Online Documentation for SQL Manager for Oracle

Authentication


The Authentication tab allows you to set up authentication options for your Oracle system: select authentication method(s) and set their properties.

 

Methods

This group allows you to select the authentication methods that will be used by the system.

To select a method, you need to move it from the Available list to the Selected list. Use the Move all to Selected Move to Selected Move to Available Move all to Available buttons or drag-and-drop operations to move the methods from one list to another.

 

Profile parameters - Advanced Security - Authentication

 

 

Kerberos5

 

Service name

Define the name of the service used to obtain a Kerberos service ticket.

 

Credential cache file

Type in or use the ExplorerButton button to specify the complete path and name of the Kerberos credentials cache file.

 

Configuration file

Type in or use the ExplorerButton button to specify the complete path and name of the Kerberos configuration file which contains the realm for the default KDC and maps realms to KDC hosts.

 

Realm translation file

Type in or use the ExplorerButton button to specify the complete path and name of the Kerberos realm translation file which provides a mapping from a host name or domain name to a realm.

 

Key table

Type in or use the ExplorerButton button to specify the complete path and name of the Kerberos principal/secret key mapping file which is used to extract keys and decrypt incoming authentication information.

 

Waiting time before credential expiration

Specify how many seconds must pass before a Kerberos credential is considered out of date.

 

Profile parameters - Advanced Security - Authentication - Kerberos5

 

 

CyberSAFE

 

GSSAPI service

Use this field to define the CyberSAFE service principal.

 

Profile parameters - Advanced Security - Authentication - CyberSAFE

 

 

Identix

 

Database

Specify the service name or alias for the authentication fingerprint database.

 

Database user

Specify the user name known to the fingerprint database.

 

Database password

Specify the password known to the fingerprint database.

 

Identix method

Specify the method name for the fingerprint database. The method name must be ORACLE.

 

Profile parameters - Advanced Security - Authentication - Identix

 

 

RADIUS

 

Please note that parameters of the Servers group (host name, port and number of connection retries) can be configured for the primary server as well as for the alternate server. Switch to the respective tabs of the Servers group.

 

Profile parameters - Advanced Security - Authentication - RADIUS

 

 

Host name

Specifies the location of the primary RADIUS server, either by its host name or IP address.

 

Port

Listening port of the primary RADIUS server.

 

Number of connection retries

Times to resend.

 

 

Wait duration before disconnection from server

Time to wait for response before server connection is closed.

 

RADIUS secret key file

Type in or use the ExplorerButton button to specify the full path to the file containing the RADIUS shared secret.

 

Default keyword

This parameter sets the keyword to request a challenge from the RADIUS server. User types no password on the client.

 

Interface class name

Sets the name of the Java class that contains the graphical user interface when RADIUS is in the challenge-response (asynchronous) mode.

 

CheckBox Send accounting

This option enables/disables accounting.

If you enable accounting, packets will be sent to the active RADIUS server at the listening port plus one. By default, packets are sent to port 1646. You need to turn this feature on only when your RADIUS server supports accounting and you want to keep track of the number of times the user is logging on to the system.

 

CheckBox Challenge response

This option turns on/off the challenge-response, or asynchronous, mode support.