Authenticate Oracle Database users with MS Active Directory
ฝัง
- เผยแพร่เมื่อ 20 ก.ย. 2024
- Try the ORACLE DATABASE SECURITY BASICS Livelab - bit.ly/oraclel...
The Centrally Managed Users feature in Oracle Database directly authenticates and authorizes your database users with Active Directory. Manage joiners, leavers, and movers in one place and benefit from centrally managed password policies.
Thanks for explaining this in a clear and concise and easy to understand way !
Straightforward..thanks!
At 16:29 tgere is an error in the text for setting cmu_wallet property, you are missing "set" as in ALTER DATABASE PROPERTY SET CMU_WALLET=CMUWALLET';
This video kind of conflicts with the other previous one here th-cam.com/video/fu7ISpUDfK4/w-d-xo.html
That one says there's no other configuration need for kerberos authetication than the kr5.conf file, the keytab file (generated by the AD and copied to the DB server) and the sqlnet.ora (both on the database server and on the clients).
But in this video you mention additional configurations like Oracle wallet, dsi and TLS certificate. Is that other video is incomplete? Or maybe it was not meant to be a guide but just an overview of the architecture?
The other video was Kerberos specific. What we sometimes call External Authentication or Strong Authentication (I know - the terms aren't quite right anymore). Kerberos can be used alone (External auth) or with EUS or CMU (global). When used alone - users are mapped 1 to 1 to a schema. With EUS and CMU, the more popular configuration is to map AD groups (or OID/OUD subtrees) to a shared schema. This video shows how CMU works with AD. Three different authentication mechanisms work with CMU-AD: Password, Kerberos and TLS certificate authentication. You need to pick one when using CMU-AD. So the additional configuration items mentioned in this video involves getting CMU-AD to connect with AD.