DBA Sensation

January 5, 2009

Oracle OS Authentication

Filed under: [OS related topics] — Tags: — zhefeng @ 5:24 pm

Step1: create Operation system User account.
In this testing, we used NIS user called: guest_os
So it’s reachable for all the NIS memeber machines.

Step2: Make sure the os prefix in Oracle database was not null
#turn on local OS authentication
SQL> show parameter os_auth

NAME TYPE VALUE
———————————— ———– ——————————
os_authent_prefix string ops$

Step3: Make sure the remote OS authentication parameter was turned on
#turn on remote OS authenciation
sql>alter system set remote_os_authent=true scope=spfile;
SQL> show parameter remote_os

NAME TYPE VALUE
———————————— ———– ——————————
remote_os_authent boolean TRUE
remote_os_roles boolean FALSE

Step4: create a mapping user in Oracle database to map the OS username
sql>create user OPS$GUEST_OS identified externally default tablespace users temporary tablespace temp;
sql>grant connect to OPS$GUEST_OS;

Step5: testing on another linux client machine
bash-3.00$ id
uid=63371(guest_os) gid=1000(rd) groups=1000(rd)
bash-3.00$ sqlplus /@fun11u03

SQL*Plus: Release 10.2.0.1.0 – Production on Mon Jan 5 16:19:56 2009

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 – 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

Note: if you are configure a windows user account for remote OS auth, then then mapped username in Oracle should be like this:
“OPS$domainname\username” and in sqlnet.ora has to have this line: SQLNET.AUTHENTICATION_SERVICES= (NTS)

Reference:
1. http://www.dba-oracle.com/security/local_os_authentication.htm
2. http://www.oracle-base.com/articles/misc/OsAuthentication.php

Blog at WordPress.com.