I have been looking for the documents or white papers which talks on how oracle would perform an user authentication to the client system, when you perform a remote OS authentication.
My question here is how does oracle confirms that the user who is logged into the client system is the owner before comparing the name with the oracle username. Does it take the uid and translate it to the username and then compares it to the database user name or what?
Just got lost in this part of undestanding? There are no docs that talks about the steps that oracle would go through on authenticating the remote user to the database user whose identification had been set to external.
Any information on this would greatly be appreciated.
If you can get hand on "Oracle Security Handbook" (Osborne ORACLE Press Series) by Marlene L. Theriault - it has a very detailed description how OS authentication works, step by step. Separately for Unix and for Win$, as the process of user authentication differs substantialy between those two OS. I don't have the book handy, but I remember it describes this topic extremely understandable and in great detail.
Jurij Modic ASCII a stupid question, get a stupid ANSI
24 hours in a day .... 24 beer in a case .... coincidence?
I'll check it out first thing tomorrow. I have been with oracle, discussing this issue for the last three days and they so far had only been giving me a wishy washy asnwer. My question was when the DB does a remote user authentication, how would oracle come to know of the os_user name. Does it get from the client environment or through the UID parameter. Looks like they weren't ready to answer this qustion. But for me it is necessary, if I want to authenticate the web users' scripts, through the web client.
I'll as a first thing tomorrow would go through it. Thanx for pointing in the right direction.
Yes, that did explain to an extent. But still my question is from where does it gets the OS_USERNAME? I know its a security issue. But I'm more interested in digging deep into it for learning purposes only. If any one had cracked it or have a work around, I'm very much interested in hearing it from you.
If you do not want to reveal your identity here, please feel free to email me your suggestions. my email address is firstname.lastname@example.org (Remeber to quote the DBSUPPORT discussion)
I here by promiss to maintain the confidentiality!