| O
racle® Database Advanced Security Administrator's Guide 10g Release 1 (10.1) Part Number B10772-01 |
|
|
View PDF |
| O
racle® Database Advanced Security Administrator's Guide 10g Release 1 (10.1) Part Number B10772-01 |
|
|
View PDF |
Welcome to the Oracle Database Advanced Security Ad ministrator's Guide for the 10g Release 1 (10.1) of Oracle Advanced Security.
Oracle Advanced Security contains a comprehensive suite of security features that protect enterprise networks and securely extend them to the Internet. It provides a single source of integration with multiple network encryption and authentication solutions , single sign-on services, and security protocols.
The Oracle Database Advanced Security Adm inistrator's Guide describes how to implement, configure and administer Oracle Advanced Security.
This preface contains these topics:
The Oracle Database Advanced Security Administrator's Guide is intended f or users and systems professionals involved with the implementation, configuration, and administration of Oracle Advanced Security in cluding:
This document contains the followin g chapters:
This chapter provides an overview of Oracle Advanced Security features provided with this release.
< a name="971195">This chapter provides an introductio n and overview of Oracle Advanced Security GUI and command-line tools.
This chapter describes how to configure data encryption and integrity within an existing Oracle Net Services 10g Release 1 (10.1) network.
This chapter provides an overview of the Java implementation of Oracle Advanced Security, which lets Thin Java Database Con nectivity (JDBC) clients securely connect to Oracle Database databases.
This chapter describes how to configure Oracle for use with RADIUS (Remote Authentication Dial-In User Service). It provi des an overview of how RADIUS works within an Oracle environment, and describes how to enable RADIUS authentication and accounting. I t also introduces the challenge-response user interface that third party vendors can customize to integrate with third party authenti cation devices.
This chapter describes how to configure Oracle for use with MIT Kerberos and provides a brief overview of steps to configure Kerber os to authenticate Oracle users. It also includes a brief section that discusses interoperability between the Oracle Advanced Securit y Kerberos adapter and a Microsoft KDC.
This chapter describes how Oracle Advanced Security supports a public key infrastructure (PKI). It includes a discussion of configuring and using the Secure Sockets Layer (SSL), certificate validation, and hardware security modul e support features of Oracle Advanced Security.
Thi s chapter describes how to use Oracle Wallet Manager to manage Oracle wallets and PKI credentials.
This chapter describes the auth entication methods that can be used with Oracle Advanced Security, and how to use conventional user name and password authentication. It also describes how to configure the network so that Oracle clients can use a specific authentication method, and Oracle servers c an accept any method specified.
This chapte r provides a brief discussion of Open Software Foundation (OSF) DCE and Oracle DCE Integration, including what you need to do to conf igure DCE to use Oracle DCE Integration, how to configure the DCE CDS naming adapter, DCE parameters, and how clients outside of DCE can access Oracle databases using another protocol such as TCP/IP.
This chapter describes the Oracle LDAP directory and database i ntegration that enables you to store and manage users' authentication information in Oracle Internet Directory. This feature makes id entity management services available to Oracle databases, which provides single sign-on to users (users can authenticate themselves t o the database once and subsequent authentications occur transparently). It describes the components and provides an overview of how Enterprise User Security works.
This chapter explains how to configure Enterprise User Security, providing a configuration steps roadmap and the t asks required to configure password-, SSL-, and Kerberos-based Enterprise User Security authentication.
This chapter describes how to use the Enterprise Security Manager to define directory identity management realm properties and to manage enterprise users, enterprise domains, and enterprise roles.
This appendix describes Oracle Advanced Security data encryption and integrity configuration parameters.
This appendix describes Oracle Advanced Security authentication configuration file parameters.
This appendix explains how third party aut hentication device vendors can integrate their devices and customize the graphical user interface used in RADIUS challenge-response a uthentication.
This appendix descri
bes the sqlnet.ora configuration parameters required to comply with the FIPS 140-1 Level 2 evaluated configuration.
This appendix provides the syntax for the orapki command
line utility. This utility must be used to manage certificate revocation lists (CRLs). You can also use this utility to create and m
anage Oracle wallets; create certificate requests, signed certificates, and user certificates for testing purposes; and to export cer
tificates and certificate requests from Oracle wallets.
This appendix describes how to configure and use Entrust-enabled Oracle Advanced Security for Secure Sockets Layer (SSL) a uthentication.
This appendix describes the User Migration Utility, which can be used to perform bulk migrations of database users to an LDAP directory where they are stored and man aged as enterprise users. It provides utility syntax, prerequisites, and usage examples.
For more information, see these Oracle resources:
Many books in the documentation set use the sample schemas of the seed database, which is installed by default when you install Oracle. Refer to Oracle Database Sample Schemas for information on how these schemas wer e created and how you can use them yourself.
Printed documentation is available for sale in the Oracle Store at
http://oraclestore.oracle.com/< /a>
To download free release notes, installation documentation, whi te papers, or other collateral, please visit the Oracle Technology Network (OTN). You must register online before using OTN; registra tion is free and can be done at
http://otn.oracl e.com/membership/
If you already have a username and password f or OTN, then you can go directly to the documentation section of the OTN Web site at
http://otn.oracle.com/documentation/
For information from third-party vendors, see:
For conceptual information about the network security technologies supported by Oracle Advanced Security, you can refer to the following third-party publications:
This section describes the conventions used in the text and code examples of this documentati on set. It describes:
We use various conventions in text to help you more quickly identify special terms. The following table describes t hose conventions and provides examples of their use.
| Convention | Meaning | Example |
|---|---|---|
|
Bold |
Bold typeface indicates terms that are defined in the text or terms that appear in a glossary, or both. |
When you specify thi s clause, you create an index-organized table. |
|
Italics |
Italic typeface indicates book titles or emphasis. |
Ensure that the recovery cata log and target database do not reside on the same disk. |
|
|
Uppercase monospace typeface indicates elements supplied by the system. Such ele ments include parameters, privileges, datatypes, RMAN keywords, SQL keywords, SQL*Plus or utility commands, packages and methods, as well as system-supplied column names, database objects and structures, usernames, and roles. |
You can specify this clause only for a You can back up the database by using the Query the Use the |
|
|
Lowercase monospace typeface indicates executables, filenames, directory names, and sample user-supplied ele ments. Such elements include computer and database names, net service names, and connect identifiers, as well as user-supplied databa se objects and structures, column names, packages and classes, usernames and roles, program units, and parameter values. Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown. |
Enter The password is specified in the Back up the datafiles and control files in the The Set the The |
|
|
Lowercase italic monospace font represents placeholders or variables. |
You can specify the Run |
Code examples illustrate SQ L, PL/SQL, SQL*Plus, or other command-line statements. They are displayed in a monospace (fixed-width) font and separated from normal text as shown in this example:
SELECT username FROM dba_users WHERE username = 'MIGRATE'; < a name="970284">
The following table describes typographic conventions used in code e xamples and provides examples of their use.
| Convention | Meaning | Example |
|---|---|---|
[ ] |
Brackets enclose one or more optional items. Do not enter the brackets. |
DECIMAL (digits [ , precision ]) |
{ } |
Braces enclose two or more items, one of which is required. Do not enter the braces. |
{ENABLE | DISABLE} |
| |
A vertical bar represents a choice of two or more options within brackets or braces. Enter one of the options. Do not enter the vertical bar. |
{ENABLE | DISABLE} [COMPRESS | NOCOMPRESS] |
... |
Horizontal ellipsis points indicate either: |
CREATE TABLE ... AS subquery; SELECT col1, col2, ... , col n FROM employees; |
. . . |
Vertical ellipsis points indicate that we have omitted several lines of code not directly related to the example. |
SQL> SELECT NAME FROM V$DATAFILE; NAME ------------------------------------ /fsl/dbs/tbs_01.dbf /fs1/dbs/tbs_02.dbf . . . /fsl/dbs/tbs_09.dbf 9 rows sel ected. |
|
Oth er notation |
You must enter symbols other than brackets, braces, ve rtical bars, and ellipsis points as shown. |
acctbal NUMBER(11,2); acct CONSTANT NUMBER(4) := 3; |
Italics |
<
/a>
Italicized text indicates placeholders or variables for which you must supply particular values. |
CONNECT SYSTEM/system_password DB_NAM E = database_name |
|
Uppercase typefac e indicates elements supplied by the system. We show these terms in uppercase in order to distinguish them from terms you define. Unl ess terms appear in brackets, enter them in the order and with the spelling shown. However, because these terms are not case sensitiv e, you can enter them in lowercase. |
SELECT last_name, employee_i d FROM employees; SELECT * FROM USER_TABLES; DROP TABLE hr.employees; |
lowercase |
Lowercase typeface indicates programmatic elements that you supply. For example , lowercase indicates names of tables, columns, or files. Note: Some programmatic elements use a mixture of UPPERCASE and lowercase. Enter these elements as shown. |
< pre class="CEW">SELECT last_name, employee_id FROM employees; sqlplus hr/hr CREATE USER mjones IDENTIFIED BY ty3MU9; |
The following table describes conventions for Windows operating systems and provides examples of their use.
Our goal is to make Oracle products, services, and supporting doc umentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make inf ormation available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitat e access by the disabled community. Standards will continue to evolve over time, and Oracle is actively engaged with other market-lea ding technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For addit ional information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
JAWS, a Windows screen reader, may not always correctly read the code examples in this document. The conventions for writing c ode require that closing braces should appear on an otherwise empty line; however, JAWS may not always read a line of text that consi sts solely of a bracket or brace.
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any represe ntations regarding the accessibility of these Web sites.
|
