Corporation Network Router User Manual

ManualsBrandsOracle ManualsNetwork RouterOracle Database B10772-01

401

402

403

404

405

406

407

408

409

410

Customizing the RADIUS Challenge-Response User Interface

C-2 Oracle Database Advanced Security Administrator's Guide

Customizing the RADIUS Challenge-Response User Interface

You can customize this interface by creating your own class to support the

functionality described in Table C–1. You can then open the sqlnet.ora ﬁle, look

up the SQLNET.RADIUS_AUTHENTICATION_INTERFACE parameter, and

replace the name of the class listed there (DefaultRadiusInterface), with the

name of the new class you have just created. When you make this change in the

sqlnet.ora ﬁle, the class is loaded on the Oracle client in order to handle the

authentication process.

The third party must implement the Oracle RADIUS Interface, which is located in

the ORACLE.NET.RADIUS package.

public interface OracleRadiusInterface {

public void radiusRequest();

public void radiusChallenge(String challenge);

public String getUserName();

public String getPassword();

}

Table C–1 Server Encryption Level Setting

Parameter Description

radiusRequest

Generally, this prompts the user for a user name and password

which will later be retrieved through getUserName and

getPassword.

getUserName

Extracts the user name the user enters. If this method returns

an empty string, it is assumed that the user wants to cancel the

operation. The user then receives a message indicating that the

authentication attempt failed.

getPassword

Extracts the password the user enters. If getUserName returns

a valid string, but getPassword returns an empty string, the

challenge keyword is replaced as the password by the

database. If the user enters a valid password, a challenge may

or may not be returned by the RADIUS server.

radiusChallenge

Presents a request sent from the RADIUS server for the user to

respond to the server's challenge.

getResponse

Extracts the response the user enters. If this method returns a

valid response, that information then populates the

User-Password attribute in the new Access-Request packet. If

an empty string is returned, the operation is aborted from both

sides by returning the corresponding value.