Corporation Network Router User Manual
RADIUS Authentication Modes
Configuring RADIUS Authentication 5-5
Example: Synchronous Authentication with SecurID Token Cards
With SecurID authentication, each user has a token card that displays a dynamic
number that changes every sixty seconds. To gain access to the Oracle database
server/RADIUS client, the user enters a valid pass code that includes both a
personal identification number (PIN) and the dynamic number currently displayed
on the user's SecurID card. The Oracle database server passes this authentication
information from the Oracle client to the RADIUS server, which in this case is the
authentication server for validation. Once the authentication server (RSA
ACE/Server) validates the user, it sends an "accept" packet to the Oracle database
server, which, in turn, passes it to the Oracle client. The user is now authenticated
and able to access the appropriate tables and applications.
Challenge-Response (Asynchronous) Authentication Mode
When the system uses the asynchronous mode, the user does not need to enter a
user name and password at the SQL*Plus CONNECT string. Instead, a graphical
user interface asks the user for this information later in the process.
Figure 5–3 shows the sequence in which challenge-response (asynchronous)
authentication occurs.
See Also:
■ Chapter 1, "Introduction to Oracle Advanced Security"
■ "Token Cards" on page 1-11
■ Documentation provided by RSA Security, Inc.
Note: If the RADIUS server is the authentication server, Steps 3, 4,
and 5, and Steps 9, 10, and 11 in Figure 5–3 are combined.