User's Manual
Configuring Oracle Database for External Authentication
Configuring Multiple Authentication Methods and Disabling Oracle Advanced Security 9-5
Configuring Oracle Database for External Authentication
This section describes the parameters you must set to configure Oracle Database for
network authentication, using the following tasks:
■ Setting the SQLNET.AUTHENTICATION_SERVICES Parameter in sqlnet.ora
■ Verifying that REMOTE_OS_AUTHENT Is Not Set to TRUE
■ Setting OS_AUTHENT_PREFIX to a Null Value
Setting the SQLNET.AUTHENTICATION_SERVICES Parameter in sqlnet.ora
The following parameter must be set in the sqlnet.ora file for all clients and
servers to enable each to use a supported authentication method:
SQLNET.AUTHENTICATION_SERVICES=(oracle_authentication_method)
For example, for all clients and servers using Kerberos authentication, the
sqlnet.ora parameter must be set as follows:
SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5)
Verifying that REMOTE_OS_AUTHENT Is Not Set to TRUE
To verify that REMOVE_OS_AUTHENT is not set to TRUE, add the following
parameter to the initialization file—in each database instance—when you configure
the authentication method:
REMOTE_OS_AUTHENT=FALSE
See Also:
■ The corresponding chapter in this guide for information about
configuring a particular authentication method
■ Appendix B, "Authentication Parameters"
Caution: Setting REMOTE_OS_AUTHENT to TRUE can cause a
security exposure, because it lets someone using a non-secure
protocol, such as TCP, perform an operating system-authorized
login (formerly referred to as an OPS$ login).