Professional Documents
Culture Documents
Objectives
After completing this lesson, you should be able to do the following: Describe strong authentication that uses:
Certificates Kerberos Remote authentication dial-in service (RADIUS)
7-2
User Authentication
Identify the user in the following ways: Basic authentication
Database user identified by a password Database user identified by the operating system
7-3
Integrates with Oracle Net Services Requires Oracle Advanced Security (ASO)
7-4
Single Sign-On
Single sign-on is a centralized authentication service. The user has a single username and password. Servers authenticate users through the central service.
Client
Authentication server
Server
7-6
Management tools:
Oracle Wallet Manager
7-7
Certificates
Certificates:
Are digital documents Provide proof of identity Are stored in Oracle Wallets
Certificate authority:
Is a trusted organization (trust point) Attests the identity of the certificate Issues trusted certificates X.509 v3
Certificate use:
Requires a secure sockets layer (SSL) Requires a level of trust in the signing authority
7-8
4. Configure the client for SSL. 5. Configure the client-side Oracle Net files:
sqlnet.ora tnsnames.ora
7-9
7 - 10
7 - 11
7 - 12
7 - 13
You can create a shared schema that allows any user identified to the directory and mapped to the schema:
7 - 15
7 - 16
orapki Utility
orapki is a command-line utility for scripting common PKI management tasks. It can be used for: Creating and viewing signed certificates for testing purposes Managing Oracle wallets Creating and displaying Oracle wallets Renaming CRLs with a hash value for certificate validation
7 - 17
7 - 18
7 - 20
7 - 22
vkrama/?????@DEV
DEV RAMA
CONNECT /@DEV
ramav/????@prod_db.acme.com
PROD
7 - 23
Note: User password is not required on the command line; the command-line input must be on one line.
7 - 24
Configuring sqlnet.ora
Set the following in sqlnet.ora: WALLET_LOCATION SQLNET.WALLET_OVERRIDE
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /home/rama/admin/orcl/wallet))) SQLNET.WALLET_OVERRIDE = TRUE
7 - 25
7 - 26
7 - 27
Summary
In this lesson, you should have learned how to: Describe strong authentication that uses:
Certificates Kerberos RADIUS
7 - 28