italic typeface indicates book titles or emphasis.	Oracle9i Database Concepts Ensure that the recovery catalog and target database do not reside on the same disk.
UPPERCASE monospace (fixed-width font)	Uppercase monospace typeface indicates elements supplied by the system. Such elements include parameters, privileges, datatypes, RMAN keywords, SQL keywords, SQL*Plus or utility commands, packages and methods, as well as system-supplied column names, database objects and structures, usernames, and roles.	You can specify this clause only for a NUMBER column. You can back up the database by using the BACKUP command. Query the TABLE_NAME column in the USER_TABLES data dictionary view. Use the DBMS_STATS.GENERATE_STATS procedure.
lowercase monospace (fixed-width font)	Lowercase monospace typeface indicates executables, filenames, directory names, and sample user-supplied elements. Such elements include computer and database names, net service names, and connect identifiers, as well as user-supplied database objects and structures, column names, packages and classes, usernames and roles, program units, and parameter values. Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown.	Enter sqlplus to open SQL*Plus. The password is specified in the orapwd file. Back up the datafiles and control files in the /disk1/oracle/dbs directory. The department_id, department_name, and location_id columns are in the hr.departments table. Set the QUERY_REWRITE_ENABLED initialization parameter to true. Connect as oe user. The JRepUtil class implements these methods.
lowercase monospace (fixed-width font) italic	Lowercase monospace italic font represents placeholders or variables.	You can specify the parallel_clause. Run Uold_release.SQL where old_release refers to the release you installed prior to upgrading.

Conventions in Code Examples

Code examples illustrate SQL, PL/SQL, SQL*Plus, or other command-line statements. They are displayed in a monospace (fixed-width) font and separated from normal text as shown in this example:

SELECT username FROM dba_users WHERE username = 'MIGRATE';

The following table describes typographic conventions used in code examples and provides examples of their use.

Convention	Meaning	Example
[ ]	Brackets enclose one or more optional items. Do not enter the brackets.	DECIMAL (digits [ , precision ])
{ }	Braces enclose two or more items, one of which is required. Do not enter the braces.	{ENABLE | DISABLE}
|	A vertical bar represents a choice of two or more options within brackets or braces. Enter one of the options. Do not enter the vertical bar.	{ENABLE | DISABLE} [COMPRESS | NOCOMPRESS]
...	Horizontal ellipsis points indicate either: That we have omitted parts of the code that are not directly related to the example That you can repeat a portion of the code	CREATE TABLE ... AS subquery; SELECT col1, col2, ... , coln FROM employees;
. . .	Vertical ellipsis points indicate that we have omitted several lines of code not directly related to the example.
Other notation	You must enter symbols other than brackets, braces, vertical bars, and ellipsis points as shown.	acctbal NUMBER(11,2); acct CONSTANT NUMBER(4) := 3;
Italics	Italicized text indicates placeholders or variables for which you must supply particular values.	CONNECT SYSTEM/system_password DB_NAME = database_name
UPPERCASE	Uppercase typeface indicates elements supplied by the system. We show these terms in uppercase in order to distinguish them from terms you define. Unless terms appear in brackets, enter them in the order and with the spelling shown. However, because these terms are not case sensitive, you can enter them in lowercase.	SELECT last_name, employee_id FROM employees; SELECT * FROM USER_TABLES; DROP TABLE hr.employees;
lowercase	Lowercase typeface indicates programmatic elements that you supply. For example, lowercase indicates names of tables, columns, or files. Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown.	SELECT last_name, employee_id FROM employees; sqlplus hr/hr CREATE USER mjones IDENTIFIED BY ty3MU9;

Conventions for Windows Operating Systems

The following table describes conventions for Windows operating systems and provides examples of their use.

Convention	Meaning	Example
Choose Start >	How to start a program. For example, to start Oracle Database Configuration Assistant, you must click the Start button on the taskbar and then choose Programs > Oracle - HOME_NAME > Database Administration > Database Configuration Assistant.	Choose Start > Programs > Oracle - HOME_NAME > Database Administration > Database Configuration Assistant
C:\>	Represents the Windows command prompt of the current hard disk drive. Your prompt reflects the subdirectory in which you are working. Referred to as the command prompt in this guide.	C:\oracle\oradata>
HOME_NAME	Represents the Oracle home name. The home name can be up to 16 alphanumeric characters. The only special character allowed in the home name is the underscore.	C:\> net start OracleHOME_NAMETNSListener
ORACLE_HOME and ORACLE_BASE	In releases prior to 8.1, when you installed Oracle components, all subdirectories were located under a top level ORACLE_HOME directory that by default was: C:\orant for Windows NT C:\orawin95 for Windows 95 C:\orawin98 for Windows 98 or whatever you called your Oracle home. In this Optimal Flexible Architecture (OFA)-compliant release, all subdirectories are not under a top level ORACLE_HOME directory. There is a top level directory called ORACLE_BASE that by default is C:\oracle. If you install release 8.1.7 on a computer with no other Oracle software installed, the default setting for the first Oracle home directory is C:\oracle\ora81. The Oracle home directory is located directly under ORACLE_BASE. All directory path examples in this guide follow OFA conventions. See Oracle9i Database Getting Starting for Windows for additional information on OFA compliances and for information on installing Oracle products in non-OFA compliant directories.	Go to the ORACLE_BASE\ORACLE_HOME\rdbms\admin directory.

Documentation Accessibility

Oracle's goal is to make our products, services, and supporting documentation accessible to the disabled community with good usability. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For additional information, visit the Oracle Accessibility Program Web site at

http://www.oracle.com/accessibility/

JAWS, a Windows screen reader, may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, JAWS may not always read a line of text that consists solely of a bracket or brace.