通过操作系统用户认证的方式来直接访问Oracle数据库,简单来说,成功登陆到操作系统后,就可以直接登陆Oracle数据库,无需输入访问Oracle数据库的用户名和密码。例如,在OS命令行提示符下上敲入命令sqlplus /就可以了;否则还需要输入用户名和密码,如sqlplus username/password。 下面这个链接有详细的叙述、使用例子和官方说明等信息,可以参考一下。 以下文章摘自BanBanDBUsage of OS_AUTHENT_PREFIXAbstractOracle database external authentication deployment and troubleshooting on Unix, Linux and Windows platforms. KeywordsOSExternal AuthenticationPrefixOPS$OS_AUTHENT_PREFIX1. Overview 1) OS_AUTHENT_PREFIX is an important initialization parameter to configure Oracle External User environment.2) External User is a kind of Oracle External Authentication solution.3) With Oracle External User, the user authentication process is accomplished by operating system automatically.4) Authorized OS user can access Oracle database directly without providing username and password other than logon with prompting these information.2. Official Reference OS_AUTHENT_PREFIX
Parameter type String
Syntax OS_AUTHENT_PREFIX = authentication_prefix
Default value OPS$
Modifiable No
OS_AUTHENT_PREFIX specifies a prefix that Oracle uses to authenticate users attempting to connect to the server. Oracle concatenates the value of this parameter to the beginning of the user's operating system account name and password. When a connection request is attempted, Oracle compares the prefixed username with Oracle usernames in the database. The default value of this parameter is OPS$ for backward compatibility with previous versions. However, you might prefer to set the prefix value to "" (a null string), thereby eliminating the addition of any prefix to operating system account names
Note:The text of the OS_AUTHENT_PREFIX parameter is case sensitive on some operating systems.
See Also:l Your operating system-specific Oracle documentation for the default value 3. Best Practice Create Oracle database user with OS authentication solution.3.1 Prerequisite Checking 1) OS EnvironmentC:\Documents and Settings\ZYY> sqlplus "/as sysdba" SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 11 17:02:49 2009 Copyright (c) 1982, 2005, Oracle. All rights reserved.连接到:Oracle Database 10g Express Edition Release 10.2.0.1.0 – Production SQL> SELECT OSUSER, USERNAME, PROGRAM FROM V$SESSION; OSUSER USERNAME PROGRAM-------------------- -------------------- --------------------SYSTEM ORACLE.EXE (q001)SYSTEM ORACLE.EXE (QMNC)SYSTEM ORACLE.EXE (q000)YYBB\ZYY YYBB\ZYY sqlplus.exeSYSTEM ORACLE.EXE (MMNL)SYSTEM ORACLE.EXE (MMON)SYSTEM ORACLE.EXE (CJQ0)SYSTEM ORACLE.EXE (RECO)SYSTEM ORACLE.EXE (SMON)SYSTEM ORACLE.EXE (CKPT)SYSTEM ORACLE.EXE (LGWR)SYSTEM ORACLE.EXE (DBW0)SYSTEM ORACLE.EXE (MMAN)SYSTEM ORACLE.EXE (PSP0)SYSTEM ORACLE.EXE (PMON)Note:n This practice is intended to be taken on Microsoft Windows platform.n “YYBB” is the Computer Name on which runs the Windows OS.n “ZYY” is the User Name which be used to logon to Windows OS. 2) Database EnvironmentSQL> SHOW PARAMETER OS_AUTHENT NAME TYPE VALUE------------------------------------ ---------------------- --------------os_authent_prefix stringremote_os_authent boolean FALSENote:n The value of OS_AUTHENT_PREFIX parameter is set to “” (a null string). 3.2 Create External User 1) Create User in Oracle DatabaseSQL> CREATE USER "YYBB\ZYY" IDENTIFIED EXTERNALLY;Note:n In the above demo case, the value of OS_AUTHENT_PREFIX parameter is set to “” (a null string), the corresponding username in Oracle database should be YYBB\ZYY.n If the value of OS_AUTHENT_PREFIX parameter is set to “OPS$”, the corresponding username in Oracle database should be OPS$YYBB\ZYY.n Do NOT forget the Double Quotation Marks(“”) embrace the username YYBB\ZYY, otherwise, you will get an ORA-00911 warning against the special character \.n Be aware of the keyword “EXTERNALLY”.n Do NOT be reckless with “IDENTIFIED” which should NOT be followed by “BY”. 2) Grant Privileges to Oracle UserSQL> GRANT RESOURCE, CONNECT TO "YYBB\ZYY";Note:n Grant appropriate and Minimum privileges to this Oracle user according to your system security acquirement.n Oracle user name might be Case Sensitive on some platforms. 3.3 Test External User 1) Logon Oracle Database with External UserC:\Documents and Settings\ZYY>sqlplus / SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 11 17:26:51 2009 Copyright (c) 1982, 2005, Oracle. All rights reserved.连接到:Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production SQL>Note:n You do NOT need to provide username and password to logon to Oracle database through sqlplus. 2) Check the Current Logon UserSQL> SHOW USERUSER 为 "YYBB\ZYY" SQL> SELECT USERNAME FROM DBA_USERS; USERNAME------------------------------------------------------------YYBB\ZYYSYSSYSTEMMDSYSOUTLNXDB Note:n Current logon user is “YYBB\ZYY”.n You can now access Oracle database via your OS user account directly. 4. Application Scenarios The OS authentication solution of Oracle database can be applied in a mixed variety of application scenarios according to different system requirements:1) Centralized User Account Security Management2) Simplified Database Account Management5. Related Terms The following parameters should be set for Oracle database to implement external authentication solution:1) SQLNET.AUTHENTICATION_SERVICES2) REMOTE_OS_AUTHENT3) OSAUTH_PREFIX_DOMAIN (For Windows Registry, default value is FALSE. If this parameter is set to TRUE, Windows Host Name should be added as a prefix to Windows User Name, which means Oracle User Name is “Windows_Host_Name\ Windows_User_Name”. Otherwise, the Oracle User Name’s naming convention is similar to Unix or Linux as usual.) 6. Reference 1) Oracle Database Advanced Security Administrator's Guide 10g Release 2 (10.2)
下面这个链接有详细的叙述、使用例子和官方说明等信息,可以参考一下。
以下文章摘自BanBanDBUsage of OS_AUTHENT_PREFIXAbstractOracle database external authentication deployment and troubleshooting on Unix, Linux and Windows platforms.
KeywordsOSExternal AuthenticationPrefixOPS$OS_AUTHENT_PREFIX1. Overview
1) OS_AUTHENT_PREFIX is an important initialization parameter to configure Oracle External User environment.2) External User is a kind of Oracle External Authentication solution.3) With Oracle External User, the user authentication process is accomplished by operating system automatically.4) Authorized OS user can access Oracle database directly without providing username and password other than logon with prompting these information.2. Official Reference
OS_AUTHENT_PREFIX
Parameter type
String
Syntax
OS_AUTHENT_PREFIX = authentication_prefix
Default value
OPS$
Modifiable
No
OS_AUTHENT_PREFIX specifies a prefix that Oracle uses to authenticate users attempting to connect to the server. Oracle concatenates the value of this parameter to the beginning of the user's operating system account name and password. When a connection request is attempted, Oracle compares the prefixed username with Oracle usernames in the database.
The default value of this parameter is OPS$ for backward compatibility with previous versions. However, you might prefer to set the prefix value to "" (a null string), thereby eliminating the addition of any prefix to operating system account names
Note:The text of the OS_AUTHENT_PREFIX parameter is case sensitive on some operating systems.
See Also:l Your operating system-specific Oracle documentation for the default value
3. Best Practice
Create Oracle database user with OS authentication solution.3.1 Prerequisite Checking
1) OS EnvironmentC:\Documents and Settings\ZYY> sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 11 17:02:49 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.连接到:Oracle Database 10g Express Edition Release 10.2.0.1.0 – Production
SQL> SELECT OSUSER, USERNAME, PROGRAM FROM V$SESSION;
OSUSER USERNAME PROGRAM-------------------- -------------------- --------------------SYSTEM ORACLE.EXE (q001)SYSTEM ORACLE.EXE (QMNC)SYSTEM ORACLE.EXE (q000)YYBB\ZYY YYBB\ZYY sqlplus.exeSYSTEM ORACLE.EXE (MMNL)SYSTEM ORACLE.EXE (MMON)SYSTEM ORACLE.EXE (CJQ0)SYSTEM ORACLE.EXE (RECO)SYSTEM ORACLE.EXE (SMON)SYSTEM ORACLE.EXE (CKPT)SYSTEM ORACLE.EXE (LGWR)SYSTEM ORACLE.EXE (DBW0)SYSTEM ORACLE.EXE (MMAN)SYSTEM ORACLE.EXE (PSP0)SYSTEM ORACLE.EXE (PMON)Note:n This practice is intended to be taken on Microsoft Windows platform.n “YYBB” is the Computer Name on which runs the Windows OS.n “ZYY” is the User Name which be used to logon to Windows OS.
2) Database EnvironmentSQL> SHOW PARAMETER OS_AUTHENT
NAME TYPE VALUE------------------------------------ ---------------------- --------------os_authent_prefix stringremote_os_authent boolean FALSENote:n The value of OS_AUTHENT_PREFIX parameter is set to “” (a null string).
3.2 Create External User
1) Create User in Oracle DatabaseSQL> CREATE USER "YYBB\ZYY" IDENTIFIED EXTERNALLY;Note:n In the above demo case, the value of OS_AUTHENT_PREFIX parameter is set to “” (a null string), the corresponding username in Oracle database should be YYBB\ZYY.n If the value of OS_AUTHENT_PREFIX parameter is set to “OPS$”, the corresponding username in Oracle database should be OPS$YYBB\ZYY.n Do NOT forget the Double Quotation Marks(“”) embrace the username YYBB\ZYY, otherwise, you will get an ORA-00911 warning against the special character \.n Be aware of the keyword “EXTERNALLY”.n Do NOT be reckless with “IDENTIFIED” which should NOT be followed by “BY”.
2) Grant Privileges to Oracle UserSQL> GRANT RESOURCE, CONNECT TO "YYBB\ZYY";Note:n Grant appropriate and Minimum privileges to this Oracle user according to your system security acquirement.n Oracle user name might be Case Sensitive on some platforms.
3.3 Test External User
1) Logon Oracle Database with External UserC:\Documents and Settings\ZYY>sqlplus /
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 11 17:26:51 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.连接到:Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
SQL>Note:n You do NOT need to provide username and password to logon to Oracle database through sqlplus.
2) Check the Current Logon UserSQL> SHOW USERUSER 为 "YYBB\ZYY"
SQL> SELECT USERNAME FROM DBA_USERS;
USERNAME------------------------------------------------------------YYBB\ZYYSYSSYSTEMMDSYSOUTLNXDB
Note:n Current logon user is “YYBB\ZYY”.n You can now access Oracle database via your OS user account directly.
4. Application Scenarios
The OS authentication solution of Oracle database can be applied in a mixed variety of application scenarios according to different system requirements:1) Centralized User Account Security Management2) Simplified Database Account Management5. Related Terms
The following parameters should be set for Oracle database to implement external authentication solution:1) SQLNET.AUTHENTICATION_SERVICES2) REMOTE_OS_AUTHENT3) OSAUTH_PREFIX_DOMAIN (For Windows Registry, default value is FALSE. If this parameter is set to TRUE, Windows Host Name should be added as a prefix to Windows User Name, which means Oracle User Name is “Windows_Host_Name\ Windows_User_Name”. Otherwise, the Oracle User Name’s naming convention is similar to Unix or Linux as usual.)
6. Reference
1) Oracle Database Advanced Security Administrator's Guide 10g Release 2 (10.2)
http://banbandb.blogspot.com/2009/06/osauthentprefix.html