User's Manual

Enabling RADIUS Authentication, Authorization, and Accounting

5-16 Oracle Database Advanced Security Administrator's Guide

In the Interface Class Name ﬁeld, accept the default value of

DefaultRadiusInterface or enter the name of the class you have created to

handle the challenge-response conversation. If other than the default RADIUS

interface is used, you also must edit the sqlnet.ora ﬁle to enter

SQLNET.RADIUS_CLASSPATH=(location), where location is the

complete path name of the jar ﬁle. It defaults to

$ORACLE_HOME/network/jlib/netradius.jar: $ORACLE_

HOME/JRE/lib/vt.jar

7. Choose File > Save Network Conﬁguration.

The sqlnet.ora ﬁle is updated with the following entries:

SQLNET.RADIUS_CHALLENGE_RESPONSE=([ON | OFF])

SQLNET.RADIUS_CHALLENGE_KEYWORD=(KEYWORD)

SQLNET.RADIUS_AUTHENTICATION_INTERFACE=(name of interface including the

package name delimited by "/" for ".")

Set Parameters for an Alternate RADIUS Server

If you are using an alternate RADIUS server, set these parameters in the

sqlnet.ora ﬁle using any text editor.

SQLNET.RADIUS_ALTERNATE=(hostname or ip address of alternate radius server)

SQLNET.RADIUS_ALTERNATE_PORT=(1812)

SQLNET.RADIUS_ALTERNATE_TIMEOUT=(number of seconds to wait for response)

SQLNET.RADIUS_ALTERNATE_RETRIES=(number of times to re-send to radius server)

Note: The keyword feature is provided by Oracle and supported

by some, but not all, RADIUS servers. You can use this feature only

if your RADIUS server supports it.

By setting a keyword, you let the user avoid using a password to

verify identity. If the user does not enter a password, the keyword

you set here is passed to the RADIUS server which responds with a

challenge requesting, for example, a driver's license number or

birth date. If the user does enter a password, the RADIUS server

may or may not respond with a challenge, depending upon the

conﬁguration of the RADIUS server.