Index

A B C D E F G H I J K L M N O P R S T U V W X

A

accounting, RADIUS, 4-19

activating checksumming and encryption, 2-6

adapters, 1-14

addCertChain(byte[]) - oracle.security.ssl.OracleSSLCredential.addCertChain(byte[]), F-25

addCertChain(String) - oracle.security.ssl.OracleSSLCredential.addCertChain(java.lang.String), F-25

addTrustedCert(byte[]) - oracle.security.ssl.OracleSSLCredential.addTrustedCert(byte[]), F-25

addTrustedCert(String) - oracle.security.ssl.OracleSSLCredential.addTrustedCert(java.lang.String), F-25

administrative context, 17-10

architecture of SSL

in an Oracle environment, 9-3

with other authentication methods, 9-8

assigning new pincode to SecurID card, 7-12

asynchronous (challenge-response) authentication mode in RADIUS, 4-5

attributes

orclDBDistinguishedName, E-2

orclDBGlobalName, E-2

orclDBNativeUser, E-2

orclDBRoleOccupant, E-2

orclDBServerMember, E-2

orclDBServerRole, E-2

orclDBTrustedDomain, E-2

authenticated RPC

protocol adapter includes, 12-4

authentication, 1-8, 1-14

biometric, 8-1

configuring multiple methods, 11-5

methods, 1-10

modes in RADIUS, 4-4

authorization, 1-13

B

benefits of Oracle Advanced Security, 1-5

Biometric Authentication Service

authenticating users, 8-15

enabling, 8-8

overview, 8-2

troubleshooting, 8-16

Biometric Manager

installation, 8-5

boundaries, 1-16

C

CDS

naming adapter components, 12-5

naming adapter includes, 12-5

using to perform name lookup, 14-15

cds_attributes file

modifying for name resolution in CDS, 14-15

Cell Directory Service

using to perform name lookup, 14-15

Cell Directory Service (CDS), naming adapter includes, 12-5

CERN proxy server, 9-9

certificate

authority, 10-2

creation, 10-2

definition, 9-4

certificate authority

definition, 9-4

challenge-response (asynchronous) authentication in RADIUS, 4-5

checksumming and encryption, activating, 2-6

cipher block chaining mode, 1-6

cipher suites

SSL, B-14

client authentication in SSL, requiring, 9-25

combining SSL with other authentication methods, 9-7

configuration files

CyberSAFE, B-2

Kerberos, B-6

needed for servers in DCE, 14-4

SecurID, B-7

configuring

a server in DCE, 14-4

Biometric Manager, 8-12

clients for DCE integration, 14-12

clients to use CDS, 14-14

clients to use DCE CDS naming, 14-14

CyberSafe authentication service parameters, 5-6

DCE CDS for use by Oracle DCE Integration, 13-3

DCE to use DCE Integration, 13-2

enterprise user security, 17-28

Identix authentication, 8-8

Kerberos authentication service parameters, 6-5

Oracle as a SecurID client, 7-4

Oracle for Net8/DCE, 14-1

Oracle server with CyberSafe, 5-3

Oracle server with Kerberos, 6-3

RADIUS authentication, 4-8

SecurID authentication service, 7-7

server for DCE Integration, 14-4

shared schemas, 17-18

SSL, 9-10

on the client, 9-11, 10-10

on the server, 9-18

Thin JDBC support, 3-1

connecting

across cells, 14-6

to an Oracle database

to verify roles, 14-9

to an Oracle database in DCE, 15-1

to an Oracle server in DCE, 15-3

with username/password, 15-3

without username and password, 15-3

connecting with username/password

with authentication configured, 11-2

createServerSocket(int) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.createServerSocket(int), F-34

createServerSocket(int, int) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.createServerSocket(int, int), F-34

createServerSocket(int, int, InetAddress) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.createServerSocket(int, int, java.net.InetAddress), F-35

createSocket(InetAddress, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.net.InetAddress, int), F-47

createSocket(InetAddress, int, InetAddress, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.net.InetAddress, int, java.net.InetAddress, int), F-47

createSocket(Socket) - oracle.security.ssl.OracleSSLSocketFactory.createSocket(java.net.Socket), F-45

createSocket(Socket) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.net.Socket), F-48

createSocket(String, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.lang.String, int), F-50

createSocket(String, int, InetAddress, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.lang.String, int, java.net.InetAddress, int), F-50

creating

an Oracle server account, 8-13

Oracle directories in CDS, 13-3

principals and accounts, 13-2

CyberSafe, 1-11

authentication parameters, B-2

enabling authentication, 5-2

sample for sqlnet.ora file, A-3

system requirements, 1-17

CyberSafe Challenger

system requirements, 1-17

D

data

integrity, 1-7

privacy, 1-5

data integrity, 1-7

DCE

address parameters in listener.ora and tnsnames.ora files, 14-2

address parameters in protocol.ora file, 14-12

backward compatibility, 12-2

CDS naming adapter components, 12-5

communication and security, 12-4

components, 12-4

configuration files required, 14-4

configuring a server, 14-4

configuring clients for DCE integration, 14-12

configuring clients to use DCE CDS naming, 14-14

configuring to use DCE Integration, 13-2

connecting clients without access to DCE and CDS, 16-2

connecting to an Oracle server, 15-3

externally-authenticated accounts, 14-5

limitations, 12-8

overview, 12-3

sample address in tnsnames.ora file, 14-16

sample listener.ora file, 16-2

sample parameter files, 16-2

sample tnsnames.ora file, 16-2

setting up external roles,, 14-7

starting the listener, 15-2

syntax for mapping groups to Oracle roles, 14-7

verifying DCE groups are mapped to OS roles, 14-9

DCE Secure Core services, 12-7

dce_service_name, verifying, 15-2

DCE.AUTHENTICATION parameter, 14-12

DCE.LOCAL_CELL_USERNAMES parameter, 14-12

DCE.PROTECTION parameter, 14-12

DCE.TNS_ADDRESS_OID parameter, 14-12

DCE.TNS_ADDRESS.OID parameter

modifying in protocol.ora file, 14-16

defining users

in multi-cell environment, 14-6

DES, 1-6

DES encryption algorithm, 2-2

DES40 encryption algorithm, 2-3

Diffie-Hellman key negotiation algorithm, 2-5

digital signatures, 10-2

directories

conceptual overview, 17-4

Directory Information Tree (DIT), 17-4

distinguished names, 17-4

Distributed Computing Environment

overview, 12-3

E

encryption, 1-16

encryption and checksumming

activating, 2-6

client profile encryption, A-12

negotiating, 2-8

parameter settings, 2-10

server encryption level setting, A-6

server encryption selected list, A-8

enterprise domain, 17-9, 17-50

setting up, 17-50

enterprise roles, 17-8

enterprise user login

troubleshooting, 17-55

enterprise user security, 17-1

administrative context, 17-10

architecture, 17-14

components, 17-7, 17-25

enterprise domains, 17-9

enterprise roles, 17-8

enterprise users, 17-8

global roles, 17-8

groups

OracleDBCreators, 17-11

OracleDBSecurity, 17-12

OracleNetAdmins, 17-11

installing and configuring, 17-28

Oracle Conext, 17-9

Oracle Enterprise Security Manager, 17-4

OracleDBSecurity container, 17-9

overview, 17-3

schemaless users, 17-17

enterprise users, 17-8, 17-50, 17-53

entries

distinguished names of, 17-4

naming, 17-4

Entrust, 1-10, 10-1, 10-2

authentication, 10-8, 10-9

authority, 10-6

certificate revocation, 10-3

components, 10-5

configuring

server, 10-11

creating database users, 10-13

Entelligence, 10-6

IPSEC Negotiator lToolkit, 10-7

issues and restrictions, 10-14

key management, 10-3

profiles, 10-9

administrator-created, 10-9

user-created, 10-9

RA, 10-6

toolkit server login, 10-6

entrust

configuring

client, 10-10

Entrust Technologies, Inc., 10-2

Entrust/PKI for Oracle, 10-5

external roles, Net8t/DCE, configuring, 14-7

externally-authenticated accounts

creating and naming, 14-5

F

failure of fingerprint authentication, 8-16

false finger threshold, 8-3

features, new

enterprise user security, 17-1

FIPS 140-, D-1

Java SSL, F-1

Oracle Enterprise Login Assistant, 19-1

Oracle Enterprise Security Manager, 20-1

Oracle Wallet Manager, 18-1

RADIUS authentication, 4-1

SSL authentication, 9-1, 10-1

Federal Information Processing Standard, 1-6

fingerprint

accuracy, 8-2, 8-4

authentication failure, 8-16

FIPS, 1-6

FIPS 140-1

configuration, xxv

sqlnet.ora parameters, D-2

firewalls

and SSL, 9-9

G

getCipherSuite() - oracle.security.ssl.OracleSSLSession.getCipherSuite(), F-39

getCipherSuite() - oracle.security.ssl.SSLSocketSession.getCipherSuite(), F-54

getCreationTime() - oracle.security.ssl.OracleSSLSession.getCreationTime(), F-39

getCreationTime() - oracle.security.ssl.SSLSocketSession.getCreationTime(), F-54

getDefaultCipherSuites() - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.getDefaultCipherSuites(), F-36

getDefaultCipherSuites() - oracle.security.ssl.OracleSSLSocketFactoryImpl.getDefaultCipherSuites(), F-51

getId() - oracle.security.ssl.OracleSSLSession.getId(), F-40

getId() - oracle.security.ssl.SSLSocketSession.getId(), F-54

getLastAccessedTime() - oracle.security.ssl.OracleSSLSession.getLastAccessedTime(), F-40

getLastAccessedTime() - oracle.security.ssl.SSLSocketSession.getLastAccessedTime(), F-54

getNegotiatedProtocolVersion() - oracle.security.ssl.OracleSSLSession.getNegotiatedProtocolVersion(), F-40

getPeerCertificateChain() - oracle.security.ssl.OracleSSLSession.getPeerCertificateChain(), F-40

getPeerCertificateChain() - oracle.security.ssl.SSLSocketSession.getPeerCertificateChain(), F-54

getPeerHost() - oracle.security.ssl.OracleSSLSession.getPeerHost(), F-41

getPeerHost() - oracle.security.ssl.SSLSocketSession.getPeerHost(), F-54

getPeerRawCertificateChain() - oracle.security.ssl.OracleSSLSession.getPeerRawCertificateChain(), F-41

getSessionContext() - oracle.security.ssl.OracleSSLSession.getSessionContext(), F-41

getSessionContext() - oracle.security.ssl.SSLSocketSession.getSessionContext(), F-54

getSupportedCipherSuites() - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.getSupportedCipherSuites(), F-36

getSupportedCipherSuites() - oracle.security.ssl.OracleSSLSocketFactoryImpl.getSupportedCipherSuites(), F-51

getValue(String) - oracle.security.ssl.OracleSSLSession.getValue(java.lang.String), F-41

getValue(String) - oracle.security.ssl.SSLSocketSession.getValue(java.lang.String), F-54

getValueNames() - oracle.security.ssl.OracleSSLSession.getValueNames(), F-42

getValueNames() - oracle.security.ssl.SSLSocketSession.getValueNames(), F-54

Global Directory Service (GDS), 12-5

global roles, 17-8

H

handshake

SSL, 9-6

hash

used by the Biometric Authentication Adapter, 8-3

used in the Biometric Authentication Service, 8-2

high security threshold, 8-3

HTTPS, 9-6

I

Identix

authentication parameters, B-3

configuring authentication, 8-8

sample for sqlnet.ora file, A-3

Identix Biometric, system requirements, 1-17

Identix TouchNet II Desktop Sensor, 8-15

IIOP (Internet Inter-ORB Protocol)

secured by SSL, 9-6

initialization parameter file

parameters for clients and servers using CyberSafe, B-2

parameters for clients and servers using Kerberos, B-6

parameters for clients and servers using RADIUS, B-8

parameters for clients and servers using SecurID, B-7

parameters for clients and servers using SSL, B-13

installing

key of server, 13-2

internet, 9-6

Internet Domain Service (DNS), 12-5

invalidate() - oracle.security.ssl.OracleSSLSession.invalidate(), F-42

invalidate() - oracle.security.ssl.SSLSocketSession.invalidate(), F-54

J

Java Byte Code Obfuscation, 3-4

JDBC

configuration parameters, 3-5

implementation of Oracle Advanced Security, 3-2

Oracle extensions, 3-2

Oracle O3LOGON, 3-3

thin driver features, 3-3

K

Kerberos, 1-11

authentication adapter utilities, 6-12

enabling authentication, 6-2

sample for sqlnet.ora file, A-3

system requirements, 1-17

kinstance (CyberSafe), 5-3

kinstance (Kerberos), 6-3

kservice (Kerberos), 6-3

L

LAN environments

vulnerabilities of, 1-2

LDAP, 1-13

LDAP schema, E-1

limitations of SSL, 9-9

Listener, 17-38

listener

starting in the DCE environment, 15-2

starting in the DEC environment, 15-2

listener endpoint, setting on server when configuring SSL, 9-27

listener.ora file, 17-41

parameters for DCE, 14-4

loading Oracle service names into CDS, 14-17

logging into Oracle

using DCE authentication, 15-3

using SecurID authentication, 7-10

when SecurID is in next code mode, 7-13

with PINPAD card, 7-14

with standard card, 7-13

M

managing roles with RADIUS server, 4-22

mapping DCE groups

to Oracle roles, 14-7

MD5 algorithm

used by the Biometric Authentication Service, 8-2

MD5 message digest algorithm, 2-4

Multi-Protocol Interchange, not supported with DCE, 12-8

multi-threaded server

not supported with DCE, 12-8

N

NAMES.DIRECTORY_PATH parameter, 14-18

naming directory entries, 17-4

Net8, 17-38

Netscape Communications Corporation, 9-2

network protocol boundaries, 1-16

new features, 17-1

FIPS 140-1, D-1

Java SSL, F-1

Oracle Enterprise Login Assistant, 19-1

Oracle Enterprise Security Manager, 20-1

Oracle Wallet Manager, 18-1

RADIUS authentication, 4-1

SSL authentication, 9-1, 10-1

O

obfuscation, 3-4

object classes

orclDBEnterpriseDomain, E-2

orclDBEnterpriseRole, E-2

orclDBEntryLevelMapping, E-2

orclDBServer, E-2

orclDBSubtreeLevelMapping, E-2

okdstry

Kerberos adapter utility, 6-12

okinit

Kerberos adapter utility, 6-12

oklist

Kerberos adapter utility, 6-12

ORA-1004 error, 17-56

ORA-1017 error, 17-56

ORA-12560 error, 17-57

ORA-12650 error message, A-9

Oracle Advanced Security

checksum sample for sqlnet.ora file, A-2

configuration parameters, 3-5

disabling authentication, 11-3

encryption sample for sqlnet.ora file, A-2

Java implementation, 3-2, 3-4

SSL features, 9-2

Oracle Connection Manager, 1-16

Oracle Context, 17-9

Oracle Enterprise Login Assistant

described, 17-25

Oracle Enterprise Security

procedure, 17-27

Oracle Enterprise Security Manager, 17-18

introduction, 20-2

schemaless users, 17-17

Oracle Enterprise User Security

certificate service, 17-28

configuring, 17-28

database clients, 17-48

database configuration, 17-31

directory service, 17-28

enterprise domain, 17-50

enterprise users, 17-50

installing, 17-28

private key decryption fails, 17-57

roles, 17-47

schemas, 17-47

SSL, 17-37

troubleshooting, 17-56, 17-57

default username not supported, 17-56

invalid username/password, 17-56

no global roles, 17-55

ORA-28030, 17-58

tracing, 17-58

Oracle Java SSL

cipher suite, F-3

class hierarchy, F-21

example, F-5

features, F-2

interface hierachy, F-22

Oracle parameters

authentication, 11-7

Oracle Password Protocol, 3-4

Oracle schema, E-1

Oracle service names, registering in CDS, 12-5

Oracle Wallet Manager

described, 17-25

key management, F-4

Oracle Wallet manager, 10-2

configuration, 17-42

OracleDBCreators group, 17-11

OracleDBSecurity group, 17-12

OracleDBSecurityAdmins group, E-3, E-4

OracleNetAdmins group, 17-11, E-4

OracleSSLCredential - oracle.security.ssl.OracleSSLCredential, F-24

OracleSSLCredential() - oracle.security.ssl.OracleSSLCredential.OracleSSLCredential(), F-25

OracleSSLProtocolVersion - oracle.security.ssl.OracleSSLProtocolVersion, F-26

OracleSSLServerSocket - oracle.security.ssl.OracleSSLServerSocket, F-28

OracleSSLServerSocket(int) - oracle.security.ssl.OracleSSLServerSocket.OracleSSLServerSocket(int), F-29

OracleSSLServerSocket(int, int) - oracle.security.ssl.OracleSSLServerSocket.OracleSSLServerSocket(int, int), F-29

OracleSSLServerSocket(int, int, InetAddress) - oracle.security.ssl.OracleSSLServerSocket.OracleSSLServerSocket(int, int, java.net.InetAddress), F-30

OracleSSLServerSocketFactory - oracle.security.ssl.OracleSSLServerSocketFactory, F-31

OracleSSLServerSocketFactory() - oracle.security.ssl.OracleSSLServerSocketFactory.OracleSSLServerSocketFactory(), F-31

OracleSSLServerSocketFactoryImpl - oracle.security.ssl.OracleSSLServerSocketFactoryImpl, F-33

OracleSSLServerSocketFactoryImpl() - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.OracleSSLServerSocketFactoryImpl(), F-34

OracleSSLSession - oracle.security.ssl.OracleSSLSession, F-38

OracleSSLSession() - oracle.security.ssl.OracleSSLSession.OracleSSLSession(), F-39

OracleSSLSocketFactory - oracle.security.ssl.OracleSSLSocketFactory, F-44

OracleSSLSocketFactory() - oracle.security.ssl.OracleSSLSocketFactory.OracleSSLSocketFactory(), F-44

OracleSSLSocketFactoryImpl - oracle.security.ssl.OracleSSLSocketFactoryImpl, F-46

OracleSSLSocketFactoryImpl() - oracle.security.ssl.OracleSSLSocketFactoryImpl.OracleSSLSocketFactoryImpl(), F-47

orclDBDistinguishedName attribute, E-2

orclDBEnterpriseDomain object class, E-2

orclDBEnterpriseRole object class, E-2

orclDBEntryLevelMapping object class, E-2

orclDBGlobalName attributes, E-2

orclDBNativeUser attribute, E-2

orclDBRoleOccupant attribute, E-2

orclDBServer object class, E-2

orclDBServerMember attribute, E-2

orclDBServerRole attribute, E-2

orclDBSubtreeLevelMapping object class, E-2

orclDBTrustedDomain attribute, E-2

OS_AUTHENT_PREFIX parameter, 11-8

CyberSafe authentication, 5-8

OS_ROLES parameter, setting, 14-7

OSS.SOURCE.MY_WALLET parameter, 9-13, 9-21

P

parameters

SSL, B-13

configuration for JDBC, 3-5

encryption and checksumming, 2-10

SecurID, B-7

PINPAD cards

using SecurID, 7-11

PKI, 1-10, 10-2

prerequisites, for Biometric Authentication Service installation, 8-5

protocol, 1-16

protocol adapter error, 17-57

protocol.ora file

DCE address parameters in, 14-12

DCE.AUTHENTICATION parameter, 14-12

DCE.LOCAL_CELL_USERNAMES parameter, 14-12

DCE.PROTECTION parameter, 14-12

DCE.TNS_ADDRESS_OID parameter, 14-12

parameter for CDS, 14-13

protocols, 1-16

public key infrastructure, 1-10, 10-2

public/private key pair, 10-2

putValue(String, Object) - oracle.security.ssl.OracleSSLSession.putValue(java.lang.String, java.lang.Object), F-42

putValue(String, Object) - oracle.security.ssl.SSLSocketSession.putValue(java.lang.String, java.lang.Object), F-55

R

RADIUS, 1-10

accounting, 4-19

asynchronous (challenge-response) authentication mode, 4-5

authentication modes, 4-4

authentication parameters, B-8

challenge-response (asynchronous) authentication, 4-5

challenge-response (asynchronous) authentication, customizing challenge-response user interface, C-1, D-1

Challenge-Response user interface, C-2

configuring, 4-8

customizing the Challenge-Response user interface, C-3

location of secret key, 4-15

smartcards and, 1-11, 4-7, 4-16, C-2

synchronous authentication mode, 4-4

system requirements, 1-17

Radius

sample for sqlnet.ora file, A-3

RC4 encryption algorithm, 1-6, 2-3

realm (CyberSafe), 5-3

realm (Kerberos), 6-3

rejected PIN code

reasons for, 7-13

REMOTE_OS_AUTHENT parameter, 11-7

CyberSafe authentication, 5-8

setting for DCE, 14-5

removeCertChainCert(int) - oracle.security.ssl.OracleSSLCredential.removeCertChainCert(int), F-25

removeTrustedCert(int) - oracle.security.ssl.OracleSSLCredential.removeTrustedCert(int), F-25

removeValue(String) - oracle.security.ssl.OracleSSLSession.removeValue(java.lang.String), F-43

removeValue(String) - oracle.security.ssl.SSLSocketSession.removeValue(java.lang.String), F-55

requiring client authentication in SSL, 9-25

restrictions, 1-19

revocation, 10-3

roles

managing with RADIUS server, 4-22

roles, external, mapping to DCE groups, 14-7

RSA, 1-6

S

secret key, 8-5

location in RADIUS, 4-15

secuirty

threats

eavesdropping, 1-2

Secure Sockets Layer, 10-2

industry standard protocol, 9-2

See SSL

SecurID, 4-5

authentication parameters, B-7

creating users for authentication, 7-8

enabling authentication, 7-2

sample for sqlnet.ora file, A-4

system requirements, 1-17

token cards, 4-5

troubleshooting, 7-15

types of cards, 7-10

using with Oracle client tools, 7-10

security

between Oracle and non-Oracle clients and servers, 9-6

Internet, 1-2

Intranet, 1-2

policy for biometrically identified users, 8-3

threats, 1-2

data tampering, 1-3

dictionary attacks, 1-3

falsifying identities, 1-3

password-related, 1-3

SERVICE parameter, B-2

setPrivateKey(byte[], String) - oracle.security.ssl.OracleSSLCredential.setPrivateKey(byte[], java.lang.String), F-25

setPrivateKey(String, String) - oracle.security.ssl.OracleSSLCredential.setPrivateKey(java.lang.String, java.lang.String), F-25

setSSLCredentials(OracleSSLCredential) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.setSSLCredentials(oracle.security.ssl.OracleSSLCredential), F-36

setSSLCredentials(OracleSSLCredential) - oracle.security.ssl.OracleSSLServerSocketFactory.setSSLCredentials(oracle.security.ssl.OracleSSLCredential), F-32

setSSLCredentials(OracleSSLCredential) - oracle.security.ssl.OracleSSLSocketFactoryImpl.setSSLCredentials(oracle.security.ssl.OracleSSLCredential), F-51

setSSLCredentials(OracleSSLCredential) - oracle.security.ssl.OracleSSLSocketFactory.setSSLCredentials(oracle.security.ssl.OracleSSLCredential), F-45

setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.setSSLProtocolVersion(int), F-37

setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLServerSocketFactory.setSSLProtocolVersion(int), F-32

setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLServerSocket.setSSLProtocolVersion(int), F-30

setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.setSSLProtocolVersion(int), F-52

setSSLProtocolVersion(int) - oracle.security.ssl.OracleSSLSocketFactory.setSSLProtocolVersion(int), F-45

setSSLSessionContext(byte[]) - oracle.security.ssl.OracleSSLSession.setSSLSessionContext(byte[]), F-43

setWallet(String, String) - oracle.security.ssl.OracleSSLCredential.setWallet(java.lang.String, java.lang.String), F-25

shared schema, 17-48

shared schemas, 17-17, 17-18

SSL, 17-18

single sign-on, 1-10, 10-3, 15-3

smartcards, 1-11

and RADIUS, 1-11, 4-7, 4-16, C-2

SQL*Net, level required by Biometric Athentication Service, 8-5

SQLNET.AUTHENTICATION_GSSAPI_ parameter, B-2

SQLNET.AUTHENTICATION_GSSAPI_SERVICE parameter, 5-7

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8

SQLNET.AUTHENTICATION_SERVICES parameter, 4-9, 5-7, 6-8, 7-8, 8-10, 9-17, 9-18, 9-27, 11-4, 11-6, B-2

SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 2-14, A-7

SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 2-13, A-7

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 2-14, A-11

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 2-14, A-10

SQLNET.CRYPTO_SEED parameter, 2-12, A-12

SQLNET.ENCRYPTION_CLIENT parameter, 2-12, A-6

SQLNET.ENCRYPTION_SERVER parameter, 2-12, A-6

SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 2-12, A-9

SQLNET.ENCRYPTION_TYPES_SERVER parameter, 2-12, A-8

SQLNET.FIPS_140 parameter, D-3

SQLNET.IDENTIX_FINGERPRINT_DATABASE parameter, 8-10

SQLNET.IDENTIX_USE_MD5HASH parameter, B-3

SQLNET.KERBEROS5_CC_NAME parameter, 6-9

SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9

SQLNET.KERBEROS5_CONF parameter, 6-9

SQLNET.KERBEROS5_CONF_MIT parameter, 6-9

SQLNET.KERBEROS5_KEYTAB parameter, 6-10

SQLNET.KERBEROS5_REALMS parameter, 6-10

sqlnet.ora file, 17-40

Common sample, A-3

CyberSafe sample, A-3

Identix sample, A-3

Kerberos sample, A-3

modifying so CDS can resolve names, 14-18

NAMES.DIRECTORY_PATH parameter, 14-18

Oracle Advanced Security checksum sample, A-2

Oracle Advanced Security encryption sample, A-2

OSS.SOURCE.MY_WALLET parameter, 9-13, 9-21

parameters for clients and servers using CyberSafe, B-2

parameters for clients and servers using Identix, B-3

parameters for clients and servers using Kerberos, B-6

parameters for clients and servers using RADIUS, B-8

parameters for clients and servers using SecurID, B-7

parameters for clients and servers using SSL, B-13

parameters for FIPS 140-1, D-2

Radius sample, A-3

sample, A-2

SecurID sample, A-4

SERVICE parameter, B-2

SQLNET.AUTHENTICATION_GSSAPI_ parameter, B-2

SQLNET.AUTHENTICATION_GSSAPI_SERVICE parameter, 5-7

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8

SQLNET.AUTHENTICATION_SERVICES parameter, 5-7, 6-8, 7-8, 8-10, 9-17, 9-18, 9-27, 11-4, 11-6, B-2

SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 2-14, A-7

SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 2-13, A-7

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 2-14, A-11

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 2-14, A-10

SQLNET.CRYPTO_SEED parameter, 2-12, A-12

SQLNET.ENCRYPTION_CLIENT parameter, A-6

SQLNET.ENCRYPTION_SERVER parameter, 2-12, A-6

SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 2-12, A-9

SQLNET.ENCRYPTION_TYPES_SERVER parameter, 2-12, A-8

SQLNET.FIPS_140 parameter, D-3

SQLNET.IDENTIX_FINGERPRINT_DATABASE parameter, 8-10

SQLNET.IDENTIX_USE_MD5HASH parameter, B-3

SQLNET.KERBEROS5_CC_NAME parameter, 6-9

SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9

SQLNET.KERBEROS5_CONF parameter, 6-9

SQLNET.KERBEROS5_CONF_MIT parameter, 6-9

SQLNET.KERBEROS5_KEYTAB parameter, 6-10

SQLNET.KERBEROS5_REALMS parameter, 6-10

SSL sample, A-2

SSL_CLIENT_AUTHENTICATION parameter, 9-27

SSL_CLIENT_AUTHETNICATION parameter, 9-13

SSL_VERSION parameter, 9-17, 9-25

Trace File Set Up sample, A-2

SQLNET.RADIUS_ALTERNATE parameter, 4-18

SQLNET.RADIUS_ALTERNATE_PORT parameter, 4-18

SQLNET.RADIUS_ALTERNATE_RETRIES parameter, 4-19

SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter, 4-19

SQLNET.RADIUS_CLASSPATH parameter, 4-17

SQLNET.RADIUS_SEND_ACCOUNTING parameter, 4-20

SSL, 1-10, 10-1, 10-2, 17-37

application level firewalls, 9-9

authentication parameters, B-13

authentication process in an Oracle environment, 9-6

authorization, 9-10

certificate, 9-4

certificate authority, 9-4

cipher suites, B-14

client authentication parameter, B-15

components in an Oracle environment, 9-4

configuring on the client, 9-11, 10-10

configuring on the server, 9-18

requiring client authentication, 9-25

roles, 9-10

sample for sqlnet.ora file, A-2

Secure Sockets Layer, 9-2

shared schemas, 17-18

system requirements, 1-18

version parameter, B-15

wallet, 9-4

wallet location, parameter, B-16

with other authentication methods, 9-7

SSL_CLIENT_AUTHENTICATION parameter, 9-13, 9-27

SSL_VERSION parameter, 9-17, 9-25

SSL_Version_2_0 - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_2_0, F-26

SSL_Version_3_0 - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_3_0, F-27

SSL_Version_3_0_Only - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_3_0_Only, F-27

SSL_Version_3_0_With_2_0_Hello - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_3_0_With_2_0_Hello, F-27

SSL_Version_Undetermined - oracle.security.ssl.OracleSSLProtocolVersion.SSL_Version_Undetermined, F-27

SSLSocketSession - oracle.security.ssl.SSLSocketSession, F-53

SSLSocketSession() - oracle.security.ssl.SSLSocketSession.SSLSocketSession(), F-54

SSLSocketTest - oracle.security.ssl.SSLSocketTest, F-56

standard cards

using SecurID, 7-11

synchronous authentication mode, RADIUS, 4-4

System Environment Variable, 8-15

system requirements, 1-17

CyberSafe, 1-17

DCE integration, 12-2

Identix Biometric, 1-17

Kerberos, 1-17

RADIUS, 1-17

SecurID, 1-17

SSL, 1-18

T

Thin JDBC support, 3-1

threshold level, 8-3, 8-5

TNS lost connection, 17-56

tnsnames.ora file, 17-41

loading into CDS using tnnfg, 14-17

modifying to load connect descriptors into CDS, 14-16

renaming, 14-17

token cards, 1-12

toString() - oracle.security.ssl.OracleSSLCredential.toString(), F-25

trace file