This article contains information about Oracle Database Authentication Methods such as External Authentication, Database Authentication, Operation System Authentication, Global Authentication.
Oracle Database Authentication Methods
EXTERNAL AUTHENTICATION
In this mode of authentication, the user need not required to supply his password for the database login.
By default the value for the parameter os_authent_prefix in the database is ops$.
In this case when you create an user under external authenticaion mode, the username should be created as follows.
1 | create user OPS$NAWAZ identified extenally; |
However if you wish to create an user without the OPS$ prefix,You can change the value of the parameter os_authent_prefix to null.
This allows the user to be created without any prefix. The parameter os_authent_prefix.
1 | create user NAWAZ identified externally; |
DATABASE AUTHENTICATION
In my view this is the best way of authentication for user login to the database.
All the passwords and username are managed by the Oracle. The passwords can be changed periodically and can be set as per the password policies.
For Example;
1 | create user NAWAZ identified by; |
OPERATING SYSTEM AUTHENTICATION
When You set the parameter REMOTE_OS_AUTHENT to True,Oracle accepts the client operating system user name and uses it for account access. Since the clients can be any PCS or any random machines enable this feature is not recommended or highly insecure.
The default value REMOTE_OS_AUTHENT is false where the remote os user connections are not allowed over the secured connections to the Oracle database
GLOBAL AUTHENTICATION
The users present in the Active Directory can be created in the Database, These users authentication is done by SECURED SOCKET LAYER and the management of these users is done outside of the database by the centralized directory service .
Syntax
1 | create user NAWAZ identified globally as 'YOUR DOMAIN NAME'; |
Here the advantage is You can centrally manage users and privileges across the enterprise and Provides strong authentication using SSL, Kerberos, or Windows NT native authentication