User's Manual

RADIUS Overview

5-2 Oracle Database Advanced Security Administrator's Guide

change the authentication method without modifying either the Oracle client or the

Oracle database server.

From the user's perspective, the entire authentication process is transparent. When

the user seeks access to an Oracle database server, the Oracle database server, acting

as the RADIUS client, notiﬁes the RADIUS server. The RADIUS server:

■ Looks up the user's security information.

■ Passes authentication and authorization information between the appropriate

authentication server or servers and the Oracle database server.

■ Grants the user access to the Oracle database server.

■ Logs session information, including when, how often, and for how long the

user was connected to the Oracle database server.

The Oracle/RADIUS environment is displayed in Figure 5–1:

Figure 5–1 RADIUS in an Oracle Environment

The Oracle database server acts as the RADIUS client, passing information between

the Oracle client and the RADIUS server. Similarly, the RADIUS server passes

information between the Oracle database server and the appropriate authentication

servers. The authentication components are listed in Table 5–1:

Note: Oracle Advanced Security does not support RADIUS

authentication over database links.

Oracle Client

Radius Client

Oracle Server

Radius Server

RSA ACE / Server