OPS$ Account Authentication in OC4J

Hi,
We have an existing database which uses OPS$ account authentication in Oracle Forms 6i. Fine.
But, I need to access the same database from a JSP Application deployed to OC4J. Does OC4J and JDBC support OPS$ authentication in any way?
Thanks,
Jeremy

HI,
Thanks for the response. Actually, I want all users to log in individually, rather than share a JDBC connection username and password. The users currently use Oracle Forms 6i and log in with the "/" username (which then uses remote authentication on the database).
The issue is that they I'm not able to use this kind of authentication via JDBC as, as far as I understand it, this is a feature of SQL*Net (which JDBC does not "use").
The workaround is that the users were created as "create user x identified by y" and not "create user x identified externally" so that they're able to log in both ways. I'm only able to do this because we're using the "OPS$" prefix.
1) using remote authentication
2) Explicitly specifying username and password.
Cheers,
Jeremy

Similar Messages

CONFIGURING OS AUTHENTICATION(OPS$ ACCOUNT) ON NT

제품 : ORACLE SERVER
작성날짜 : 1997-11-27
CONFIGURING OS AUTHENTICATION(OPS$ ACCOUNT) ON NT
=================================================
PURPOSE
다음은 Windows NT나 Windows 95 client에서 Windows NT server에
OS Authentication을 사용하는 방법에 대해 알아 본다.
Explanation
먼저, User Account는 Windows NT client와 Windows NT server에서 동일한
이름을 필요로 한다.
1. Oracle database가 있는 Windows NT server에 User Account를 생성한다.
1) Window의 '시작' -> '프로그램' -> '관리 도구' -> '사용자 관리자'
2) Menu의 '사용자' -> 'New User'
3) Windows NT Client에서 사용할 Username과 Password를 생성한다.
2. OPS$ Account를 생성한다.
1) startup된 db에서 sqlplus나 sqldba로 connect하여 user를 다음과 같이
생성한다.
CREATE USER OPS$<name> IDENTIFIED EXTERNALLY;
GRANT CONNECT TO OPS$<name>;
2) User에 대해 quotas와 더불어 default tablespace,temporary tablespace
를 지정할 경우는 다음과 같이 alter command로 setting한다.
ALTER USER OPS$<name>
DEFAULT TABLESPACE <tablespace1>
TEMPORARY TABLESPACE <tablespace2>
QUOTA 10M ON <tablespace1>
QUOTA 10M on <tablespace2>;
3) User생성에 대한 자세한 정보는 Server Administrator Guide를 참조한다.
3. Oracle database가 있는 Windows NT server에 Directory를 공유한다.
단, SQLNET Named Pipe를 사용한다면 Directory를 공유할 필요는 없다.
공유 parameter box에 공유 이름을 지정하고, 사용자 최대한 허용한다.
만약 사용자를 제한하고자 한다면 제한 버튼을 선택하여 지정한다.
4. 새로운 OS Authentication Account를 test한다.
단, SQL*NET 2.2 Named Pipe에 대해서는 아래의 1)단계를 할 필요 없음.
1) 공유된 NT server를 Network Drive 연결한다.
만약, 공유된 Directory를 선택하여 Password 확인하는 Message가 뜬다면
Client에 Logging한 Password와 User Password가 다르므로 재확인한다.
2) 마지막으로 Client에서 SQLPLUS를 실행하여 Database에 Logging 한다.
즉, username, password 를 입력하지 않고 '/@SQLNET2_DB_ALIAS'로서
OS Authentication Account connect를 사용하여 Database에 Connect할
수 있다.
Example
Reference Document
------------------

I can't think of a reason why transactions would affect this wait stat. I tried to repro your observations under SQL 2012 and SQL2014 without success. Could there be other activity against the instance during the test, such as SQL Server Agent or SSRS
background noise? As far as TRUSTWORTHY is concerned, are the Are the databases owned by the same login? Are the database owners Windows or SQL logins? What version of SQL Server?
PREEMPTIVE_OS_AUTHENTICATION_OPS is one of those wait stats I don't pay much attention to unless I suspect a problem related to Windows authentication. It is the times rather than the counts that are significant.
For example, I've seen high PREEMPTIVE_OS_AUTHENTICATION_OPS times as
a symptom of authentication traffic inadvertently routed to a DC in another data center, resulting in long connection times.
Dan Guzman, SQL Server MVP, http://www.dbdelta.com

Ops$ account - cant login

Hello reader,
I have the next question about ops$ account.
When I login in with sqlplus
connect / @database it works
If I sqldeveloper (version 3.0.40) using it will not work
Connection
Connection name: Connectiondatabasename
Username: blank
Password : blank
Connection Type: basic
<Got parameters from tnsping>
OS Authentication: on

First you can try to change the connection type from basic to TNS and then select your desired database from the drop down list, this should get all the connection information from the same TNSNAMES.ORA file that is being used by SQLPlus.
If this does not work you can try checking the preference
Tools -> Database -> Advanced -> Use OCI/Thick Driverto force SQLDeveloper to use your local Oracle Client (should be an 11g client).
If you still have problems paste here the contents of the TNSNAMES.ORA file you are using (if you can) and the version of the database you want to connect, so we can try to give you a more detailed explanation.

How to create an database account authentication scheme in apex

Dear
I have an apex installation (embeded) on oracle 11g.
I want to create a database account authentication scheme in apex. I have seen the page with different tab like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and the effects. I have gone thru the documentation 'Application Builder User’s Guide Release 4.1' , but the functionalities of these tabs are not mentioned.
Please help.
Dennis
Edited by: Dennis John on Feb 28, 2012 10:57 PM

Thanks to dear Jit
I am new to apex.
I have gone thru that documents but I couldn't find any detailed documentation about the database account authentication scheme configuration
The database account authentication scheme creation interface will show tabs like name,subsription,source,session not valid, login processing, logout URL,session cookie attributes and comments.
I want to know what are the things to be specifed on these tabs and how it will reflect in the login. The specified documentation is not giving any detail about the above mentioned tabs of authentication scheme creation iwizard.
And also I want to know how the applciation user will be mapped to the database account?
As per my understanding a database user (for each run time user) is required for to authenticate the apex run time login other than the applciation schema user (holds the objects of applicaiton)
run time user means - end user who uses the applcaition, not the developer.
Please help.
Dennis

OracleXML with OPS$ Account

Can anyone help with the following:
A script is running code which makes a call to OracleXML's putXML method. It used to supply a hardcoded username and password and functioned correctly. However, security policy changes meant that using hardcoded username and password values was no longer acceptable.
Instead, the script must now make use of an OPS$ account to gain access to the database.
The script is run as the OPS$ verified user and the -user parameter passed to the oracleXML call is now set to "/".
The problem is that the script now fails at this OracleXML call claiming:
"java.sql.SQLException: ORA-01017: invalid username/password; logon denied."
I have been unable to find documentation on using an OPS$ account with oracleXML, so any pointers would be much appreciated.
Thanks!

Ok . i got it. and one more doubt also, Thanks sybrand_b , sb and all
$ sqlplus /
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Jun 22 19:47:32 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> show user;
USER is "OPS$RED"
SQL> disconnect
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> !
$ sqlplus /nolog
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Jun 22 19:49:01 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL> show user;
USER is ""
For ops$<user> account : if they use SQL>sqlplus /nolog when connecting to the database
oracle is ignoring to show username. any specific reason for this ?

Sconadm timeout - Sun On-line Account authentication failed.

Hello,
I run Solaris 10 5/08 s10x_u5wos_10 X86.
and the registration timeout. See below the basicreg.log
I copy the commands i used. and the output. I also run the suc.sh script and post in the end.
#ping 82.98.86.176
82.98.86.176 is alive
#sconadm register -a -r regfile
sconadm is running
Authenticating user ...
Sun On-line Account authentication failed
failed registration!
telnet cns-transport.sun.com 443
Trying 198.232.168.137...
traceroute to cns-transport.sun.com (198.232.168.137), 30 hops max, 40 byte packets
1 172.30.168.254 (172.30.168.254) 0.409 ms 0.241 ms 0.147 ms
2 125-230-64-254.dynamic.hinet.net (125.230.64.254) 2.334 ms 77.107 ms 1.457 ms
3 tc-kk-t64-2.router.hinet.net (168.95.149.78) 0.937 ms 1.112 ms 0.867 ms
4 220-128-17-98.HINET-IP.hinet.net (220.128.17.98) 1.246 ms tc-c12r12.router.hinet.net (220.128.17.158) 1.252 ms 1.138 ms
5 tp-crs11.router.hinet.net (220.128.2.10) 4.423 ms 4.281 ms 15.803 ms
6 220-128-4-29.HINET-IP.hinet.net (220.128.4.29) 5.076 ms 4.274 ms 4.034 ms
7 r02-s2.tp.hinet.net (220.128.4.38) 16.038 ms 4.358 ms 4.359 ms
8 r12-pa.us.hinet.net (211.72.108.121) 142.842 ms 150.936 ms 142.567 ms
9 r11-pa.us.hinet.net (202.39.83.193) 143.152 ms 142.800 ms 142.830 ms
10 206.111.12.165.ptr.us.xo.net (206.111.12.165) 142.651 ms 142.925 ms 142.852 ms
11 te-11-0-0.rar3.sanjose-ca.us.xo.net (207.88.12.69) 144.081 ms 144.510 ms 144.974 ms
12 207.88.14.117.ptr.us.xo.net (207.88.14.117) 218.322 ms 218.461 ms 217.083 ms
13 207.88.14.118.ptr.us.xo.net (207.88.14.118) 218.363 ms 217.950 ms 218.103 ms
14 207.88.183.54.ptr.us.xo.net (207.88.183.54) 214.827 ms 214.479 ms 216.544 ms
15 border7.te2-2-bbnet2.wdc002.pnap.net (216.52.127.87) 214.862 ms 215.908 ms 214.832 ms
16 seven-6.border7.wdc002.pnap.net (216.52.125.250) 214.658 ms 214.440 ms 214.558 ms
17 * * *
18 * * *
# cat basicreg20081024111737681.log
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicReg loadPropertiesFromHomeDir
INFO: properties file loaded from the default config.properties
24.10.2008 11:17:48 com.sun.scn.util.Utils getLocalHostNames
INFO: get hostname 82.98.86.176
24.10.2008 11:17:48 com.sun.scn.util.Utils getLocalHostNames
INFO: first returned hostname 82.98.86.176
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
INFO: SCNNetworkProxyConfigMBean.setHost() = null
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
INFO: SCNNetworkProxyConfigMBean.setPort() = null
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
INFO: SCNNetworkProxyConfigMBean.setUser() = null
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.NetworkProxyCacaoAdapter setProxy
INFO: SCNNetworkProxyConfigMBean.setPassword() = null
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
INFO: userName = [email protected]
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
INFO: password = *****
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
INFO: hostName =
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI printRegistrationProfile
INFO: portalEnabled =false
24.10.2008 11:17:48 com.sun.cns.basicreg.BasicRegCLI run
INFO: Authenticating user ...
24.10.2008 11:17:48 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter getSCNClientSession
INFO: CREATING SCNClientSession
24.10.2008 11:25:18 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter loginAccount
SCHWERWIEGEND: Error: login account exception: Connection refused to host: 82.98.86.176; nested exception is:
java.net.ConnectException: Connection timed out
24.10.2008 11:25:18 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter loginAccount
SCHWERWIEGEND:
com.sun.scn.jmx.impl.UISClientLoginModule.login(UISClientLoginModule.java:151)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
javax.security.auth.login.LoginContext.login(LoginContext.java:575)
com.sun.scn.jmx.impl.UISClientLogin.login(UISClientLogin.java:201)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)
javax.management.StandardMBean.invoke(StandardMBean.java:323)
com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:203)
com.sun.cacao.agent.DispatchInterceptor.invoke(DispatchInterceptor.java:736)
com.sun.cacao.agent.auth.impl.AccessControlInterceptor.invoke(AccessControlInterceptor.java:618)
com.sun.jdmk.JdmkMBeanServerImpl.invoke(JdmkMBeanServerImpl.java:764)
com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.invoke(InstrumDefaultForwarder.java:106)
javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1410)
javax.management.remote.rmi.RMIConnectionImpl.access$100(RMIConnectionImpl.java:81)
javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1247)
java.security.AccessController.doPrivileged(Native Method)
javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1350)
javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:784)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
sun.rmi.transport.Transport$1.run(Transport.java:153)
java.security.AccessController.doPrivileged(Native Method)
sun.rmi.transport.Transport.serviceCall(Transport.java:149)
sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
java.lang.Thread.run(Thread.java:595)
24.10.2008 11:25:18 com.sun.cns.basicreg.cacao.ClientLoginCacaoAdapter getLoginResult
INFO: SCN Fault: Connection refused to host: 82.98.86.176; nested exception is:
java.net.ConnectException: Connection timed out
24.10.2008 11:25:18 com.sun.cns.basicreg.BasicRegCLI run
SCHWERWIEGEND: Sun On-line Account authentication failed
#sh suc.sh
User: root
Logname: root
Freitag, 24. Oktober 2008 11:48 Uhr CST
xxx
smpatch settings:
patchpro.backout.directory - ""
patchpro.baseline.directory - /var/sadm/spool
patchpro.download.directory - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source - https://getupdates1.sun.com/
patchpro.patchset - current
patchpro.proxy.host - ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port - 8080
patchpro.proxy.user - ""
smpatch analyze:
Failure: Cannot connect to retrieve detectors.jar: This system is currently unregistered and is unable to retrieve patches from the Sun Update Connection. Please register your system using the Update Manager, /usr/bin/updatemanager or provide valid Sun Online Account(SOA) credentials.
Sun UC patch revision:
120336-04
121082-06
121119-13
121454-02
123004-03
123006-07
123631-03
123896-04
124187-07
Solaris release:
Solaris 10 5/08 s10x_u5wos_10 X86
Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 24 March 2008
Solaris Kernel: Generic_127128-11
Machine Type: i86pc
Platform: i86pc
Java -version:
java version "1.5.0_14"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)
Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)
Cacao Java version:
java-home=/usr/jdk/jdk1.5.0_14
Software Cluster:
CLUSTER=SUNWCall
All ccr properties:
Property not defined: 18
18:
cns.assetid:
cns.br.SunUCenabled:
true
cns.ccr.keyGenPath:
/usr/lib/cc-ccr/bin/ccrKeyGen
cns.clientid:
cns.httpproxy.auth:
cns.httpproxy.ipaddr:
cns.httpproxy.port:
cns.regtoken:
cns.security.password:
cns.security.privatekey:
cns.security.publickey:
cns.swup.UMautolaunch:
false
cns.swup.autoAnalysis.enabled:
true
cns.swup.checkinInterval:
2
cns.swup.lastCheckin:
0
cns.swup.patchbaseline:
current
cns.swup.regRequired:
true
cns.transport.serverurl:
patchsvr not installed.
Sun UC package status:
SUNWbreg not installed
SUNWdc not installed
Edited by: Denis_Theinert on Oct 24, 2008 4:13 AM

I could connect all of this hosts without problems.
# telnet sun.com 80
Trying 72.5.124.61...
Connected to sun.com.
Escape character is '^]'.
^CConnection to sun.com closed by foreign host.
# telnet cns-services.sun.com 443
Trying 198.232.168.133...
Connected to cns-services.sun.com.
Escape character is '^]'.
^CConnection to cns-services.sun.com closed by foreign host.
# telnet getupdates1.sun.com 443
Trying 198.232.168.136...
Connected to getupdates1.sun.com.
Escape character is '^]'.
^CConnection to getupdates1.sun.com closed by foreign host.
# telnet a248.e.akamai.net 443
Trying 60.254.154.75...
Connected to a248.e.akamai.net.
Escape character is '^]'.
^CConnection to a248.e.akamai.net closed by foreign host.
#

OPS$ Account on Oracle Express 10g on Linux

I have the exact same setup for an identical OPS$ account on an Oracle Standard Edition 10g database (running on Linux) and it works perfectly when logging in as
sqlplus /
However, the same setup does not work for the same OPS$ account on Oracle Express 10g. I have seen previous postings about OPS$ accounts that worked with Linux but not Windows XP (with the solution posted) but I seem to be having a problem getting Linux to work. I am running Redhat Linux Enterprise Edition 4.0.
Thanks for any help...

To have OPS$ account on XE you need to put user you using in ORA_DBA user group.
HTH

Database Account Authentication to a few users.

Good Morning, apex teachers.
I have one more doubt about apex.
This time is related to Database Account Authentication.
I was wondering if it would be possible to filter which database users
can logon to my application?
For instance I have this users on my database: John, Paul, Ringo and George.
But I only want to John and Paul be able to logon, if Ringo or George try to
do the same, they would have their access denied.
Thanks for all the help you guys have been giving to me.
Regards, Leandro Freitas.

"Database Account Credentials
Database Account Credentials utilizes database schema accounts. This authentication scheme requires that a database user (schema) exist in the local database. When using this method, the user name and password of the database account is used to authenticate the user.
Database Account Credentials is a good choice if having one database account for each named user of your application is feasible and account maintenance using database tools meets your needs"
You are trying to use schemas or do you have a table with the beatles users and passwords? Don't let Ringo out man... ;)

Using ops$ accounts with Database Access Descriptors

Hi, I have installed and configured the Photo Album demo under 9i on Windows 2000 with no problems. I wish to use the operating system via oracle ops$ accounts to provide access to the Db through the Database Access Descriptor using the Gateway Database Access Descriptor Configuration tool. While the ops$ accounts I have configured work as expected under sqlplus, i.e. I am able to login to the Db without manually supplying a username and password e.g. sqlplus / , there does not seem to be a way of configuring the DAD to accept ops$ accounts for access to the photo album demo. Please can anyone confirm this to be the case and/ or provide an alternative solution. Kind regards.

I am pretty sure if you specify a DB username and password in dads.conf, you will not need to log in. Also, there is a tool to encrypt the password so it is not in clear text in the config file.
From the dads.README For 10:
- One or more mod_plsql specific directives. For example:
PlsqlDatabaseUsername scott
PlsqlDatabasePassword tiger
PlsqlDatabaseConnectString orcl
PlsqlAuthenticationMode Basic
I am on 10 now, so I don't personally know if it the same on 9. I don't use the DADs tool either, but you should be able to set a username/password for the dad so that there is not a need to login.
It would be best to ask in the HTMLDB forum, they would know better.
Larry

Any one else have problems using 'FORM' based authentication in OC4J?

Since I couldn't find any information on this from Oracle I went with the specifications from Orion.
I am using Oracle Internet Directory Server for authentication of OC4J apps. I followed Orions specs for writing and pluging in your own usermanger to make calls to OID. Everything works fine when I use BASIC authentication but when I use FORM based authentication it fails to send the browser to the original url that was requested.
The browser just displays a blank screen?
You can tell that the client is authenticated because you can just request the URL again and it's displayed without prompting for a username/password.
For the login in screen the only specs Orion gives is that your form has to have an action of 'j_security_check' and pass 'j_username' and 'j_password'.
Does oracle have another way to do this, or has anyone else experienced this and no a way to fix it?

Tom,
Custom user authentication in Oc4J 1.0.2.2 is same in both Oc4J and Orion and we have tested that form based authentication works
fine. In 9iAS Release 2 Oracle has an integerated JAAS implementation with OC4J which you can configure either to authenticate users from a encrypted file or users stored in OID.

Trigger program with ops$account

Hello rvgv and Edstevens ;
please see trigger program output and my doubts. please clear it.
Session 1
SQL> show user;
USER is "SYS"
SQL> alter user ops$red identified by red;
User altered.
SQL> grant dba to ops$red;
Grant succeeded.
Session 2
$ whoami
red
$ export ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
$ export PATH=$PATH:$ORACLE_HOME/bin
$ export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib
$ export ORACLE_SID=orclprod
$ sqlplus /
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Jun 22 15:41:45 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> show user;
USER is "OPS$RED"
SQL> select count(*) From session_privs;
COUNT(*)
161
I have two problems here ..
select * from user_login;
USERNAME
ISDBA
EXTERNAL_NAME
AUTHENTICATION_TYPE
HOST
SESSION_ID
LOGIN_DATE
LOGIN_TIME
OPS$RED
FALSE
RED
OS
LINUXSERVER
711
22-JUN-13
14:06:52
OPS$RED
FALSE
RED
OS
LINUXSERVER
712
22-JUN-13
14:06:31
OPS$RED
FALSE
RED
OS
LINUXSERVER
713
22-JUN-13
14:06:15
OPS$RED
FALSE
RED
OS
LINUXSERVER
714
22-JUN-13
14:06:20
OPS$RED
FALSE
RED
OS
LINUXSERVER
715
22-JUN-13
14:06:06
Question 1 :
If user identified by password .. that user will be database authenticated user.
but ops$red - still being OS authenticated account. - why ?
Question 2 :
Sysdba already granted DBA privilege to ops$red.
but still showing ISDBA=FALSE

Ok . i got it. and one more doubt also, Thanks sybrand_b , sb and all
$ sqlplus /
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Jun 22 19:47:32 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> show user;
USER is "OPS$RED"
SQL> disconnect
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> !
$ sqlplus /nolog
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Jun 22 19:49:01 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL> show user;
USER is ""
For ops$<user> account : if they use SQL>sqlplus /nolog when connecting to the database
oracle is ignoring to show username. any specific reason for this ?

How to do LDAP authentication in OC4J instance?

Need to configure third party LDAP authentication for an application deployed in OC4J instance. How to configure this?

Hi,
I think that links will be useful to you!
http://download-uk.oracle.com/docs/cd/B15904_01/web.1012/b14013/configoc4j.htm
http://www.oracle.com/technology/sample_code/tech/java/codesnippet/security/jaznldap/index.html
Afonso

APEX Database Account Authentication Problem

Hi There
I'm developing an application in APEX 3.1 on top of an Oracle 10g database. The schema account ABC has full control of all objects but additional users have been added USER1 for example. When I set the authentication of the APEX application to Database Account I am able to login as ABC but not when I use USER1. The errors I receive are:
ORA-28007: the password cannot be reused ORA-06512: at "APEX_030200.WWV_FLOW_SECURITY", line 248 ORA-06512: at "SYS.WWV_FLOW_VAL", line 55 ORA-06521: PL/SQL: Error mapping function
ERR-10480 Unable to run authentication credential check function.
I haven't used any custom funtions, pages or procedures, even tried starting a new app from scratch and still am not able to login.
Thanks
Daniel

Thanks Varad, but I was able to log in to PL/SQL Developer using the USER1 credentials. I have found the problem though, the Oracle database was an older version than this APEX functionality could work with. We upgraded the database and now I can log in fine.

802.1x + Machine Account Authentication = Vulnerability?

Hello forum,
I'm trying to determine the security implications of utilizing 802.1x authentication/authorization with the "Domain Computers" option selected within ACS. The problem I am having with this scenerio is this:
1) Client machines are authenticated to the LAN or WLAN based on AD machine account name/password if "Domain Computers" is selected.
2) Windows XP machines will authenticate 802.1x using the machine account name/password by default upon initial boot and upon log-off.
3) Once a machine boots up or someone logs off, the 802.1x port status is placed into "Authorized" using machine account name/password credentials.
4) If you log onto a machine after the port goes "Authorized" (from #3) with a local user or local administrator account you gain "free access" to the network for < 60 seconds (I've done this many times now and you do infact gain "free access.")
So then the following scenerio comes into play, what if:
1) Someone steals a laptop.
2) Compromises a local user or local administrator account on said laptop.
3) Places the laptop onto either the wired or wireless network.
4) Reboots the box.
5) Logs in with local user or local administrator and launches a script (they will have free-access for < 60 seconds before a re-authentication is forced).
Anyone famliar with this, or any white papers/KB's is/are greatly appreciated!
Thanks,
Jeremy

A small clarification here about your statement:
"The PC will try machine authentication once it boots up. Once is entered, the PC initiate 802.1x authentication by sending EAPOL start. The AP or switch should change the state of the PC from authenticated to authenticating. Thus, the PC should not get network connectivity unless it passes user authentication again. If you use a local account to logon to the PC, the PC should not pass 802.1xauthentication. At least, that's how Cisco equipment works."
This is not up to Cisco equipment, the AP has no idea the PC is switching between machine and user mode unless the supplicant on the PC restarts the authentication (via EAPOL-Start as you stated), this is wholey up to the supplicant installed on the PC. So with this < 60 second window that is being seen here it is most likely due to slow load of the user space/desktop.
An option to prevent this would be to use a supplicant that can start before login (such as the Cisco Secure Services Client) that way the user is authenticated before they have access to the desktop.
--Jesse

User Account Authentication across multiple Solaris servers - Best Practice

Hi,
I am new to Solaris admin and would like to know the best practice/setup for authenticating user accounts across multiple solaris servers.
Currently we have 20 - 30 Solaris 8 & 10 servers which each have their own user accounts setup. I am planning to replace these with a similar number of Solaris 10 servers and would like to centralise the user accounts and their authentication.
I would be grateful for any suggestions on the best setup and any links to tutorials.
Thanks
Jools

i would suggest LDAP + kerberos, LDAP for name lookups and krb5 for auth. provides secure auth + extensable directory for users and other apps if needed. plus, it provides a decent spring board to add other unix plats into the mix since this will support any unix/linux/bsd plat. you could integrate this design with a windows AD env if you want as well.
[http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp] sol + ldap+ AD
[http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server] sol + ldap (openldap)
[http://aput.net/~jheiss/krbldap/howto.html] sol + ldap + krb5
now these links are all using some diff means, however they should give you some ideas as to whats out there. sol 10 comes with suns ldap server and you can use the krb5 server which comes with it as well. many many diff ways to do this. many many more links out there as welll. these are just a few.

OPS$ Account Authentication in OC4J

Similar Messages

Maybe you are looking for