In order for a database account to accept connections without a password the
database logon must be created with an 'IDENTIFIED EXTERNALLY' clause.
Eg: CREATE USER OSUSER_SCOTT IDENTIFIED EXTERNALLY;
This will allow SCOTT to 'CONNECT /'.
This will NOT allow SCOTT to connect as OSUSER_SCOTT in any other manner
CREATE USER OSUSER_SCOTT IDENTIFIED BY XYZ;
The user must supply the username AND password to connect as the
account has actually been created as requiring database authentication.
Ie: 'CONNECT /' will *NOT* work.
'CONNECT OSUSER_SCOTT/XYZ' will connect.
If the OS_AUTHENT_PREFIX is set to OPS$ a user can connect in either
manner if created with a password. This is more of a security risk
as there are 2 ways to access the database account.
Eg: CREATE USER OPS$SCOTT IDENTIFIED BY XYZ;
Allows the user to 'CONNECT /' or 'CONNECT OPS$SCOTT/XYZ'.
NOTE: on unix platforms, you need use sqlplus "OPS\$SCOTT/XYZ" to connect to oracle server.
Monday, January 21, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment