Oracle Advanced Security: Authentication

Use the Authentication tab to select and prioritize authentication methods. Following is a list of authentication methods supported by Oracle Advanced Security. Each authentication method is followed by a short description of that authentication method.

Kerberos

Provides support for secure, single sign-on capabilities in a distributed environment with secret key cryptography. Passwords are stored in a central repository, making password theft from the network impossible. Kerberos also provides database link authentication and enhanced PC security.

RADIUS

Supports any authentication method that complies with the RADIUS standard, including token cards and smart cards. A RADIUS server passes information between the Oracle server and the designated authentication server(s). From the userÆs perspective, the entire authentication process takes place seamlessly and transparently.

CyberSafe

A Kerberos-based authentication server that provides secure authentication based on key management and shared secrets. The Challenger has password checking and authentication with token security cards.

Identix

Enrolls each user by scanning their fingerprints and storing them in a central Biometric Authentication Server. The stored print is compared to the print read by the Identix TouchNet fingerprint scanner at sign-on time. This technology eliminates password stealing or "borrowingö. Because biometric authentication is based on the userÆs fingerprint, traditional problems of forgotten passwords and lost tokens are eliminated.

NTS

Enables operating system authentication to be performed between a client and an Oracle server on Windows NT. The Windows NT Native authentication method enables database user authentication through Windows NT. This enables client machines to make secure connections to an Oracle8 database on a Windows NT server. A secure connection is when a Windows NT client user name is retrieved on a Windows NT server through the Windows NT Native authentication method. The Windows NT server then permits the user name to perform the database actions on the server.

info.gif
For More Information: Windows NT documentation.

SecurID

Requires two additional pieces of information besides the user name and password to access a databaseùa secret Personal Identification Number (PIN) and a unique, one-time number generated by an electronic token card issued to the user. Since a user must have the physical device in their possession while logging on, token authentication helps verify a userÆs identity.

< button

Click to move a selected authentication method from the Available Methods list to the Selected Methods list.

> button

Click to move a selected authentication method from the Selected Methods to the Available Methods list.

Promote button

Click to move a selected authentication method up in the Selected Methods list. Client/Server negotiation will attempt to use the authentication methods in the order in which they are listed. Net8 will first use the authentication at the top of the list. If it cannot use the first method, it uses the second method, and so on.

Demote button

Click to move a selected authentication method down in the Selected Methods list.

notice.gif
Note: If you have configured the TCP/IP with SSL protocol, the Secure Sockets Layer (SSL) will be configured by default. Any authentication method you choose in this tab will override authentication features of SSL. See the SSL tab to configure additional SSL options. If you are using the TCP/IP with SSL protocol, do not use any of the other authentication methods: the Selected Methods list must be empty.

info.gif
For More Information: See Oracle Advanced Security Administrator's Guide.