Is it possible to supply a user name and password to be checked using OS Authentication.
User johndoe with password "passwordjohn" is set up as an externally authenticated user in Oracle and alos exists on the domain server, is logged onto a database from machine1.
He connects to the database using "connect /@db_alias"
A user "janedoe" exists with password "passwordjane". Can she connect to the same database as johndoe from the same machine where her password is authenticated by the OS.
E.g. "connect janedoe/passwordjane@db_alias" should connect her to he database where her pasword is authenticated by NT
Can you only connect to a database using OS Authentication as the currently logged on user of the machine?
What I basically want to know is: Using OS Authentication is it possible for users other than the logged on user to connect to a database from the same machine?
OS Authentication only works on the host running the database. This means that if you have a host host1 that has a database. You can connect to that database using OS authentication only when you are logged on to that host directly. If the user only exists in the domain: tough luck, it doesn't work. All in all this means OS authentication is not much use...
OS Authentication works well and is useful despite the previous post, perhaps they misunderstood what you are asking. From my understanding OS Authentication works like this:
If user JohnDoe is set up in the database with external authentication, he must be logged into the domain to have access to the database. Therefore if he is not logged into the workstation he is accessing the database from, he will be denied access to the database. He does not need to enter his username or password.
If JaneDoe was set up for password authentication, she would be able to sit at John's workstation and log into the database as JaneDoe/herpassword and be connected. She does not need to be logged into the domain to access the database.
One critical point - you need to set up the user in the database even if you configure the database for external configuration, if the user does not exist in the database, they will not be able to connect to the database. I know it's an obvious point but you never know!
There are some configuration steps involved in setting this up so it works this way. I believe it is fairly well documented in the Oracle doc set. Hope I have given a clear explanation of how it works
I have it working from my own machine that I am logged into
Problem is though I want to be able to actually specify an NTusername/NTpassword of an externally authenticated Oracle user from a machine that I am not logged on (i.e. a machine that has someone else logged into it)
I don't think this is possible!?!
Are there any third party utils that will let me do what I have outlined above?
If you are not logged into the domain, then what is Oracle using to identify the user if they are external? You seem to be wanting a blend of password and OS Authentication for the same user, which is defeating the purpose of user authentication.
The only way would be to create two accounts for the same person, one with password authentication and one with OS authentication.
I was under the impresion that the way OS Authentication would work would be as follows:
1) Create user "johndoe" in Oracle to be authenticated externally
2) Create user "johndoe" in domain (if he doesn't already exist) and assign a password e.g. "passwordjohn"
3) When user tried to log on to the Oracle database he would enter his NTusername (which would correspond to his Oracle username) and his NT password. e.g. "connect johndoe/passwordjohn@db_alias"
4) Oracle woudl verify the username and see that it was an external user.
5) Oracle would then verify the passwod entered by the user with NT and if it was correct then it would allow the user acces to the database.
This is how I had hoped it would work but it doen't seem to be the case. Seems logical to me though! :-)
Had previosuly tried both of these and they don't work.
It's as if as soon as Oracle sees a username and password being entered it assumes it's an Oracle password authenticated user that is trying to connect instead of looking up the DBA_USERS view and seeing that the authentication for this suer is actually EXTERNAL.