The main difference is that the operating system account authorization methods
are used instead of an Oracle-generated and maintained password file.
In fact, administrators can also use operating system authentication to connect using as sysdba
or as sysoper. If the administrator??™s operating system login account is in the Unix group dba (or
the Windows group ORA_DBA), the administrator can connect to the database using as sysdba.
Similarly, if the operating system login account is in the Unix group oper (or the Windows group
ORA_OPER), the administrator can connect to the database using as sysoper without the need for
an Oracle password file.
The Oracle Server makes the assumption that if the user is authenticated by an operating
system account, then the user is also authenticated for the database. With operating system
authentication, Oracle does not need to maintain passwords in the database, but it still maintains
the usernames. The usernames are still needed to set the default schema and tablespaces in
addition to providing information for auditing.
In a default Oracle 11g installation, as well as in previous releases of Oracle, operating system
authentication is enabled for user accounts if you create database users with the identified externally
clause. The prefix for the database username must match the value of the initialization parameter
OS_AUTHENT_PREFIX; the default value is OPS$. Here??™s an example:
SQL> create user ops$corie identified externally;
284 Oracle Database 11g DBA Handbook
When the user logs into the operating system with the account CORIE, she is automatically
authenticated in the Oracle database as if the account OPS$CORIE was created with database
authentication.
Pages:
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479