Oracle Advanced Security Administrator's Guide
Release 8.1.7
Part Number A85430-01
Library
Product
Contents
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
X
A
accounting, RADIUS, 4-19
activating checksumming and encryption, 2-6
adapters, 1-14
addCertChain(byte[]) - oracle.security.ssl.OracleSSLCredential.addCertChain(byte[]), F-25
addCertChain(String) - oracle.security.ssl.OracleSSLCredential.addCertChain(java.lang.String), F-25
addTrustedCert(byte[]) - oracle.security.ssl.OracleSSLCredential.addTrustedCert(byte[]), F-25
addTrustedCert(String) - oracle.security.ssl.OracleSSLCredential.addTrustedCert(java.lang.String), F-25
administrative context, 17-10
architecture of SSL
in an Oracle environment, 9-3
with other authentication methods, 9-8
assigning new pincode to SecurID card, 7-12
asynchronous (challenge-response) authentication mode in RADIUS, 4-5
attributes
orclDBDistinguishedName, E-2
orclDBGlobalName, E-2
orclDBNativeUser, E-2
orclDBRoleOccupant, E-2
orclDBServerMember, E-2
orclDBServerRole, E-2
orclDBTrustedDomain, E-2
authenticated RPC
protocol adapter includes, 12-4
authentication, 1-8,
1-14
biometric, 8-1
configuring multiple methods, 11-5
methods, 1-10
modes in RADIUS, 4-4
authorization, 1-13
B
benefits of Oracle Advanced Security, 1-5
Biometric Authentication Service
authenticating users, 8-15
enabling, 8-8
overview, 8-2
troubleshooting, 8-16
Biometric Manager
installation, 8-5
boundaries, 1-16
C
CDS
naming adapter components, 12-5
naming adapter includes, 12-5
using to perform name lookup, 14-15
cds_attributes file
modifying for name resolution in CDS, 14-15
Cell Directory Service
using to perform name lookup, 14-15
Cell Directory Service (CDS), naming adapter includes, 12-5
CERN proxy server, 9-9
certificate
authority, 10-2
creation, 10-2
definition, 9-4
certificate authority
definition, 9-4
challenge-response (asynchronous) authentication in RADIUS, 4-5
checksumming and encryption, activating, 2-6
cipher block chaining mode, 1-6
cipher suites
SSL, B-14
client authentication in SSL, requiring, 9-25
combining SSL with other authentication methods, 9-7
configuration files
CyberSAFE, B-2
Kerberos, B-6
needed for servers in DCE, 14-4
SecurID, B-7
configuring
a server in DCE, 14-4
Biometric Manager, 8-12
clients for DCE integration, 14-12
clients to use CDS, 14-14
clients to use DCE CDS naming, 14-14
CyberSafe authentication service parameters, 5-6
DCE CDS for use by Oracle DCE Integration, 13-3
DCE to use DCE Integration, 13-2
enterprise user security, 17-28
Identix authentication, 8-8
Kerberos authentication service parameters, 6-5
Oracle as a SecurID client, 7-4
Oracle for Net8/DCE, 14-1
Oracle server with CyberSafe, 5-3
Oracle server with Kerberos, 6-3
RADIUS authentication, 4-8
SecurID authentication service, 7-7
server for DCE Integration, 14-4
shared schemas, 17-18
SSL, 9-10
on the client, 9-11,
10-10
on the server, 9-18
Thin JDBC support, 3-1
connecting
across cells, 14-6
to an Oracle database
to verify roles, 14-9
to an Oracle database in DCE, 15-1
to an Oracle server in DCE, 15-3
with username/password, 15-3
without username and password, 15-3
connecting with username/password
with authentication configured, 11-2
createServerSocket(int) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.createServerSocket(int), F-34
createServerSocket(int, int) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.createServerSocket(int, int), F-34
createServerSocket(int, int, InetAddress) - oracle.security.ssl.OracleSSLServerSocketFactoryImpl.createServerSocket(int, int, java.net.InetAddress), F-35
createSocket(InetAddress, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.net.InetAddress, int), F-47
createSocket(InetAddress, int, InetAddress, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.net.InetAddress, int, java.net.InetAddress, int), F-47
createSocket(Socket) - oracle.security.ssl.OracleSSLSocketFactory.createSocket(java.net.Socket), F-45
createSocket(Socket) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.net.Socket), F-48
createSocket(String, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.lang.String, int), F-50
createSocket(String, int, InetAddress, int) - oracle.security.ssl.OracleSSLSocketFactoryImpl.createSocket(java.lang.String, int, java.net.InetAddress, int), F-50
creating
an Oracle server account, 8-13
Oracle directories in CDS, 13-3
principals and accounts, 13-2
CyberSafe, 1-11
authentication parameters, B-2
enabling authentication, 5-2
sample for sqlnet.ora file, A-3
system requirements, 1-17
CyberSafe Challenger
system requirements, 1-17
D
data
integrity, 1-7
privacy, 1-5
data integrity, 1-7
DCE
address parameters in listener.ora and tnsnames.ora files, 14-2
address parameters in protocol.ora file, 14-12
backward compatibility, 12-2
CDS naming adapter components, 12-5
communication and security, 12-4
components, 12-4
configuration files required, 14-4
configuring a server, 14-4
configuring clients for DCE integration, 14-12
configuring clients to use DCE CDS naming, 14-14
configuring to use DCE Integration, 13-2
connecting clients without access to DCE and CDS, 16-2
connecting to an Oracle server, 15-3
externally-authenticated accounts, 14-5
limitations, 12-8
overview, 12-3
sample address in tnsnames.ora file, 14-16
sample listener.ora file, 16-2
sample parameter files, 16-2
sample tnsnames.ora file, 16-2
setting up external roles,, 14-7
starting the listener, 15-2
syntax for mapping groups to Oracle roles, 14-7
verifying DCE groups are mapped to OS roles, 14-9
DCE Secure Core services, 12-7
dce_service_name, verifying, 15-2
DCE.AUTHENTICATION parameter, 14-12
DCE.LOCAL_CELL_USERNAMES parameter, 14-12
DCE.PROTECTION parameter, 14-12
DCE.TNS_ADDRESS_OID parameter, 14-12
DCE.TNS_ADDRESS.OID parameter
modifying in protocol.ora file, 14-16
defining users
in multi-cell environment, 14-6
DES, 1-6
DES encryption algorithm, 2-2
DES40 encryption algorithm, 2-3
Diffie-Hellman key negotiation algorithm, 2-5
digital signatures, 10-2
directories
conceptual overview, 17-4
Directory Information Tree (DIT), 17-4
distinguished names, 17-4
Distributed Computing Environment
overview, 12-3
E
encryption, 1-16
encryption and checksumming
activating, 2-6
client profile encryption, A-12
negotiating, 2-8
parameter settings, 2-10
server encryption level setting, A-6
server encryption selected list, A-8
enterprise domain, 17-9,
17-50
setting up, 17-50
enterprise roles, 17-8
enterprise user login
troubleshooting, 17-55
enterprise user security, 17-1
administrative context, 17-10
architecture, 17-14
components, 17-7,
17-25
enterprise domains, 17-9
enterprise roles, 17-8
enterprise users, 17-8
global roles, 17-8
groups
OracleDBCreators, 17-11
OracleDBSecurity, 17-12
OracleNetAdmins, 17-11
installing and configuring, 17-28
Oracle Conext, 17-9
Oracle Enterprise Security Manager, 17-4
OracleDBSecurity container, 17-9
overview, 17-3
schemaless users, 17-17
enterprise users, 17-8,
17-50,
17-53
entries
distinguished names of, 17-4
naming, 17-4
Entrust, 1-10,
10-1,
10-2
authentication, 10-8,
10-9
authority, 10-6
certificate revocation, 10-3
components, 10-5
configuring
server, 10-11