Oracle Database B10772-01 User Manual
Introduction to Enterprise User Security
11-10
Oracle Database Advanced Security Administrator's Guide
Table 11–1
Enterprise User Security Authentication: Selection Criteria
Password Authentication
SSL Authentication
Kerberos Authentication
Password-based authentication.
Provides strong authentication over
SSL.
SSL.
Provides strong authentication by
using Kerberos, version 5 tickets.
using Kerberos, version 5 tickets.
Provides centralized user and
password management.
password management.
Provides centralized user and PKI
credential/wallet management.
credential/wallet management.
Provides centralized user and
Kerberos credential management.
Kerberos credential management.
Separate authentications required
for each database connection.
for each database connection.
Supports
using SSL.
Supports
using Kerberos, version 5
encrypted tickets and
authenticators, and authentication
forwarding.
encrypted tickets and
authenticators, and authentication
forwarding.
Retains users' current
authentication methods.
authentication methods.
Initial configuration maybe more
difficult because PKI credentials
must be generated for all users.
(Dependent on administrators' PKI
knowledge)
difficult because PKI credentials
must be generated for all users.
(Dependent on administrators' PKI
knowledge)
Initial configuration maybe more
difficult because Kerberos must be
installed and configured to
authenticate database users.
difficult because Kerberos must be
installed and configured to
authenticate database users.
User identity can be used in
two-tier or multitier applications.
OracleAS Single Sign-On users and
enterprise users use the same stored
password.
two-tier or multitier applications.
OracleAS Single Sign-On users and
enterprise users use the same stored
password.
Compatible with either a two-tier or
multitier environment.
multitier environment.
Compatible with either a two-tier
or multitier environment.
or multitier environment.
Supports Oracle Release 7.3 and
later clients with an Oracle
Database 10g.
later clients with an Oracle
Database 10g.
Supports Oracle8i and later clients
with an Oracle Database 10g.
with an Oracle Database 10g.
Supports Oracle Database 10g
clients and later with an Oracle
Database 10g.
clients and later with an Oracle
Database 10g.
Supports current user database
links only if the connection between
databases is over SSL.
links only if the connection between
databases is over SSL.
Supports current user database
links.
links.
Supports current user database
links only if the connection between
databases is over SSL.
links only if the connection between
databases is over SSL.
Can use third-party directories to
store users if synchronized with
Oracle Internet Directory.
store users if synchronized with
Oracle Internet Directory.
1
1
If third-party directory is Microsoft Active Directory, then when user passwords change, they must be changed in both
Active Directory and in Oracle Internet Directory.
Active Directory and in Oracle Internet Directory.
Can use third-party directories to
store users if synchronized with
Oracle Internet Directory.
store users if synchronized with
Oracle Internet Directory.
2
2
Must modify the Directory Integration Services agent to synchronize user PKCS #12 attributes.
Can use third-party directories to
store users if synchronized with
Oracle Internet Directory.
store users if synchronized with
Oracle Internet Directory.
3
3
If third-party directory is Microsoft Active Directory, then login to Windows gives you single sign-on login to databases.
However, you must modify the Directory Integration Services agent for other third-party directories to synchronize the
However, you must modify the Directory Integration Services agent for other third-party directories to synchronize the
KrbPrincipalName
attribute. This synchronization is automatic for Microsoft Active Directory.