Re: Oracle External Users

[bug () pehlwaan demon nl]

to login using external authentication try:
sqlplus /
at the command prompt - same for windows and unix. For this to work:
1) login to your OS where your OS account name must match a database account
name (here I assume database initialization parameter OS_AUTHENT_PREFIX is
null)
2) in the case of a database local to your server you must have ORACLE_SID set
in your environment to the SID of the database
3) in the case of a remote database you must have TWO_TASK set in your
environment to the SID of the database - in this case your sqlnet setup 
must be
able to resolve TWO_TASK to a particular server and port

This won't work for ODBC and as long as you OS user matches the database user
there is no further security check.

Of course there are other checks and restrictions you can activate 
(particularly
in your sqlnet config) but with a default installation external authentication
is pretty lax.


Ahmed





Quoting Damien Lewis <dwlewis () comcast net>:

> Hello,
>
> I'm in the process of reviewing a list of users (DBA_USERS table) from an
> Oracle Database and have come across several accounts with the PASSWORD
> field being "EXTERNAL".  It is my understanding that these accounts are
> authenticated by the operating system, but how exactly do you go about
> authenticating using this account (i.e. could I conect via SQL Plus or an
> ODBC connection) and is there any other control(s) within Oracle that would
> prevent any user from creating a user id that matches the account name in
> DBA_USERS table on another computer and logging in as that user to the
> Oracle database?
>
> Thanks
>
> D