I am primarily interested in encryption, not authentication.
I understand that placing the following lines in a client's sqlnet.ora file to REQUIRE encryption to/from the server is:
SQLNET_CRYPTO_CHECKSUM_TYPE_SERVER = MD5
SQLNET.AUTHENTICATION_SERVICES= (NTS)
SQLNET.CRYPTO_CHECKSUM_CLIENT = requested
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_40, DES40)
SQLNET.ENCRYPTION_TYPES_CLIENT= (RC4_40, DES40)
SQLNET_CRYPTO_CHECKSUM_TYPE_CLIENT = MD5
SQLNET.EXPIRE_TIME = 0
SQLNET.ENCRYPTION_SERVER = REQUIRED
SQLNET.ENCRYPTION_CLIENT = REQUIRED
SQLNET.CRYPTO_CHECKSUM_SERVER = requested
SQLNET.CRYPTO_SEED = qwertyuiopasdfghjkl;zxcvbnm
If encryption can not be enforced by either the client or the server (due to the REQUIRED values), the connection won't be made.
This seems kind of arbitrary that the client can dictate how the server is to conduct business. What (and where) on the server do I set such that encryption is mandatory to/from ANY client? Am I correct that the server's sqlnet.ora file has nothing to do with a remote client's sqlnet.ora file?
Thanx,
Alan Martin
Principal Consultant
Defense Logistics Information Service
Battle Creek, Michigan
