Results 1 to 10 of 10
  1. #1
    Join Date
    Apr 2002
    Posts
    5

    Unanswered: OS Authentication

    Is it possible to supply a user name and password to be checked using OS Authentication.

    E.g.
    User johndoe with password "passwordjohn" is set up as an externally authenticated user in Oracle and alos exists on the domain server, is logged onto a database from machine1.
    He connects to the database using "connect /@db_alias"

    A user "janedoe" exists with password "passwordjane". Can she connect to the same database as johndoe from the same machine where her password is authenticated by the OS.
    E.g. "connect janedoe/passwordjane@db_alias" should connect her to he database where her pasword is authenticated by NT

    OR

    Can you only connect to a database using OS Authentication as the currently logged on user of the machine?

    What I basically want to know is: Using OS Authentication is it possible for users other than the logged on user to connect to a database from the same machine?

    Thanks in advance for any help!

  2. #2
    Join Date
    Jun 2001
    Location
    The Netherlands
    Posts
    38
    OS Authentication only works on the host running the database. This means that if you have a host host1 that has a database. You can connect to that database using OS authentication only when you are logged on to that host directly. If the user only exists in the domain: tough luck, it doesn't work. All in all this means OS authentication is not much use...

  3. #3
    Join Date
    Feb 2002
    Location
    British Columbia
    Posts
    13
    OS Authentication works well and is useful despite the previous post, perhaps they misunderstood what you are asking. From my understanding OS Authentication works like this:
    If user JohnDoe is set up in the database with external authentication, he must be logged into the domain to have access to the database. Therefore if he is not logged into the workstation he is accessing the database from, he will be denied access to the database. He does not need to enter his username or password.

    If JaneDoe was set up for password authentication, she would be able to sit at John's workstation and log into the database as JaneDoe/herpassword and be connected. She does not need to be logged into the domain to access the database.

    One critical point - you need to set up the user in the database even if you configure the database for external configuration, if the user does not exist in the database, they will not be able to connect to the database. I know it's an obvious point but you never know!

    There are some configuration steps involved in setting this up so it works this way. I believe it is fairly well documented in the Oracle doc set. Hope I have given a clear explanation of how it works

  4. #4
    Join Date
    Jun 2001
    Location
    The Netherlands
    Posts
    38
    I've just tried it again after some years and it still doesn't work.

    It work on Unix. You can logon using / if you set up the user with os authentication.
    On NT you get the error ORA-01004: default username feature not supported ; login denied.

  5. #5
    Join Date
    Apr 2002
    Posts
    5

    OS Authentication

    I have it working from my own machine that I am logged into

    Problem is though I want to be able to actually specify an NTusername/NTpassword of an externally authenticated Oracle user from a machine that I am not logged on (i.e. a machine that has someone else logged into it)

    I don't think this is possible!?!

    Are there any third party utils that will let me do what I have outlined above?

  6. #6
    Join Date
    Feb 2002
    Location
    British Columbia
    Posts
    13
    I doubt you are going to find what you want.

    If you are not logged into the domain, then what is Oracle using to identify the user if they are external? You seem to be wanting a blend of password and OS Authentication for the same user, which is defeating the purpose of user authentication.

    The only way would be to create two accounts for the same person, one with password authentication and one with OS authentication.

    HTH.

  7. #7
    Join Date
    Feb 2001
    Location
    NC, USA
    Posts
    200
    Out of interest, have you tried this (note the quotes).
    Code:
    sqlplus "NTDomain\NTusername"/NTpassword@SID
    or
    sqlplus "NTDomain/NTusername"/NTpassword@SID"
    Theoretically, what you want seems logical and technically there should be no reason why Oracle couldn't do this.

    This is all speculation as I don't have the environment to test this.

  8. #8
    Join Date
    Apr 2002
    Posts
    5

    OS Authentication

    I was under the impresion that the way OS Authentication would work would be as follows:
    1) Create user "johndoe" in Oracle to be authenticated externally
    2) Create user "johndoe" in domain (if he doesn't already exist) and assign a password e.g. "passwordjohn"
    3) When user tried to log on to the Oracle database he would enter his NTusername (which would correspond to his Oracle username) and his NT password. e.g. "connect johndoe/passwordjohn@db_alias"
    4) Oracle woudl verify the username and see that it was an external user.
    5) Oracle would then verify the passwod entered by the user with NT and if it was correct then it would allow the user acces to the database.

    This is how I had hoped it would work but it doen't seem to be the case. Seems logical to me though! :-)

  9. #9
    Join Date
    Feb 2001
    Location
    NC, USA
    Posts
    200
    Yeah.. I think your right. I guess the whole point is so that users don't have to retype in a seperate password for Oracle.

    So with that in mind. You would have to be logged in to the domain before connecting to Oracle.

    So my theory wouldn't work.

  10. #10
    Join Date
    Apr 2002
    Posts
    5

    OS Authentication

    Paul,

    Had previosuly tried both of these and they don't work.

    It's as if as soon as Oracle sees a username and password being entered it assumes it's an Oracle password authenticated user that is trying to connect instead of looking up the DBA_USERS view and seeing that the authentication for this suer is actually EXTERNAL.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •