Windows Authentication No Longer Uses NTLM by Default

For Microsoft Windows installations with AUTHENTICATION_SERVICES=NTS, starting with this release, the SQLNET.NO_NTLM parameter setting in the sqlnet.ora file will default to TRUE.

In previous releases, the default for this parameter was FALSE. SQLNET.NO_NTLM controls whether NTLM can be used with NTS authentication. A TRUE setting means that NTLM cannot be used in NTS authentication. Because NTLM does not normally provide mutual authentication and is hence less secure, a  TRUE setting for SQLNET.NO_NTLM makes the database and client more secure. 

The SQLNET.NO_NTLM parameter is used on both the server and the client. If you have upgraded a Microsoft Windows installation of an Oracle database or a client in which SQLNET.NO_NTLM had not been set, then its default will be TRUE.

Related Topics