User's Manual
Configuring Enterprise User Security for SSL Authentication
Enterprise User Security Configuration Tasks and Troubleshooting 12-21
If the KDC is part of the operating system, such as Windows 2000 or some versions
of Linux or UNIX, then the operating system automatically picks up the user's ticket
(with the FORWARDABLE flag set) from the cache when the user logs in.
The user connects to the database by launching SQL*Plus and entering the
following at the command line:
SQL> connect /@<net_service_name>
The database uses Kerberos to authenticate the user. The database authenticates
itself to the directory by password.
If your connection succeeds, then the system responds Connected to:.... This
is the confirmation message of a successful connect and setup. If an error message
displays, then see "ORA-# Errors for Kerberos-Authenticated Enterprise Users" on
page 12-29.
If you do connect successfully, then check that the appropriate global roles were
retrieved from the directory by entering the following at the SQL*Plus prompt:
select * from session_roles
If the global roles were not retrieved from the directory, then see
"NO-GLOBAL-ROLES Checklist" on page 12-33.
You have completed Kerberos-authenticated Enterprise User Security configuration.
Configuring Enterprise User Security for SSL Authentication
The configuration steps in this section assume the following:
■ You have obtained the appropriate PKI credentials and used Oracle Wallet
Manager to create wallets for the directories, the databases, and the clients that
you want to include in your Enterprise User Security implementation.
■ You have confirmed that the following DNs are identical:
See Also:
■ "Troubleshooting Enterprise User Security" on page 12-26 for
information about diagnosing and resolving errors.
■ Chapter 13, "Administering Enterprise User Security" for
information about configuring the identity management realm,
and information about creating and managing enterprise
domains, enterprise roles, and enterprise users.