Friday 28 May 2010

11g: LDAP_DIRECTORY_SYSAUTH

Connections with sysdba or sysoper privileges must always be authenticated. This is possible through OS authentication by assigning the appropriate OS group to the OS user.

Another method is the use of a password file.

If there is concern that the password file might be vulnerable the following strong authentication methods can be used with Oracle database 11g:

  • Oracle Internet Directory (OID) grants for sysdba and sysoper
  • Kerberos ticket server
  • Secure Socket Layer (SSL) certificates

In order to use OID the parameter LDAP_DIRECTORY_ACCESS must be set to PASSWORD or SSL.

If you intend to use any of these strong authentication methods the initialization parameter LDAP_DIRECTORY_SYSAUTH must be set to YES. Its default is NO.

Posted by at

1 comment:

  1. Karthikeyan20 March 2011 at 22:40

    Looks taken from
    http://www.dba-oracle.com/t_11g_new_auditing_default.htm

    ReplyDelete

Subscribe to: Post Comments (Atom)