Finally, we??™ll talk about using a password file to
authenticate DBAs when the database is down and cannot provide authentication services.
Database Authentication
In an environment where the network is protected from the outside environment with firewalls and
the network traffic between the client and the database server uses some method of encryption,
authentication by the database is the most common and easiest method to authenticate the user
with the database. All information needed to authenticate the user is stored in a table within the
SYSTEM tablespace.
Very special database operations, such as starting up or shutting down the database, require a
different and more secure form of authentication, either by using operating system authentication
or by using password files.
Network authentication relies on third-party authentication services such as the Distributed
Computing Environment (DCE), Kerberos, Public Key Infrastructure (PKI), and Remote Authentication
Dial-In User Service (RADIUS). 3-tier authentication, although at first glance appears to be a network
authentication method, is different in that a middle tier, such as Oracle Application Server,
authenticates the user while maintaining the client??™s identity on the server. In addition, the middle
tier provides connection pooling services as well as implements business logic for the client.
Later in this chapter, in the section titled ???User Accounts,??? we??™ll go through all the options
available to the DBA for setting up accounts in the database for authentication.
Pages:
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474