Manualshelf

Corporation Network Router User Manual

ManualsBrandsOracle ManualsNetwork RouterOracle Database B10772-01
131132133134135136137138139140
RADIUS Authentication Modes
Conguring RADIUS Authentication 5-7
2. The Oracle database server, acting as the RADIUS client, passes the data from
the Oracle client to the RADIUS server.
3. The RADIUS server passes the data to the appropriate authentication server,
such as a Smart Card, SecurID ACE, or token card server.
4. The authentication server sends a challenge, such as a random number, to the
RADIUS server.
5. The RADIUS server passes the challenge to the Oracle database server /
RADIUS client.
6. The Oracle database server / RADIUS client, in turn, passes it to the Oracle
client. A graphical user interface presents the challenge to the user.
7. The user provides a response to the challenge. To formulate a response, the user
can, for example, enter the received challenge into the token card. The token
card provides a dynamic password to be entered into the graphical user
interface. The Oracle client passes the user's response to the Oracle database
server / RADIUS client.
8. The Oracle database server / RADIUS client sends the user's response to the
RADIUS server.
9. The RADIUS server passes the user's response to the appropriate authentication
server for validation.
10. The authentication server sends either an Access Accept or an Access Reject
message back to the RADIUS server.
11. The RADIUS server passes the response to the Oracle database server /
RADIUS client.
12. The Oracle database server / RADIUS client passes the response to the Oracle
client.
Example: Asynchronous Authentication with Smart Cards
With smart card authentication, the user logs in by inserting the smart card—a
plastic card (like a credit card) with an embedded integrated circuit for storing
information—into a hardware device which reads the card. The Oracle client sends
the login information contained in the smart card to the authentication server by
way of the Oracle database server/RADIUS client and the RADIUS server. The
authentication server sends back a challenge to the Oracle client, by way of the
RADIUS server and the Oracle database server, prompting the user for
authentication information. The information could be, for example, a PIN as well as
additional authentication information contained on the smart card.