RE: Using Microsoft Windows 2000 Active Directory userid to logon
Could you point me in the right direction? Thanks John -Original Message- Sent: August 15, 2002 5:14 PM To: Multiple recipients of list ORACLE-L logon to I have it working and am pretty happy with it. It doesn't allow a user to connect to the database without entering anything, they still have to enter a / for username, but they don't have to enter a password. One tip - for security reasons you should preface the usernames with your domain name and not OPS$ or some such nonsense. You will occaissionally run into older products that don't support OS authentication - eg. Oracle Reports 6.0. Beyond user ease, the other reason I like it is that I can script DBA tasks in .bat files without hardcoding username/password HTH, Beth -Original Message- Sent: Thursday, August 15, 2002 4:04 PM To: Multiple recipients of list ORACLE-L to I have some users who use both Oracle and Microsoft SQL Server. They like the fact they don't have to type in a userid and password when they logon to SQL server, they are authenticated with their Windows logon. They'd like the same thing when they logon to Oracle. I seem to recall that Oracle can use the userid and password from the operating system but has anyone got this working under NT? Thanks John -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Seefelt, Beth INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Using Microsoft Windows 2000 Active Directory userid to logon
Metalink doc 60634.1 but set OS_AUTHENT_PREFIX = and OSAUTH_PREFIX_DOMAIN = TRUE HTH, Beth -Original Message- Sent: Friday, August 16, 2002 11:19 AM To: Multiple recipients of list ORACLE-L logon Could you point me in the right direction? Thanks John -Original Message- Sent: August 15, 2002 5:14 PM To: Multiple recipients of list ORACLE-L logon to I have it working and am pretty happy with it. It doesn't allow a user to connect to the database without entering anything, they still have to enter a / for username, but they don't have to enter a password. One tip - for security reasons you should preface the usernames with your domain name and not OPS$ or some such nonsense. You will occaissionally run into older products that don't support OS authentication - eg. Oracle Reports 6.0. Beyond user ease, the other reason I like it is that I can script DBA tasks in .bat files without hardcoding username/password HTH, Beth -Original Message- Sent: Thursday, August 15, 2002 4:04 PM To: Multiple recipients of list ORACLE-L to I have some users who use both Oracle and Microsoft SQL Server. They like the fact they don't have to type in a userid and password when they logon to SQL server, they are authenticated with their Windows logon. They'd like the same thing when they logon to Oracle. I seem to recall that Oracle can use the userid and password from the operating system but has anyone got this working under NT? Thanks John -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Seefelt, Beth INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Seefelt, Beth INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Using Microsoft Windows 2000 Active Directory userid to logon
The only Oracle-supported method of this is to use Oracle Internet Directory (OID). OID has a fun feature that says it will allow full replication between it and another full LDAPv3 compliant server, which is odd considering that OID itself is *not* LDAPv3 compliant -- no matter what Oracle tells you (try using OID LDIF files in another LDAP server!). I've also not been able to get OID to replicate reliably to another OID instance. It works fine for a few weeks, then chortles when some resource leak hits a limit. Oracle Support has put this to development, where it has been sitting for several months. Granted, our new sales people really seemed to put forth a lot of effort in resolving the issue, but it was just too late. We have dumped OID in favor of Sun One (iPlanet). Which means that Oracle won't support authentication or names resolution -- unless we have OID in between the DB and Sun One... sigh. I like the DB, but the other Oracle products I'm not too sure about... Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 15, 2002 3:04 PM To: Multiple recipients of list ORACLE-L Subject: Using Microsoft Windows 2000 Active Directory userid to logon to I have some users who use both Oracle and Microsoft SQL Server. They like the fact they don't have to type in a userid and password when they logon to SQL server, they are authenticated with their Windows logon. They'd like the same thing when they logon to Oracle. I seem to recall that Oracle can use the userid and password from the operating system but has anyone got this working under NT? Thanks John -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Using Microsoft Windows 2000 Active Directory userid to logon to
I have it working and am pretty happy with it. It doesn't allow a user to connect to the database without entering anything, they still have to enter a / for username, but they don't have to enter a password. One tip - for security reasons you should preface the usernames with your domain name and not OPS$ or some such nonsense. You will occaissionally run into older products that don't support OS authentication - eg. Oracle Reports 6.0. Beyond user ease, the other reason I like it is that I can script DBA tasks in .bat files without hardcoding username/password HTH, Beth -Original Message- Sent: Thursday, August 15, 2002 4:04 PM To: Multiple recipients of list ORACLE-L to I have some users who use both Oracle and Microsoft SQL Server. They like the fact they don't have to type in a userid and password when they logon to SQL server, they are authenticated with their Windows logon. They'd like the same thing when they logon to Oracle. I seem to recall that Oracle can use the userid and password from the operating system but has anyone got this working under NT? Thanks John -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Seefelt, Beth INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Using Microsoft Windows 2000 Active Directory userid to logon
Beth, can you give a specific example of how you did this? It was my understanding that using external authentication was inherently a security hole, given that a person could create any user on any node in your network (e.g. a DBA username on some PC or Unix workstation) and connect to your DB as that user. Or is this just not applicable in your situation? I'm not up to speed on Windows authentication... Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA -Original Message- From: Seefelt, Beth [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 15, 2002 4:14 PM To: Multiple recipients of list ORACLE-L Subject: RE: Using Microsoft Windows 2000 Active Directory userid to logon to I have it working and am pretty happy with it. It doesn't allow a user to connect to the database without entering anything, they still have to enter a / for username, but they don't have to enter a password. One tip - for security reasons you should preface the usernames with your domain name and not OPS$ or some such nonsense. You will occaissionally run into older products that don't support OS authentication - eg. Oracle Reports 6.0. Beyond user ease, the other reason I like it is that I can script DBA tasks in .bat files without hardcoding username/password HTH, Beth -Original Message- Sent: Thursday, August 15, 2002 4:04 PM To: Multiple recipients of list ORACLE-L to I have some users who use both Oracle and Microsoft SQL Server. They like the fact they don't have to type in a userid and password when they logon to SQL server, they are authenticated with their Windows logon. They'd like the same thing when they logon to Oracle. I seem to recall that Oracle can use the userid and password from the operating system but has anyone got this working under NT? Thanks John -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).