Home » RDBMS Server » Security » OS authentication
OS authentication [message #333986] Tue, 15 July 2008 02:10 Go to next message
coolbalaga
Messages: 24
Registered: September 2006
Junior Member
Hello,

Need help on the OS authentication (Unix User):

I am not able to login to the Oracle database using the OS authentication . I am getting the below error when tried to connect with the sysdba..

<--------
SQL> conn /@TEST as sysdba;
ERROR:
ORA-01031: insufficient privileges

Warning: You are no longer connected to ORACLE.
------------>

But I am able to connect to the database as (without the sysdba privilege)
SQL> conn /@TEST;

I have user with OPS$ORATEST (ORATEST being the OS user and is part of the dba,oper group). Granted roles are

GRANTED_ROLE
-----------
DBA
CONNECT
RESOURCE
SELECT_CATALOG_ROLE


Even Oracle doesnot allow giving the sysdba or sysoper to the externally identified user (i.e., OS user)

So What permission/privilege to be given the OS user so that i can connect to the database "as sysdba" ?

Thanks in advance.
Re: OS authentication [message #333990 is a reply to message #333986] Tue, 15 July 2008 02:36 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
If you want to remotely connect as sysdba, you have to use a password file.
If you want to remotely connect with OS authent you have to set the appropriate parameter but this is one of the biggest security hole you can do.

Regards
Michel
Re: OS authentication [message #334003 is a reply to message #333990] Tue, 15 July 2008 03:11 Go to previous messageGo to next message
coolbalaga
Messages: 24
Registered: September 2006
Junior Member
Thanks for a quick reply.

I want to use the OS user and connect as
SQL> conn /@TEST as sysdba;

where TEST is DB
and ORATEST is the unix OS user.

For this, I am getting the " insufficient privileges" error. DO i have to give any specific role/privelege to the OS user?

Re: OS authentication [message #334028 is a reply to message #334003] Tue, 15 July 2008 04:16 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Michel Cadot wrote on Tue, 15 July 2008 09:36
If you want to remotely connect as sysdba, you have to use a password file.
If you want to remotely connect with OS authent you have to set the appropriate parameter but this is one of the biggest security hole you can do.

Regards
Michel


Re: OS authentication [message #334046 is a reply to message #333986] Tue, 15 July 2008 05:31 Go to previous messageGo to next message
coolbalaga
Messages: 24
Registered: September 2006
Junior Member
I have the password file created with the entries for the SYS and SYSTEM. But how to add for the OS User "OPS$TEST" ?
Re: OS authentication [message #334051 is a reply to message #334046] Tue, 15 July 2008 05:53 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
If you want to connect with it.
Maybe you should have a look at documentation about connecting as sysdba and the role of password file.

Regards
Michel
Re: OS authentication [message #335687 is a reply to message #334051] Wed, 23 July 2008 05:20 Go to previous messageGo to next message
coolbalaga
Messages: 24
Registered: September 2006
Junior Member

if I add the OS user to the password file, I am able to login as "conn OSUSER/PASSWORD@DB as sysdba" but not as "conn /@DB as sysdba"

Re: OS authentication [message #335695 is a reply to message #335687] Wed, 23 July 2008 05:32 Go to previous message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Once again you should read the documentation.
The purpose of password file is to allow a user to remotely connect as sysdba giving its account name and password NOT to externally connect as sysdba. For this it MUST be in dba group.

You can't, I repeat you can't remotely connect as sysdba without giving an account and password.

Regards
Michel
Previous Topic: What's a default role in dba_role_privs?
Next Topic: To active auditing and check
Goto Forum:
  


Current Time: Thu Mar 28 14:30:39 CDT 2024