Home
Home Page
PHP and Web. Caching
Job with Cookies on PHP
Electronic dispatches
JUzabiliti the main page
Natural keys against artificial keys
Uniform autentifikacija Windows NT/2000 and Oracle
The manual on Link Popularity
Partner Links: optimize an exchange of links
What for registration in catalogues through 1PS.RU is necessary
Krossbrauzernyj DHTML
DHTML-skriplet - it is simple about simple
Promotion of a site with the help of bulletin boards
The practical grant{manual} on a spelling of slogans for websites
We check the site - that has taken place with your ranging?
PHP: Patterns
Use of patterns in PHP4
Really easy change of design
Job with patterns, use HTML-Template with CGI-scripts
Job with files in PHP
Links
topic
 

Uniform autentifikacija Windows NT/2000 and Oracle

At use Windows NT/2000 as platforms for job Oracle, both on the party  of the server and on the party  of clients, there is an opportunity to use uniform system autentifikacii for users of a database and operational system.


The mechanism autentifikacii exclusive users is more - less widely known, and autentifikacija ordinary users, despite of certain pluss, is applied far from being often.


At inclusion of such mechanism autentifikacii, Oracle completely it is necessary on operational system which according to the rules, accepts or rejects searches of the removed client machines about use of internal resources. In Windows NT/2000 the uniform mechanism autentifikacii is applied everywhere, to access to various services. For example, at job Exchange Server or SQL Server to you, most likely it is not necessary to enter a name and the password the second time after you have already made autentifikaciju at an input{entrance} in Windows (all depends on adjustments). Oracle too it can be integrated sWindows, using the uniform mechanism autentifikacii. At similar autentifikacii, Oracle, using simple rules, tries to compare login name Windows to the registered user of a database. I do not know other operational system, except for Windows where use of the similar mechanism autentifikacii without attraction of the software of the third firms (with pleasure would be possible shall make correction of this statement if who be, has other data).


For use uniform autentifikacii, in delivery Oracle both the server, and the client for Windows NT, is special autentifikacionnyj the adapter. Both on the client, and on the server this adapter becomes more active at entering in a file sqlnet.ora lines ” SQLNET.AUTHENTICATION_SERVICES = (NTS) “. During installation Oracle 8i the similar line registers in this file automatically.

Autentifikacija managers


The decision has or user Windows has not the right to make connection with a database as SYSDBA, Oracle makes on the basis of check of an accessory{a belonging} of this user in one of the predetermined groups of operational system:


- Group ORA_DBA allows all users included in it{her} to be registered as SYSDBA on any copy (instance), working on the given machine (or any copy of any machine of the domain if the group is determined at a level of the domain).


- Group ORA_XXX_DBA (where XXX - a name of a copy) allows similar registration only in a copy with a name XXX.


If the above-stated condition is observed, the user can make registration as SYSDBA, having entered the following:

SQL> connect / as sysdba



Or

SQL> connect / @SERVICE_NAME as sysdba



At installation Oracle 8i, the setup automatically creates local group with the name "ORA_DBA" and adds in it{her} the current user.

Autentifikacija users


In case of ordinary users, Oracle uses some special rules, for association of the user of a database with the user of operational system.


The similar association can be made with or without use of domain login name Windows.


It is used whether or not the domain name, is defined{determined} by value of register variable OSAUTH_PREFIX_DOMAIN. At installation of this variable in value TRUE the account of a domain name, in FALSE is made, accordingly no. This variable in the register settles down to the following address: HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\ HOMEID (where ID number{room} 0,1,2 …)


Except for it by comparison of names, option value Oracle OS_AUTHEN_PREFIX (default value OPS $) is taken into account.


At attempt of the user to make connection through SQL*Plus the next line:

SQL> connect/



Or

SQL> connect / @SERVICE_NAME



Oracle tries to find the user of a database with a name generated of option value OS_AUTHENT_PREFIX, a domain name (if the domain is used) and login name Windows. For example, we have user SCOTT from domain DOMAIN and value of variable OS_AUTHENT_PREFIX equal ” OS _ “.


- Without taking into account domain Oracle will search for the user of a database with name OS_SCOTT;


- In view of the domain, with name OS_DOMAIN\SCOTT


At creation of the user of a database it should be set external autentifikacija. For example:

SQL> create user "OS_DOMAIN\SCOTT" identified externally;



I.e. this user cannot make connection through standard procedure autentifikacii Oracle, for that simple reason that has no the password. Exception of a rule at use external autentifikacii occurs only when parameter OS_AUTHENT_PREFIX matters by default (” OPS $ “). In this case the user, can use external autentifikaciju even if he has been created with the usual password.

SQL> create user SCOTT identified by TIGER;


In a package of installation for Windows, Oracle delivers tool Oracle Administration Assistant for Windows NT with which help it is possible to automate all listed actions.


It is necessary to notice still, that I have listed not all opportunities Oracle on interaction with operational system in the plan autentifikacii and authorizations of users. For brevity only I shall say, that Oracle allows similar (as it is described above) in the image to make association between groups of users of operational system and internal roles.


The important remark: At use similar autentifikacii you do not need to establish parameter REMOTE_OS_ATHENT=TRUE. Moreover Oracle always recommends will refrain from inclusion of this parameter - therefore as it creates a huge hole in safety of system.