Corporation Network Router User Manual
xxxix
New Features in Enterprise User Security
■ Kerberos Authenticated Enterprise Users
Kerberos-based authentication to the database is available for users managed in
an LDAP directory. This includes Oracle Internet Directory or any other
third-party directory that is synchronized to work with Oracle Internet
Directory by using the Directory Integration Platform. To use this feature, all
directoryusers, includingthose synchronized from third-partydirectories, must
include the Kerberos principal name attribute (krbPrincipalName attribute).
■ Public Key Infrastructure (PKI) Credentials No Longer Required for
Database-to-Oracle Internet Directory Connections
In this release, a database can bind to Oracle Internet Directory by using
password/SASL-based authentication, eliminating the overhead of setting up
PKI credentials for the directory and multiple databases. SASL (Simple
Authentication and Security Layer) is a standard defined in the Internet
Engineering Task Force RFC 2222. It is a method for adding authentication
support to connection-based protocols such as LDAP.
■ Support for User Management in Third-Party LDAP Directories
In the current release of Enterprise User Security, you can store and manage
your users and their passwords in third-party LDAP directories. This feature is
made possible with
– Directory Integration Platform, which automatically synchronizes
third-party directories with Oracle Internet Directory, and
See Also:
■ "Certificate Validation with Certificate Revocation Lists" on
page 7-35 for details
■ Appendix E, "orapki Utility" for details about orapki
command line utility
See Also: "Configuring Enterprise User Security for Kerberos
Authentication" on page 12-18 for configuration details
See Also: "Configuring Enterprise User Security for Password
Authentication" on page 12-16 for configuration details