Setting the value of OS_AUTHENT_PREFIX to a null string allows the database administrator
and the operating system account administrator to use identical usernames when using external
authentication.
Using identified globally is similar to using identified externally in that the authentication is
done outside of the database. However, with a globally identified user, authentication is performed
by an enterprise directory service such as Oracle Internet Directory (OID). OID facilitates ease of
account maintenance for database administrators and the convenience of single sign-on for
database users who need to access more than just a single database or service.
Network Authentication
Authentication by a network service is another option available to the DBA to authenticate users
in the database. Although a complete treatment is beyond the scope of this book, we will give a
brief summary of each method and its components. These components include Secure Sockets
Layer (SSL), Distributed Computing Environment (DCE), Kerberos, PKI, RADIUS, and directorybased
services.
Secure Sockets Layer Protocol
Secure Sockets Layer (SSL) is a protocol originally developed by Netscape Development Corporation
for use in web browsers. Because it is a public standard and open source, it faces continuous
scrutiny by the programming community to ensure that there are no holes or ???back doors??? that
can compromise its robustness.
At a minimum, a server-side certificate is required for authentication.
Pages:
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480