Oracle Files Administration Guide 9.0.3 Part Number A97358-01 |
|
| View PDF |
This chapter discusses use of Oracle Internet Directory to authenticate users and the use of the Credential Manager Configuration Assistant to create credential managers. Topics include:
An Oracle Files service handles user authentication by means of a credential manager. A user's credentials prove, or "authenticate," the user to the system that user is attempting to use, in this case, any one of the many Oracle Files protocol servers. The credential manager associated with the service tells the service where and how to obtain the credential.
Services can use the native Oracle Files credential manager, which stores credential information in the Oracle Files schema. Or, services can use one or more Oracle Internet Directory (OID) instances for user authentication. Each Oracle Files service has a set of configuration properties that specify the credential managers used by that service. Only one IFS credential manager per service is allowed, but multiple OID credential managers are supported. You must add the OID credential managers to the service by using the Credential Manager Configuration Assistant, provided with Oracle Files.
During configuration of Oracle Files, you selected either the IFS credential manager or Oracle Internet Directory. If you selected the IFS credential manager, an instance, "IfsCredentialManager," was created. If you chose Oracle Internet Directory, the Oracle 9iFS Configuration Assistant launched, enabling you to select an Oracle Internet Directory to be used with the credential manager. Then it created the OidCredentialManager instance.
When an OID credential manager is created during installation, it is created with these default characteristics:
You can use the Credential Manager Configuration Assistant to create credential managers of either type, or to delete or edit the settings for credential managers. Each service can use only one Oracle Files credential manager, but can use multiple OID credential managers, each associated with a different Oracle Internet Directory instance.
To identify and configure a specific OID instance for use with Oracle Files as an OID credential manager during configuration, Oracle Internet Directory must already be configured and running, and you must know the administrative user name and password.
The Credential Manager Configuration Assistant (ifscmca
) is located in the $ORACLE_HOME/ifs/files/bin
directory. To run the script, you must be logged on to the system as the user who installed and configured all other Oracle software (probably "oracle").
IFSSYS
), schema password, database host name, listener port number (typically 1521
for Oracle database server), and service name for the Oracle Files instance for which you want to manage credential managers.Text description of the illustration 6existcm.gif
The page above shows that Oracle Files credential managers (IfsCredentialManagers) already exist for all three ServiceConfigurations. This means that whenever a SmallServiceConfiguration, MediumServiceConfiguration, or LargeServiceConfiguration is used to create the service at runtime, an IfsCredentialManager will also be created for the instance of the service type selected.
cn=orcladmin
/welcome)
or change them only if appropriate.cn=OracleContext
). Change this only if you changed the directory context in Oracle Internet Directory.
See Oracle Internet Directory Administrator's Guide for complete information about Oracle Internet Directory.
Because Oracle Files Manager and APIs capture only a subset of the information managed by Oracle Internet Directory required for using Oracle Files, Oracle recommends that you use Oracle Internet Directory user management tools. (You can still use Oracle Files APIs to enable existing Oracle Internet Directory users for Oracle Files.) In addition, if you use Oracle Internet Directory for other Oracle databases and applications in addition to Oracle Files, you should definitely use Oracle Internet Directory management tools to manage users.
If you select any protocol servers on this page, you must also create a private password for all users who will access these protocols. Otherwise, the protocol server will not work. See Oracle Collaboration Suite Installation Guide for details.
Oracle Internet Directory supports an application-service provider (ASP) or "hosted" model, in which multiple organizations can use the same directory service. If you are not working in such an environment, your company will be the only subscriber name listed on this page. This is the default subscriber.
After you create a new credential manager using the Credential Manager Configuration Assistant, it is not immediately reflected in the Oracle Files Manager. First, you need to restart the HTTP node so its service can be initialized with the new credential manager. Second, to use this new Credential Manager for creating users, you need to register the new credential manager in the ValueDomain 'CredentialManagers'. Follow these steps: