Subscribe to Windows IT Pro
April 27, 2004 12:00 AM

Implementing Windows Authentication for Oracle

Authenticate database users with Windows usernames and passwords
John Paul Cook
Windows IT Pro
InstantDoc ID #42280
Rating: (5)

Remote Client Windows Authentication
Windows clients that use Windows authentication to access a remote Oracle server on the network aren't actually authenticated by the OS on that server. Instead, the client OS authenticates these users. To enable remote authentication, add the following entry to the init.ora file for the database instance, then shut down and restart the database:

REMOTE_OS_AUTHENT=TRUE

Oracle doesn't recommend using remote authentication because it doesn't provide protection against spoofing of user credentials. For example, imagine you have a valid Windows user in the PENTON domain named WinUser, you create an Oracle user on the server by using the following syntax, and you enable remote authentication:

create user "PENTON\WINUSER" identified externally;
grant create session to "PENTON\WINUSER";

Now, consider what might happen if a rogue machine named PENTON connects to your network. The attacker could create a local Windows user named WinUser on the rogue machine, which would authenticate as PENTON\WinUser. This user could then be passed to the Oracle server on the network as PENTON\WinUser. The Oracle server wouldn't be able to distinguish between the domain name of PENTON and the rogue machine name of PENTON, so the server would accept the remote authentication from the rogue machine. The Oracle server just sees that PENTON\WinUser is the user, so it authorizes the user with all the privileges of PENTON\WinUser. If unsecured client machines can gain access to your network, then remote Windows authentication opens your database environment to unauthorized access.

A Familiar Model
Windows authentication on the Oracle database server is easily implemented and provides convenient access to authorized users logged on to the database server. Because Windows handles the password management, Windows authentication follows a model that's familiar to network and systems administrators. However, keep in mind that this type of authentication isn't suitable for remote users because of the security risks involved.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • ANTHONY
    4 years ago
    Apr 14, 2008

    Pretty good

  • Anonymous User
    7 years ago
    Jun 23, 2005

    Help get something working that had been bothering me for a long time

  • Anonymous User
    7 years ago
    Apr 05, 2005

    Just what I was looking for.
    Thanks.

  • Anonymous User
    8 years ago
    Dec 28, 2004

    good

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.