Sign In
Upload
Manuals
Brands
Oracle Manuals
Software
Oracle Database B10772-01
Oracle Oracle Database B10772-01 Manuals
Manuals and User Guides for Oracle Oracle Database B10772-01. We have
1
Oracle Oracle Database B10772-01 manual available for free PDF download: Administrator's Manual
Oracle Oracle Database B10772-01 Administrator's Manual (518 pages)
Database
Brand:
Oracle
| Category:
Software
| Size: 3.56 MB
Table of Contents
Table of Contents
5
List of Figures
18
List of Tables
21
Send Us Your Comments
23
Preface
25
Related Documentation
29
What's New in Oracle Advanced Security
37
Part I Getting Started with Oracle Advanced Security
43
Security Challenges in an Enterprise Environment
45
Security in Enterprise Grid Computing Environments
46
Security in an Intranet or Internet Environment
46
Common Security Threats
47
1 Introduction to Oracle Advanced Security
45
Solving Security Challenges with Oracle Advanced Security
48
Data Encryption
49
Strong Authentication
52
Enterprise User Management
57
Oracle Advanced Security Architecture
59
Secure Data Transfer Across Network Protocol Boundaries
60
System Requirements
60
Oracle Advanced Security Restrictions
61
Authentication Methods and System Requirements
61
2 Configuration and Administration Tools Overview
63
Network Encryption and Strong Authentication Configuration Tools
64
Oracle Net Manager
64
Oracle Advanced Security Kerberos Adapter Command-Line Utilities
67
Public Key Infrastructure Credentials Management Tools
68
Oracle Wallet Manager
68
Oracle Wallet Manager Navigator Pane Objects
70
Oracle Wallet Manager Toolbar Buttons
72
Oracle Wallet Manager Wallet Menu Options
72
Oracle Wallet Manager Operations Menu Options
73
Oracle Wallet Manager Help Menu Options
74
Orapki Utility
74
Enterprise User Security Configuration and Management Tools
75
Database Configuration Assistant
75
Enterprise User Security Tools Summary
75
Enterprise Security Manager and Enterprise Security Manager Console
76
Enterprise Security Manager Authentication Methods
79
Enterprise Security Manager Navigator Pane Folders
81
Enterprise Security Manager File Menu Options
83
Enterprise Security Manager Help Menu Options
83
Enterprise Security Manager Operations Menu Options
83
Enterprise Security Manager Console User Subtab Buttons
89
Oracle Net Configuration Assistant
94
User Migration Utility
95
Duties of a Security Administrator/Dba
96
Duties of an Enterprise User Security Administrator/Dba
97
Common Enterprise User Security Administrator Configuration and Administrative Tasks
98
Part II Network Data Encryption and Integrity
101
Oracle Advanced Security Encryption
103
About Encryption
104
Advanced Encryption Standard
104
DES Algorithm Support
104
Triple-DES Support
104
RSA RC4 Algorithm for High Speed Encryption
105
3 Configuring Network Data Encryption and Integrity for Oracle Servers and Clients
103
Oracle Advanced Security Data Integrity
105
Data Integrity Algorithms Supported
106
Diffie-Hellman Based Key Management
106
Authentication Key Fold-In
107
How to Configure Data Encryption and Integrity
107
About Activating Encryption and Integrity
108
About Negotiating Encryption and Integrity
108
Setting the Encryption Seed (Optional)
110
Encryption and Data Integrity Negotiations
110
Configuring Encryption and Integrity Parameters Using Oracle Net Manager
111
Valid Encryption Algorithms
113
Valid Integrity Algorithms
115
About the Java Implementation
117
Java Database Connectivity Support
117
Securing Thin JDBC
118
Implementation Overview
119
Obfuscation
119
4 Configuring Network Data Encryption and Integrity for Thin JDBC Clients
117
Configuration Parameters
120
ORACLE.NET.ENCRYPTION_CLIENT Parameter Attributes
120
Client Encryption Level: ORACLE.NET.ENCRYPTION_CLIENT
120
Client Encryption Selected List: ORACLE.NET.ENCRYPTION_TYPES_CLIENT
121
Client Integrity Level: ORACLE.NET.CRYPTO_CHECKSUM_CLIENT
121
ORACLE.NET.ENCRYPTION_TYPES_CLIENT Parameter Attributes
121
ORACLE.NET.CRYPTO_CHECKSUM_CLIENT Parameter Attributes
121
Client Integrity Selected List: ORACLE.NET.CRYPTO_CHEKSUM_TYPES_CLIENT
122
ORACLE.NET.CRYPTO_CHEKSUM_TYPES_CLIENT Parameter Attributes
122
Oracle Advanced Security Strong Authentication
123
RADIUS Overview
125
5 Configuring RADIUS Authentication
125
RADIUS Authentication Modes
127
Synchronous Authentication Mode
127
RADIUS Authentication Components
127
Challenge-Response (Asynchronous) Authentication Mode
129
Enabling RADIUS Authentication, Authorization, and Accounting
132
Task 1: Install RADIUS on the Oracle Database Server and on the Oracle Client
133
Task 2: Configure RADIUS Authentication
133
Task 3: Create a User and Grant Access
141
Task 4: Configure External RADIUS Authorization (Optional)
141
Task 5: Configure RADIUS Accounting
143
Task 6: Add the RADIUS Client Name to the RADIUS Server Database
144
Task 7: Configure the Authentication Server for Use with RADIUS
144
Task 8: Configure the RADIUS Server for Use with the Authentication Server
144
Task 9: Configure Mapping Roles
145
RSA Ace/Server Configuration Checklist
146
Using RADIUS to Log in to a Database
146
6 Configuring Kerberos Authentication
149
Enabling Kerberos Authentication
150
Task 1: Install Kerberos
150
Task 2: Configure a Service Principal for an Oracle Database Server
150
Task 3: Extract a Service Table from Kerberos
151
Task 4: Install an Oracle Database Server and an Oracle Client
152
Task 5: Install Oracle Net Services and Oracle Advanced Security
153
Task 6: Configure Oracle Net Services and Oracle Database
153
Task 7: Configure Kerberos Authentication
153
Task 8: Create a Kerberos User
158
Task 9: Create an Externally Authenticated Oracle User
158
Task 10: Get an Initial Ticket for the Kerberos/Oracle User
159
Utilities for the Kerberos Authentication Adapter
159
Obtaining the Initial Ticket with the Okinit Utility
159
Options for the Okinit Utility
159
Displaying Credentials with the Oklist Utility
160
Options for the Oklist Utility
160
Connecting to an Oracle Database Server Authenticated by Kerberos
161
Removing Credentials from the Cache File with the Okdstry Utility
161
Configuring Interoperability with a Windows 2000 Domain Controller KDC
161
Task 1: Configuring an Oracle Kerberos Client to Interoperate with a Windows 2000 Domain Controller KDC
162
Task 2: Configuring a Windows 2000 Domain Controller KDC to Interoperate with an Oracle Client
163
Task 3: Configuring an Oracle Database to Interoperate with a Windows 2000 Domain Controller KDC
165
Task 4: Getting an Initial Ticket for the Kerberos/Oracle User
165
Troubleshooting
166
7 Configuring Secure Sockets Layer Authentication
167
SSL and TLS in an Oracle Environment
168
Difference between SSL and TLS
168
About Using SSL
169
How SSL Works in an Oracle Environment: the SSL Handshake
170
Public Key Infrastructure in an Oracle Environment
171
About Public Key Cryptography
171
Public Key Infrastructure Components in an Oracle Environment
172
SSL Combined with Other Authentication Methods
176
Architecture: Oracle Advanced Security and SSL
176
How SSL Works with Other Authentication Methods
176
SSL and Firewalls
178
SSL Usage Issues
180
Enabling SSL
181
Task 1: Install Oracle Advanced Security and Related Products
181
Task 2: Configure SSL on the Server
181
Oracle Advanced Security Cipher Suites
184
Task 3: Configure SSL on the Client
189
Task 4: Log on to the Database
197
Troubleshooting SSL
197
Keyusage Values
200
Certificate Validation with Certificate Revocation Lists
201
What Crls Should You Use
201
How CRL Checking Works
202
Configuring Certificate Validation with Certificate Revocation Lists
203
Certificate Revocation List Management
206
Troubleshooting Certificate Validation
211
Configuring Your System to Use Hardware Security Modules
214
General Guidelines for Using Hardware Security Modules with Oracle Advanced Security
214
Configuring Your System to Use Ncipher Hardware Security Modules
215
Troubleshooting Using Hardware Security Modules
216
8 Using Oracle Wallet Manager
219
Oracle Wallet Manager Overview
220
Wallet Password Management
220
Strong Wallet Encryption
221
Microsoft Windows Registry Wallet Storage
221
Backward Compatibility
221
Public-Key Cryptography Standards (PKCS) Support
221
Multiple Certificate Support
222
LDAP Directory Support
225
Starting Oracle Wallet Manager
225
How to Create a Complete Wallet: Process Overview
226
Managing Wallets
227
Required Guidelines for Creating Wallet Passwords
227
Creating a New Wallet
228
Opening an Existing Wallet
231
Closing a Wallet
231
Importing Third-Party Wallets
231
Exporting Oracle Wallets to Third-Party Environments
232
Exporting Oracle Wallets to Tools that Do Not Support PKCS #12
232
Uploading a Wallet to an LDAP Directory
233
PKI Wallet Encoding Standards
233
Downloading a Wallet from an LDAP Directory
234
Saving Changes
235
Saving in System Default
235
Saving the Open Wallet to a New Location
235
Changing the Password
236
Deleting the Wallet
236
Using Auto Login
237
Managing Certificates
238
Managing User Certificates
238
Available Key Sizes
240
Managing Trusted Certificates
243
Connecting with User Name and Password
247
9 Configuring Multiple Authentication Methods and Disabling Oracle Advanced Security
247
Disabling Oracle Advanced Security Authentication
248
Configuring Multiple Authentication Methods
250
Configuring Oracle Database for External Authentication
251
Setting the SQLNET.AUTHENTICATION_SERVICES Parameter in Sqlnet.ora
251
Verifying that REMOTE_OS_AUTHENT Is Not Set to TRUE
251
Setting OS_AUTHENT_PREFIX to a Null Value
252
10 Configuring Oracle DCE Integration
255
Introduction to Oracle DCE Integration
256
System Requirements
256
Backward Compatibility
256
Components of Oracle DCE Integration
256
Flexible DCE Deployment
258
Release Limitations
258
Configuring DCE for Oracle DCE Integration
259
Task 1: Create New Principals and Accounts
259
Task 2: Install the Key of the Server into a Keytab File
260
Task 3: Configure DCE CDS for Use by Oracle DCE Integration
260
Configuring Oracle Database and Oracle Net Services for Oracle DCE Integration
262
DCE Address Parameters
262
Task 1: Configure the Server
263
Task 2: Create and Name Externally Authenticated Accounts
264
Task 3: Set up DCE Integration External Roles
266
Setting up External Role Syntax Components
267
Task 4: Configure DCE for SYSDBA and SYSOPER Connections to Oracle Databases
269
Task 5: Configure the Client
270
Task 6: Configure Clients to Use DCE CDS Naming
273
Connecting to an Oracle Database Server in the DCE Environment
277
Starting the Listener
277
Connecting to an Oracle Database by Using DCE Authentication for Single Sign-On
278
Connecting Clients Outside DCE to Oracle Servers in DCE
279
Sample Parameter Files
279
Using Tnsnames.ora for Name Lookup When CDS Is Inaccessible
282
Connecting to an Oracle Database by Using Password Authentication
279
Part IV Enterprise User Security
283
11 Getting Started with Enterprise User Security
285
Introduction to Enterprise User Security
286
The Challenges of User Management
286
Enterprise User Security: the Big Picture
287
Enterprise User Security Authentication: Selection Criteria
294
About Enterprise User Security Directory Entries
295
Administrative Groups in a Realm Oracle Context
302
About Using Shared Schemas for Enterprise User Security
303
Overview of Shared Schemas Used in Enterprise User Security
303
How Shared Schemas Are Configured for Enterprise Users
304
How Enterprise Users Are Mapped to Schemas
304
About Using Current User Database Links for Enterprise User Security
307
Enterprise User Security Deployment Considerations
309
Security Aspects of Centralizing Security Credentials
309
Security of Password-Authenticated Enterprise User Database Login Information
310
Considerations for Defining Database Membership in Enterprise Domains
311
Considerations for Choosing Authentication Types between Clients, Databases, and Directories for Enterprise User Security
312
Enterprise User Security: Supported Authentication Types for Connections between Clients, Databases, and Directories
312
Enterprise User Security Configuration Overview
313
12 Enterprise User Security Configuration Tasks and Troubleshooting
313
Enterprise User Security Configuration Roadmap
316
Preparing the Directory for Enterprise User Security
317
Configuring Enterprise User Security Objects in the Database and the Directory
323
Configuring Enterprise User Security for Password Authentication
328
Configuring Enterprise User Security for Kerberos Authentication
330
Configuring Enterprise User Security for SSL Authentication
333
Viewing the Database DN in the Wallet and in the Directory
336
Enabling Current User Database Links
337
Troubleshooting Enterprise User Security
338
ORA-# Errors for Password-Authenticated Enterprise Users
338
ORA-# Errors for Kerberos-Authenticated Enterprise Users
341
ORA-# Errors for SSL-Authenticated Enterprise Users
344
NO-GLOBAL-ROLES Checklist
345
USER-SCHEMA ERROR Checklist
346
DOMAIN-READ-ERROR Checklist
347
13 Administering Enterprise User Security
351
Enterprise User Security Administration Tools Overview
352
Administering Identity Management Realms
353
Identity Management Realm Versions
354
Setting Properties of an Identity Management Realm
355
Setting Login Name, Kerberos Principal Name, User Search Base, and Group Search Base Identity Management Realm Attributes
355
Identity Management Realm Properties
355
Setting the Default Database-To-Directory Authentication Type for an Identity Management Realm
356
Managing Identity Management Realm Administrators
357
Enterprise User Security Identity Management Realm Administrators
357
Administering Enterprise Users
358
Creating New Enterprise Users
359
Setting Enterprise User Passwords
360
Defining an Initial Enterprise Role Assignment
361
Browsing Users in the Directory
362
Directory Search Criteria
364
Administering Enterprise Domains
365
Creating a New Enterprise Domain
366
Defining Database Membership of an Enterprise Domain
367
Enterprise Security Manager Database Security Options
369
Managing Enterprise Domain Administrators
370
Managing Enterprise Domain Database Schema Mappings
370
Managing Password Accessible Domains
373
Managing Database Administrators
375
Managing Database Security Options for an Enterprise Domain
369
Administering Enterprise Roles
377
Creating a New Enterprise Role
377
Assigning Database Global Role Membership to an Enterprise Role
378
Granting Enterprise Roles to Users
381
Appendixes
383
A Data Encryption and Integrity Parameters
385
Sample Sqlnet.ora File
385
Data Encryption and Integrity Parameters
387
Algorithm Type Selection
387
Encryption and Integrity Parameters
388
SQLNET.ENCRYPTION_SERVER Parameter Attributes
388
SQLNET.CRYPTO_CHECKSUM_CLIENT Parameter Attributes
389
SQLNET.CRYPTO_CHECKSUM_SERVER Parameter Attributes
389
SQLNET.ENCRYPTION_CLIENT Parameter Attributes
389
SQLNET.ENCRYPTION_TYPES_SERVER Parameter Attributes
390
SQLNET.ENCRYPTION_TYPES_CLIENT Parameter Attributes
391
Seeding the Random Key Generator (Optional
392
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT Parameter Attributes
392
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER Parameter Attributes
392
Authentication Parameters
395
Parameters for Clients and Servers Using Kerberos Authentication
395
Kerberos Authentication Parameters
395
Parameters for Clients and Servers Using RADIUS Authentication
396
Sqlnet.ora File Parameters
396
SQLNET.AUTHENTICATION_SERVICES Parameter Attributes
396
SQLNET.RADIUS_AUTHENTICATION Parameter Attributes
396
SQLNET.RADIUS_AUTHENTICATION_PORT Parameter Attributes
397
SQLNET.RADIUS_AUTHENTICATION_RETRIES Parameter Attributes
397
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT Parameter Attributes
397
SQLNET.RADIUS_ALTERNATE Parameter Attributes
398
SQLNET.RADIUS_ALTERNATE_PORT Parameter Attributes
398
SQLNET.RADIUS_SECRET Parameter Attributes
398
SQLNET.RADIUS_SEND_ACCOUNTING Parameter Attributes
398
SQLNET.RADIUS_ALTERNATE_RETRIES Parameter Attributes
399
SQLNET.RADIUS_ALTERNATE_TIMEOUT Parameter Attributes
399
SQLNET.RADIUS_CHALLENGE_RESPONSE Parameter Attributes
399
Minimum RADIUS Parameters
400
SQLNET.RADIUS_AUTHENTICATION_INTERFACE Parameter Attributes
400
SQLNET.RADIUS_CHALLENGE_KEYWORD Parameter Attributes
400
SQLNET.RADIUS_CLASSPATH Parameter Attributes
400
Initialization File Parameters
401
Parameters for Clients and Servers Using SSL
401
SSL Authentication Parameters
401
Cipher Suite Parameters
402
SSL Client Authentication Parameters
404
SSL Version Parameters
404
Wallet Location
406
Wallet Location Parameters
406
Integrating Authentication Devices Using RADIUS
407
About the RADIUS Challenge-Response User Interface
407
Customizing the RADIUS Challenge-Response User Interface
408
Configuration Parameters
409
Server Encryption Level Setting
410
Client Encryption Level Setting
410
Server Encryption Selection List
410
Client Encryption Selection List
411
Cryptographic Seed Value
411
FIPS Parameter
411
Oracle Advanced Security FIPS 140-1 Settings
409
Status Information
412
Post Installation Checks
412
Physical Security
413
Orapki Utility
415
Orapki Utility Overview
416
Orapki Utility Syntax
416
Creating Signed Certificates for Testing Purposes
417
Managing Oracle Wallets with Orapki Utility
418
Creating and Viewing Oracle Wallets with Orapki
418
Adding Certificates and Certificate Requests to Oracle Wallets with Orapki
419
Exporting Certificates and Certificate Requests from Oracle Wallets with Orapki
420
Managing Certificate Revocation Lists (Crls) with Orapki Utility
420
Orapki Utility Commands Summary
421
Orapki Cert Create
421
Orapki Cert Display
422
Orapki Crl Delete
422
Orapki Crl Display
423
Orapki Crl Hash
424
Orapki Crl List
424
Orapki Crl Upload
425
Orapki Wallet Add
426
Orapki Wallet Create
427
Orapki Wallet Display
427
Orapki Wallet Export
427
Entrust-Enabled SSL Authentication
429
Benefits of Entrust-Enabled Oracle Advanced Security
430
Enhanced X.509-Based Authentication and Single Sign-On
430
Integration with Entrust Authority Key Management
430
Integration with Entrust Authority Certificate Revocation
430
Required System Components for Entrust-Enabled Oracle Advanced Security
431
Entrust Authority for Oracle
431
Entrust Authority Server Login Feature
432
Entrust Authority Ipsec Negotiator Toolkit
433
Entrust Authentication Process
433
Enabling Entrust Authentication
434
Creating Entrust Profiles
434
Installing Oracle Advanced Security and Related Products for Entrust-Enabled SSL
436
Configuring SSL on the Client and Server for Entrust-Enabled SSL
436
Configuring Entrust on the Client
436
Configuring Entrust on the Server
437
Creating Entrust-Enabled Database Users
440
Logging into the Database Using Entrust-Enabled SSL
440
Issues and Restrictions that Apply to Entrust-Enabled SSL
440
Troubleshooting Entrust in Oracle Advanced Security
441
Error Messages Returned When Running Entrust on any Platform
441
Error Messages Returned When Running Entrust on Windows Platforms
443
General Checklist for Running Entrust on any Platform
445
Using the User Migration Utility
447
Benefits of Migrating Local or External Users to Enterprise Users
447
Introduction to the User Migration Utility
448
Bulk User Migration Process Overview
449
About the ORCL_GLOBAL_USR_MIGRATION_DATA Table
450
ORCL_GLOBAL_USR_MIGRATION_DATA Table Schema
451
Two
451
Migration Effects on Users' Old Database Schemas
452
Effects of Choosing Shared Schema Mapping with CASCADE Options
453
Migration Process
453
Prerequisites for Performing Migration
454
Required Database Privileges
454
Required Directory Privileges
455
Required Setup to Run the User Migration Utility
455
User Migration Utility Command Line Syntax
456
Accessing Help for the User Migration Utility
457
User Migration Utility Parameters
458
User Migration Utility Usage Examples
466
Migrating Users While Retaining Their Own Schemas
466
Migrating Users and Mapping to a Shared Schema
467
Migrating Users Using the PARFILE, USERSFILE, and LOGFILE Parameters
471
Troubleshooting Using the User Migration Utility
472
Common User Migration Utility Error Messages
472
Common User Migration Utility Log Messages
478
Summary of User Migration Utility Error and Log Messages
480
Alphabetical Listing of User Migration Utility Error Messages
480
Alphabetical Listing of User Migration Utility Log Messages
481
Glossary
483
Index
509
Advertisement
Advertisement
Related Products
Oracle B31679-01
Oracle B31540-02
Oracle Application Server B32100-01
Oracle HTTP Server B12255-01
Oracle B31003-01
Oracle Sun Blade 6000
Oracle 5.0
Oracle Application 9i
Oracle Application Server 10.1.3.4
Oracle Application Server 10g
Oracle Categories
Server
Storage
Network Hardware
Software
Controller
More Oracle Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL