首先在参数文件中要指定OS_AUTHENT_PREFIX的值,假定OS_AUTHENT_PREFIX=OPS$,那就用如下的语句来创建操作系统认证的用户: create user ops$myuser identified externally;我没有在win2k下用过外部认证用户,在unix下,都是开一个telnet到服务器,用相应的操作系统用户logon,然后就可以logon oracle了。但是,oracle强烈不建议采用那些有login安全问题的操作系统下的外部认证用户(我想nt也算是一个吧),你为什么一定要用呢? WARNING: Oracle strongly recommends that you do not use IDENTIFIED EXTERNALLY with operating systems that have inherently weak login security. For more information, see Oracle8i Administrator’s Guide.
首先在参数文件中要指定OS_AUTHENT_PREFIX的值,假定OS_AUTHENT_PREFIX=OPS$,那就用如下的语句来创建操作系统认证的用户: create user ops$myuser identified externally;我没有在win2k下用过外部认证用户,在unix下,都是开一个telnet到服务器,用相应的操作系统用户logon,然后就可以logon oracle了。但是,oracle强烈不建议采用那些有login安全问题的操作系统下的外部认证用户(我想nt也算是一个吧),你为什么一定要用呢? WARNING: Oracle strongly recommends that you do not use IDENTIFIED EXTERNALLY with operating systems that have inherently weak login security. For more information, see Oracle8i Administrator’s Guide.
首先在参数文件中要指定OS_AUTHENT_PREFIX的值,假定OS_AUTHENT_PREFIX=OPS$,那就用如下的语句来创建操作系统认证的用户: create user ops$myuser identified externally;我没有在win2k下用过外部认证用户,在unix下,都是开一个telnet到服务器,用相应的操作系统用户logon,然后就可以logon oracle了。但是,oracle强烈不建议采用那些有login安全问题的操作系统下的外部认证用户(我想nt也算是一个吧),你为什么一定要用呢? WARNING: Oracle strongly recommends that you do not use IDENTIFIED EXTERNALLY with operating systems that have inherently weak login security. For more information, see Oracle8i Administrator’s Guide.
我找到了一点资料,按资料中配置,使用的Local user FRANK 但也没有成功,那位高手帮我看看是什么问题,多谢 Connecting Without a Password as a Nonprivileged Database User This section describes how to authenticate nonprivileged database users (nondatabase administrators) using Windows NT so that a password is not required when accessing the database. When you use Windows NT to authenticate nonprivileged database users, your database relies solely on Windows NT to restrict access to database user names. In the steps below, the following Windows NT user names are authenticated:
User Name This User... Local user FRANK Logs into their local Windows NT client computer to access an Oracle8i database. The database can be on a different computer. To access other databases and resources on other computers, the local user must provide a user name and password each time.
Domain user FRANK on domain SALES Logs into a domain (SALES in the steps below) that includes many other Windows NT computers and resources, one of which contains an Oracle8i database. The domain user can access all the resources the domain provides with a single user name and password.
The local and domain user name FRANK and the domain SALES are used in the steps below. Substitute the appropriate local and domain user name and domain name for your environment. Follow the steps below to connect without a password as a nonprivileged database user: Step 1: Perform Authentication Tasks on the Oracle8i Database Server Step 2: Perform Authentication Tasks on the Client Computer Step 1: Perform Authentication Tasks on the Oracle8i Database Server To perform authentication tasks on an Oracle8i database server: Add the OS_AUTHENT_PREFIX parameter to your INIT.ORA file. The OS_AUTHENT_PREFIX value is prefixed to local or domain user names attempting to connect to the server with the user's operating system name and password. The prefixed user name is compared with the Oracle user names in the database when a connection request is attempted. Using the OS_AUTHENT_PREFIX parameter with Windows NT Native authentication methods is the recommended method for performing secure, trusted client connections to your server. Set OS_AUTHENT_PREFIX to an appropriate value. Values are case insensitive. For example:
Set OS_AUTHENT_PREFIX to... Result XYZ XYZ is prefixed to the beginning of the Windows NT user name (for example, XYZFRANK for local user FRANK or XYZSALES\FRANK for domain user FRANK on domain SALES). Note: XYZ is only an example of an acceptable parameter value. Use a value appropriate to your environment.
"" This is recommended, as it eliminates the need for any prefix to the Windows NT user names (for example, FRANK for local user FRANK or SALES\FRANK for domain user FRANK on domain SALES).
Not included in INIT.ORA file The value defaults to OPS$ (for example, OPS$FRANK for local user FRANK or OPS$SALES\FRANK for domain user FRANK on domain SALES).
The parameter value XYZ is used in the steps below. Substitute XYZ with the value you set for OS_AUTHENT_PREFIX. Use User Manager to create a Windows NT local or domain user name for FRANK (if the appropriate name does not currently exist). See your Windows NT documentation or your network administrator if you do not know how to do this. Ensure that you have the following line in your ORACLE_BASE\ORACLE_HOME\NETWORK\ADMIN\SQLNET.ORA file: SQLNET.AUTHENTICATION_SERVICES = (NTS) Start SQL*Plus: C:\> SQLPLUS Connect to the database with the SYSTEM database administrator (DBA) name: SQL> CONNECT Enter user-name: SYSTEM/PASSWORD Unless you have changed it, the SYSTEM password is MANAGER by default. Create an operating system-authenticated user by entering the following:
If Authenticating a... Then Enter... Local user name SQL> CREATE USER XYZFRANK IDENTIFIED EXTERNALLY;
Domain user name SQL> CREATE USER "XYZSALES\FRANK" IDENTIFIED EXTERNALLY;
Where: Is the... XYZ Value set for the OS_AUTHENT_PREFIX initialization parameter.
FRANK Windows NT local user name.
SALES\FRANK Domain name and Windows NT domain user name. The double quotes are required and the entire syntax must be in uppercase.
Grant the Windows NT local user FRANK or domain user FRANK appropriate database roles:
If Authenticating a... Then Enter... Local user name SQL> GRANT RESOURCE TO XYZFRANK;
SQL> GRANT CONNECT TO XYZFRANK;
Domain user name1 SQL> GRANT RESOURCE TO "XYZSALES\FRANK";
SQL> GRANT CONNECT TO "XYZSALES\FRANK";
1 Enter the syntax for domain users in uppercase and with double quotes around the domain user name. Connect to the database with the INTERNAL DBA name: SQL> CONNECT INTERNAL Shut down the database: SQL> SHUTDOWN Restart the database: SQL> STARTUP This causes the change to the OS_AUTHENT_PREFIX parameter value to take affect. Step 2: Perform Authentication Tasks on the Client Computer To perform authentication tasks on the client computer: Create Windows NT local or domain user name FRANK with the same user name and password that exist on the Windows NT server (if the appropriate name does not currently exist).
Ensure that you have the following line in your ORACLE_BASE\ ORACLE_HOME\NETWORK\ADMIN\SQLNET.ORA file: SQLNET.AUTHENTICATION_SERVICES = (NTS) Use Net8 Assistant or Net8 Easy Config to configure a network connection from your client computer to the Windows NT server on which your Oracle8i database is installed. See the Net8 Administrator's Guide for instructions. Start SQL*Plus: C:\> SQLPLUS Connect to your Windows NT server: SQL> CONNECT /@NET_SERVICE_NAME where NET_SERVICE_NAME is the Net8 network service name for the Oracle8i database that you created in Step 3.The Oracle8i database searches the data dictionary for an automatic login user name corresponding to the Windows NT local or domain user name, verifies it, and allows you to connect as XYZFRANK or XYZSALES\FRANK.Verify that you have connected to the Oracle8i database as local or domain user FRANK by viewing the roles assigned in Step 8 of "Step 1: Perform Authentication Tasks on the Oracle8i Database Server". SQL> SELECT * FROM USER_ROLE_PRIVS; which outputs for local user FRANK: USERNAME GRANTED_ROLE ADM DEF OS_ ------------------------------ ------------------------------ --- --- --- XYZFRANK CONNECT NO YES NO XYZFRANK RESOURCE NO YES NO 2 rows selected. or, for domain user FRANK: USERNAME GRANTED_ROLE ADM DEF OS_ ------------------------------ ------------------------------ --- --- --- XYZSALES\FRANK CONNECT NO YES NO XYZSALES\FRANK RESOURCE NO YES NO 2 rows selected. As the Oracle8i user name is the whole name XYZFRANK or XYZSALES\FRANK, all objects created by XYZFRANK or XYZSALES\FRANK (that is, tables, views, indexes, and so on) are prefixed by this name. For another user to reference the table SHARK owned by XYZFRANK, for example, the user must enter: SQL> SELECT * FROM XYZFRANK.SHARK Attention: Automatic authorization is supported for all Net8 protocols.
create user ops$myuser identified externally;我没有在win2k下用过外部认证用户,在unix下,都是开一个telnet到服务器,用相应的操作系统用户logon,然后就可以logon oracle了。但是,oracle强烈不建议采用那些有login安全问题的操作系统下的外部认证用户(我想nt也算是一个吧),你为什么一定要用呢?
WARNING: Oracle strongly recommends that you do not use
IDENTIFIED EXTERNALLY with operating systems that have
inherently weak login security. For more information, see Oracle8i
Administrator’s Guide.
create user ops$myuser identified externally;我没有在win2k下用过外部认证用户,在unix下,都是开一个telnet到服务器,用相应的操作系统用户logon,然后就可以logon oracle了。但是,oracle强烈不建议采用那些有login安全问题的操作系统下的外部认证用户(我想nt也算是一个吧),你为什么一定要用呢?
WARNING: Oracle strongly recommends that you do not use
IDENTIFIED EXTERNALLY with operating systems that have
inherently weak login security. For more information, see Oracle8i
Administrator’s Guide.
create user ops$myuser identified externally;我没有在win2k下用过外部认证用户,在unix下,都是开一个telnet到服务器,用相应的操作系统用户logon,然后就可以logon oracle了。但是,oracle强烈不建议采用那些有login安全问题的操作系统下的外部认证用户(我想nt也算是一个吧),你为什么一定要用呢?
WARNING: Oracle strongly recommends that you do not use
IDENTIFIED EXTERNALLY with operating systems that have
inherently weak login security. For more information, see Oracle8i
Administrator’s Guide.
但也没有成功,那位高手帮我看看是什么问题,多谢
Connecting Without a Password as a Nonprivileged Database User
This section describes how to authenticate nonprivileged database users (nondatabase administrators) using Windows NT so that a password is not required when accessing the database. When you use Windows NT to authenticate nonprivileged database users, your database relies solely on Windows NT to restrict access to database user names. In the steps below, the following Windows NT user names are authenticated:
User Name This User...
Local user FRANK
Logs into their local Windows NT client computer to access an Oracle8i database. The database can be on a different computer. To access other databases and resources on other computers, the local user must provide a user name and password each time.
Domain user FRANK on domain SALES
Logs into a domain (SALES in the steps below) that includes many other Windows NT computers and resources, one of which contains an Oracle8i database. The domain user can access all the resources the domain provides with a single user name and password.
The local and domain user name FRANK and the domain SALES are used in the steps below. Substitute the appropriate local and domain user name and domain name for your environment.
Follow the steps below to connect without a password as a nonprivileged database user: Step 1: Perform Authentication Tasks on the Oracle8i Database Server
Step 2: Perform Authentication Tasks on the Client Computer
Step 1: Perform Authentication Tasks on the Oracle8i Database Server
To perform authentication tasks on an Oracle8i database server: Add the OS_AUTHENT_PREFIX parameter to your INIT.ORA file.
The OS_AUTHENT_PREFIX value is prefixed to local or domain user names attempting to connect to the server with the user's operating system name and password. The prefixed user name is compared with the Oracle user names in the database when a connection request is attempted. Using the OS_AUTHENT_PREFIX parameter with Windows NT Native authentication methods is the recommended method for performing secure, trusted client connections to your server.
Set OS_AUTHENT_PREFIX to an appropriate value. Values are case insensitive. For example:
Set OS_AUTHENT_PREFIX to... Result
XYZ
XYZ is prefixed to the beginning of the Windows NT user name (for example, XYZFRANK for local user FRANK or XYZSALES\FRANK for domain user FRANK on domain SALES). Note: XYZ is only an example of an acceptable parameter value. Use a value appropriate to your environment.
""
This is recommended, as it eliminates the need for any prefix to the Windows NT user names (for example, FRANK for local user FRANK or SALES\FRANK for domain user FRANK on domain SALES).
Not included in INIT.ORA file
The value defaults to OPS$ (for example, OPS$FRANK for local user FRANK or OPS$SALES\FRANK for domain user FRANK on domain SALES).
The parameter value XYZ is used in the steps below. Substitute XYZ with the value you set for OS_AUTHENT_PREFIX.
Use User Manager to create a Windows NT local or domain user name for FRANK (if the appropriate name does not currently exist). See your Windows NT documentation or your network administrator if you do not know how to do this.
Ensure that you have the following line in your ORACLE_BASE\ORACLE_HOME\NETWORK\ADMIN\SQLNET.ORA file:
SQLNET.AUTHENTICATION_SERVICES = (NTS)
Start SQL*Plus:
C:\> SQLPLUS
Connect to the database with the SYSTEM database administrator (DBA) name:
SQL> CONNECT
Enter user-name: SYSTEM/PASSWORD
Unless you have changed it, the SYSTEM password is MANAGER by default.
Create an operating system-authenticated user by entering the following:
If Authenticating a... Then Enter...
Local user name
SQL> CREATE USER XYZFRANK IDENTIFIED EXTERNALLY;
Domain user name
SQL> CREATE USER "XYZSALES\FRANK" IDENTIFIED EXTERNALLY;
Where: Is the...
XYZ
Value set for the OS_AUTHENT_PREFIX initialization parameter.
FRANK
Windows NT local user name.
SALES\FRANK
Domain name and Windows NT domain user name. The double quotes are required and the entire syntax must be in uppercase.
Grant the Windows NT local user FRANK or domain user FRANK appropriate database roles:
If Authenticating a... Then Enter...
Local user name
SQL> GRANT RESOURCE TO XYZFRANK;
SQL> GRANT CONNECT TO XYZFRANK;
Domain user name1
SQL> GRANT RESOURCE TO "XYZSALES\FRANK";
SQL> GRANT CONNECT TO "XYZSALES\FRANK";
1 Enter the syntax for domain users in uppercase and with double quotes around the domain user name.
Connect to the database with the INTERNAL DBA name:
SQL> CONNECT INTERNAL
Shut down the database:
SQL> SHUTDOWN
Restart the database:
SQL> STARTUP
This causes the change to the OS_AUTHENT_PREFIX parameter value to take affect.
Step 2: Perform Authentication Tasks on the Client Computer
To perform authentication tasks on the client computer: Create Windows NT local or domain user name FRANK with the same user name and password that exist on the Windows NT server (if the appropriate name does not currently exist).
Ensure that you have the following line in your ORACLE_BASE\ ORACLE_HOME\NETWORK\ADMIN\SQLNET.ORA file:
SQLNET.AUTHENTICATION_SERVICES = (NTS)
Use Net8 Assistant or Net8 Easy Config to configure a network connection from your client computer to the Windows NT server on which your Oracle8i database is installed. See the Net8 Administrator's Guide for instructions.
Start SQL*Plus:
C:\> SQLPLUS
Connect to your Windows NT server:
SQL> CONNECT /@NET_SERVICE_NAME
where NET_SERVICE_NAME is the Net8 network service name for the Oracle8i database that you created in Step 3.The Oracle8i database searches the data dictionary for an automatic login user name corresponding to the Windows NT local or domain user name, verifies it, and allows you to connect as XYZFRANK or XYZSALES\FRANK.Verify that you have connected to the Oracle8i database as local or domain user FRANK by viewing the roles assigned in Step 8 of "Step 1: Perform Authentication Tasks on the Oracle8i Database Server".
SQL> SELECT * FROM USER_ROLE_PRIVS;
which outputs for local user FRANK:
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
XYZFRANK CONNECT NO YES NO
XYZFRANK RESOURCE NO YES NO
2 rows selected.
or, for domain user FRANK:
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
XYZSALES\FRANK CONNECT NO YES NO
XYZSALES\FRANK RESOURCE NO YES NO
2 rows selected.
As the Oracle8i user name is the whole name XYZFRANK or XYZSALES\FRANK, all objects created by XYZFRANK or XYZSALES\FRANK (that is, tables, views, indexes, and so on) are prefixed by this name. For another user to reference the table SHARK owned by XYZFRANK, for example, the user must enter:
SQL> SELECT * FROM XYZFRANK.SHARK
Attention:
Automatic authorization is supported for all Net8 protocols.