Considerations For Choosing Authentication Types Between Clients, Databases, And Directories For Enterprise User Security; Enterprise User Security: Supported Authentication Types For Connections Between Clients, Databases, And Directories - Oracle Database B10772-01 Administrator's Manual

Enterprise User Security Deployment Considerations
Considerations for Choosing Authentication Types between Clients, Databases, and
Directories for Enterprise User Security
Enterprise User Security supports the authentication types listed in
connections between clients, databases, and directories.
Table 11–3 Enterprise User Security: Supported Authentication Types for
Connections between Clients, Databases, and Directories
Connection
Clients-to-Databases
Databases-to-Databases
(Current User Database Links)
Databases-to-Directories
However, some combinations of authentication types for connections make more
sense than others. For example, it is unusual to require a high level of security for
client-to-database connections by using SSL for all user connections, but then
configuring the database to authenticate to the directory by using passwords.
Although this configuration is supported, it does not provide consistent security for
connections. Ideally, the database-directory connection should be at least as secure
as that between users and databases.
Typical Configurations
The following combinations of authentication types between clients, databases, and
directories are typical:
11-28 Oracle Database Advanced Security Administrator's Guide
Password authentication for all connections with no need for current user
database links
SSL authentication for all connections
Kerberos authentication for client-to-database connections, and password
authentication for database-to-directory connections
Supported Authentication Types
Passwords, SSL, and Kerberos
SSL only
SSL and Passwords
Table 11–3 for