Corporation Network Router User Manual
Enabling RADIUS Authentication, Authorization, and Accounting
5-14 Oracle Database Advanced Security Administrator's Guide
5.
Choose File > Save Network Configuration.
The sqlnet.ora file is updated with the following entries:
SQLNET.RADIUS_AUTHENTICATION_PORT=(PORT)
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT=
(NUMBER OF SECONDS TO WAIT FOR response)
SQLNET.RADIUS_AUTHENTICATION_RETRIES=
(NUMBER OF TIMES TO RE-SEND TO RADIUS server)
SQLNET.RADIUS_SECRET=(path/radius.key)
Configure Challenge-Response
The challenge-response (asynchronous) mode presents the user with a graphical
interface requesting first a password, then additional information—for example, a
dynamic password that the user obtains from a token card. With the RADIUS
adapter, this interface is Java-based to provide optimal platform independence.
Number of Retries Specifies the number of times the Oracle database server
resends messages to the primary RADIUS server. The default is
three retries.
For instructions on configuring RADIUS accounting, see: Task
5: Configure RADIUS Accounting on page 5-19.
Secret File Specifies the location of the secret key on the Oracle database
server. The field specifies the location of the secret key file, not
the secret key itself.
For information about specifying the secret key, see: Create the
RADIUS Secret Key File on the Oracle Database Server on
page 5-11.
Note: Third party vendors of authentication devices must
customize this graphical user interface to fit their particular device.
For example, a smart card vendor would customize the Java
interface so that the Oracle client reads data, such as a dynamic
password, from the smart card. When the smart card receives a
challenge, it responds by prompting the user for more information,
such as a PIN.
Field Description