Oracle Database Authentication Methods

This article contains information about Oracle Database Authentication Methods such as External Authentication, Database Authentication, Operation System Authentication, Global Authentication.

Oracle Database Authentication Methods

EXTERNAL AUTHENTICATION

In this mode of authentication, the user need not required to supply his password for the database login.

By default the value for the parameter os_authent_prefix in the database is ops$.

In this case when you create an user under external authenticaion mode, the username should be created as follows.

However if you wish to create an user without the OPS$ prefix,You can change the value of the parameter os_authent_prefix to null.

This allows the user to be created without any prefix. The parameter os_authent_prefix.

DATABASE AUTHENTICATION

In my view this is the best way of authentication for user login to the database.

All the passwords and username are managed by the Oracle. The passwords can be changed periodically and can be set as per the password policies.

For Example;

OPERATING SYSTEM AUTHENTICATION

When You set the parameter REMOTE_OS_AUTHENT to True,Oracle accepts the client operating system user name and uses it for account access. Since the clients can be any PCS or any random machines enable this feature is not recommended or highly insecure.

The default value REMOTE_OS_AUTHENT is false where the remote os user connections are not allowed over the secured connections to the Oracle database

GLOBAL AUTHENTICATION

The users present in the Active Directory can be created in the Database, These users authentication is done by SECURED SOCKET LAYER and the management of these users is done outside of the database by the centralized directory service .

Syntax

Here the advantage is You can centrally manage users and privileges across the enterprise and Provides strong authentication using SSL, Kerberos, or Windows NT native authentication