Q
Problem solve Get help with specific problems with your technologies, process and projects.

Using OS Authentication

I believe that we have a configuration somewhere (Oracle?) that allows Unix user account "ORAsid" to connect to the database as "OPS$ORAsid" without requiring a password. Is this true? Could this be changed (to requiring a password to get into the database) without any problems as a result?

I believe that we have a configuration somewhere (Oracle?) that allows Unix user account "ORAsid" to connect to the database as "OPS$ORAsid" without requiring a password. Is this true?

Could this be changed (to requiring a password to get into the database) without any problems as a result?

This is an SAP/Oracle installation, but what we are concerned about is if an operating system user can connect to the DB as this DB user "OPS$ORAsid" without requiring a password.

What you are talking about is called OS Authentication, or External Authentication. Database Authentication is where you have to supply a valid userid/password combination to the database. The database is responsible for authenticating the user. With OS Authentication, you let the operating system authenticate the user. If the user is authenticated by the OS, then they are allowed to connect to the database. For information on OS (External) Authentication, see the following Oracle doc:

http://download-east.oracle.com/docs/cd/B19306_01/network.102/b14266/admnauth.htm#i1006459

In order to use OS Authentication, you must have the initialization parameter REMOTE_OS_AUTHENT set to TRUE. If you do not want to allow OS Authentication, set this parameter to FALSE. Additionally, the OS_AUTHENT_PREFIX parameter defaults to 'OPS$.' You can change this parameter if you desire. The next step in allowing a user to use OS Authentication is to create the user in the database with the OS_AUTHENT_PREFIX prefix. For example, if the OS user is called 'bobsmith,' then you must create the database user as follows:

CREATE USER OPS$bobsmith IDENTIFIED EXTERNALLY;

In order for OS Authentication to succeed, the following must be true:

  1. The REMOTE_OS_AUTHENT parameter must be set to TRUE.
  2. The user must be created with the OS_AUTHENT_PREFIX and with the IDENTIFIED EXTERNALLY clause.

If you want to stop any users from using OS Authentication, then simply set REMOTE_OS_AUTHENT to FALSE. If you do not want the OS user 'jimmyolson' to be able to connect with OS Authentication, then ensure that there is no OPS$jimmyolson user in the database.

This was last published in August 2005

Dig Deeper on Oracle database design and architecture

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide.com

SearchDataCenter

SearchContentManagement

SearchHRSoftware

Close