Table of Contents
Advertisement
Example: Synchronous Authentication with SecurID Token Cards
With SecurID authentication, each user has a token card that displays a dynamic
number that changes every sixty seconds. To gain access to the Oracle database
server/RADIUS client, the user enters a valid pass code that includes both a
personal identification number (PIN) and the dynamic number currently displayed
on the user's SecurID card. The Oracle database server passes this authentication
information from the Oracle client to the RADIUS server, which in this case is the
authentication server for validation. Once the authentication server (RSA
ACE/Server) validates the user, it sends an "accept" packet to the Oracle database
server, which, in turn, passes it to the Oracle client. The user is now authenticated
and able to access the appropriate tables and applications.
Challenge-Response (Asynchronous) Authentication Mode
When the system uses the asynchronous mode, the user does not need to enter a
user name and password at the SQL*Plus CONNECT string. Instead, a graphical
user interface asks the user for this information later in the process.
Figure 5–3
authentication occurs.
See Also:
Chapter 1, "Introduction to Oracle Advanced Security"
"Token Cards"
on page 1-11
Documentation provided by RSA Security, Inc.
shows the sequence in which challenge-response (asynchronous)
If the RADIUS server is the authentication server, Steps 3, 4,
Note:
and 5, and Steps 9, 10, and 11 in
RADIUS Authentication Modes
Figure 5–3
are combined.
Configuring RADIUS Authentication 5-5
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the Oracle Database B10772-01 and is the answer not in the manual?