Oracle Database B10772-01 Uživatelský manuál Strana 158
- Strana / 518
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Enabling Kerberos Authentication
6-10 Oracle Database Advanced Security Administrator's Guide
Task 8: Create a Kerberos User
To create Oracle users that Kerberos can authenticate, perform this task on the
Kerberos authentication server where the administration tools are installed. The
realm must already exist.
Run /krb5/admin/kadmin.local as root to create a new Kerberos user, such as
krbuser.
The following example is UNIX-specific:
# ./kadmin.local
kadmin.local: addprinc krbuser
Enter password for principal: "[email protected]": (password does not display)
Re-enter password for principal: "[email protected]": (password does not
display)
kadmin.local: exit
Task 9: Create an Externally Authenticated Oracle User
Run SQL*Plus on the Oracle database server to create the Oracle user that
corresponds to the Kerberos user. In the following example, OS_AUTHENT_PREFIX
is set to null (""). The Oracle user name is in uppercase enclosed in double
quotation marks as shown in the following example:
SQL> CONNECT / AS SYSDBA;
SQL> CREATE USER "[email protected]" IDENTIFIED EXTERNALLY;
SQL> GRANT CREATE SESSION TO "[email protected]";
Description: This parameter specifies the complete path name to the
Kerberos realm translation file. The translation file provides a
mapping from a host name or domain name to a realm. The
default is operating system-dependent. For UNIX, it is
/etc/krb.realms.
Example: SQLNET.KERBEROS5_REALMS=/krb5/krb.realms
Note: The utility names in this section are executable programs.
However, the Kerberos user name krbuser and realm
SOMECO.COM are examples only; they can vary among systems.
- Database 1
- Contents 5
- Advanced Security 10
- Part V Appendixes 13
- B Authentication Parameters 13
- E orapki Utility 14
- Glossary 16
- List of Figures 18
- List of Tables 21
- Send Us Your Comments 23
- ■ Organization 25
- ■ Related Documentation 25
- ■ Conventions 25
- ■ Documentation Accessibility 25
- ■ Audience 25
- Audience 26
- Organization 26
- Related Documentation 29
- Conventions 31
- Conventions in Code Examples 32
- Documentation Accessibility 36
- ■ Tool Changes 40
- ■ Common Security Threats 46
- Common Security Threats 47
- Password-Related Threats 48
- Data Encryption 49
- Data Integrity 51
- Strong Authentication 52
- ■ Entrust/PKI 54
- ■ Smart Cards 55
- ■ Token Cards 55
- ■ DCE Communication/Security 55
- Enterprise User Management 57
- Overview 63
- Oracle Net Manager 64
- ■ Other Params Property Sheet 66
- ■ Integrity Property Sheet 66
- ■ Encryption Property Sheet 66
- ■ SSL Property Sheet 66
- Oracle Wallet Manager 68
- ■ Members of the group 89
- ■ Edit history for the group 89
- User Migration Utility 95
- About Encryption 104
- Advanced Encryption Standard 104
- DES Algorithm Support 104
- Triple-DES Support 104
- DES40 Algorithm 105
- See Also: 106
- Authentication Key Fold-in 107
- ■ REJECTED 108
- ■ ACCEPTED 108
- REJECTED 109
- ACCEPTED 109
- REQUESTED 109
- REQUIRED 109
- ■ REQUESTED 112
- ■ REQUIRED 112
- ■ On the server: 113
- ■ On the client: 113
- About the Java Implementation 117
- Securing Thin JDBC 118
- Implementation Overview 119
- Obfuscation 119
- Configuration Parameters 120
- Configuration Parameters 121
- Part III 123
- RADIUS Overview 125
- RADIUS Authentication Modes 127
- ■ Change Default Settings 137
- ■ Configure Challenge-Response 137
- ■ Troubleshooting 149
- Task 1: Install Kerberos 150
- ■ Credential Cache File 155
- ■ Configuration File 155
- ■ Realm Translation File 155
- ■ Key Table 155
- ■ Clock Skew 155
- /krb5/krb.conf 157
- /etc/v5srvtab 157
- Domain Controller KDC 162
- Oracle Client 163
- Controller KDC 165
- Troubleshooting 166
- Authentication 167
- ■ About Using SSL 168
- About Using SSL 169
- About Public Key Cryptography 171
- Certificate Authority 172
- Certificates 172
- Certificate Revocation Lists 173
- Hardware security modules 174
- SSL and Firewalls 178
- SSL Usage Issues 180
- Enabling SSL 181
- Important: 182
- (Figure 7–3): 185
- TCP/IP with SSL on the Client 190
- Troubleshooting SSL 197
- What CRLs Should You Use? 201
- How CRL Checking Works 202
- Checking Selected 204
- Displaying orapki Help 207
- 1. File system 212
- 2. Oracle Internet Directory 212
- 3. CRL DP 212
- Security 214
- ■ (UNIX) /opt/nfast 216
- ■ (Windows) C:\nfast 216
- /log/logfile 218
- Using Oracle Wallet Manager 219
- Wallet Password Management 220
- Strong Wallet Encryption 221
- Backward Compatibility 221
- Multiple Certificate Support 222
- LDAP Directory Support 225
- Managing Wallets 227
- Creating a New Wallet 228
- Opening an Existing Wallet 231
- Closing a Wallet 231
- Importing Third-Party Wallets 231
- Saving Changes 235
- Saving in System Default 235
- Deleting the Wallet 236
- Changing the Password 236
- Using Auto Login 237
- Managing Certificates 238
- Adding a Certificate Request 239
- Managing Certificates 240
- Exporting a User Certificate 242
- Managing Trusted Certificates 243
- % sqlplus scott/tiger@emp 248
- System Requirements 256
- DCE Communication/Security 257
- Flexible DCE Deployment 258
- Release Limitations 258
- Integration 262
- Task 1: Configure the Server 263
- Task 5: Configure the Client 270
- Parameters in protocol.ora 271
- DCE.AUTHENTICATION 271
- DCE.PROTECTION 271
- DCE.TNS_ADDRESS_OID 272
- DCE.LOCAL_CELL_USERNAMES 272
- Starting the Listener 277
- Sample Parameter Files 279
- The listener.ora File 280
- The tnsnames.ora File 281
- Enterprise User Security 283
- About Enterprise User Schemas 292
- Enterprise Users 295
- Enterprise Roles 296
- Enterprise Domains 298
- Database Server Entries 299
- OracleDBCreators 300
- OracleContextAdmins 300
- OracleDBSecurityAdmins 300
- OracleUserSecurityAdmins 300
- Administrative Groups 301
- ■ By a password 307
- ■ GLOBALLY 307
- ■ EXTERNALLY 307
- Typical Configurations 312
- Tasks and Troubleshooting 313
- ■ Register databases 318
- Directory 323
- 3. Click Apply 332
- SQL> /@connect_identifier 336
- NO-GLOBAL-ROLES Checklist 345
- USER-SCHEMA ERROR Checklist 346
- DOMAIN-READ-ERROR Checklist 347
- ■ Enterprise domains 352
- ■ Enterprise roles 352
- ■ Enterprise users 352
- Management Realm 356
- Creating New Enterprise Users 359
- ■ Directory logon 361
- ■ All (the default setting) 369
- ■ Password 369
- ■ SSL (PKI certificates) 369
- ■ Kerberos 369
- Dialog Box 374
- Appendixes 383
- Sample sqlnet.ora File 385
- Kerberos 386
- SQLNET.ENCRYPTION_SERVER 388
- SQLNET.ENCRYPTION_CLIENT 388
- SQLNET.CRYPTO_CHECKSUM_SERVER 389
- SQLNET.CRYPTO_CHECKSUM_CLIENT 389
- ■ MD5: Message Digest 5 392
- Authentication Parameters 395
- SQLNET.RADIUS_AUTHENTICATION 396
- SQLNET.RADIUS_SEND_ACCOUNTING 397
- SQLNET.RADIUS_SECRET 398
- SQLNET.RADIUS_ALTERNATE 398
- SQLNET.RADIUS_ALTERNATE_PORT 398
- Minimum RADIUS Parameters 400
- SSL Authentication Parameters 401
- Cipher Suite Parameters 402
- SSL Version Parameters 403
- Wallet Location 406
- Settings 409
- Cryptographic Seed Value 411
- FIPS Parameter 411
- Post Installation Checks 412
- Status Information 412
- Physical Security 413
- ■ orapki Utility Overview 415
- /private/lhale/cert.txt 416
- To view a certificate: 417
- <certificate_filename> 420
- Prerequisites 422
- [-summary 423
- Creating Entrust Profiles 434
- User-Created Entrust Profiles 435
- Phase Two? 452
- Migration Process 453
- Required Database Privileges 454
- Required Directory Privileges 455
- Keyword: HELP 458
- Keyword: PHASE 458
- Keyword: DBLOCATION 458
- Keyword: DIRLOCATION 459
- Keyword: DBADMIN 459
- Keyword: ENTADMIN 460
- Keyword: USERS 460
- Keyword: USERSLIST 461
- Keyword: USERSFILE 461
- Keyword: MAPSCHEMA 462
- Keyword: MAPTYPE 463
- Keyword: CASCADE 464
- Keyword: CONTEXT 464
- Keyword: LOGFILE 465
- Keyword: PARFILE 465
- DBADMIN=system:manager 469
- DIRLOCATION=machine2:636 469
- Glossary-2 484
- Glossary-3 485
- Glossary-4 486
- Glossary-5 487
- Glossary-6 488
- Glossary-7 489
- Glossary-8 490
- Glossary-9 491
- Glossary-10 492
- Glossary-11 493
- Glossary-12 494
- Glossary-13 495
- Glossary-14 496
- Glossary-15 497
- Glossary-16 498
- Glossary-17 499
- Glossary-18 500
- Glossary-19 501
- Glossary-20 502
- Glossary-21 503
- Glossary-22 504
- Glossary-23 505
- Glossary-24 506
- Glossary-25 507
- Glossary-26 508
- Index-10 518
Související produkty a manuály pro Databázový software Oracle Database B10772-01
Databázový software Oracle B32100-01 Uživatelský manuál
(258 stránky)
(258 stránky)
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.051 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce