La alimentación y el problema del dinero en efectivo Los motines

This section contains:

■ Step 2C(1): Change Default Settings ■ Step 2C(2): Configure Challenge-Response

■ Step 2C(3): Set Parameters for an Alternate RADIUS Server Step 2C(1): Change Default Settings

1. Start Oracle Net Manager.

■ (UNIX) From $ORACLE_HOME/bin, enter the following command at the command line:

netmgr

■ (Windows) Select Start, Programs, Oracle - HOME_NAME, Configuration

and Migration Tools, then Net Manager.

2. Expand Oracle Net Configuration, and from Local, select Profile.

3. From the Naming list, select Network Security. The Network Security tabbed window appears.

4. Click the Other Params tab.

5. From the Authentication Service list, select RADIUS.

6. Change the default setting for any of the following fields:

■ Port Number: Specifies the listening port of the primary RADIUS server. The

default value is 1645.

■ Timeout (seconds): Specifies the time the Oracle database server waits for a

response from the primary RADIUS server. The default is 15 seconds.

See Also: Oracle Database Reference and the Oracle Database Administrator's Guide for information about setting initialization parameters on an Oracle Database server

Enabling RADIUS Authentication, Authorization, and Accounting

Configuring RADIUS Authentication 11-11

■ Number of Retries: Specifies the number of times the Oracle database server

resends messages to the primary RADIUS server. The default is three retries. For instructions on configuring RADIUS accounting, see Step 5: Configure RADIUS Accounting on page 11-14.

■ Secret File: Specifies the location of the secret key on the Oracle database

server. The field specifies the location of the secret key file, not the secret key itself. For information about specifying the secret key, see Step 2B(1): Create the RADIUS Secret Key File on the Oracle Database Server on page 11-8.

7. From the File menu, select Save Network Configuration. The sqlnet.ora file is updated with the following entries:

SQLNET.RADIUS_AUTHENTICATION_PORT=(PORT) SQLNET.RADIUS_AUTHENTICATION_TIMEOUT= (NUMBER OF SECONDS TO WAIT FOR response) SQLNET.RADIUS_AUTHENTICATION_RETRIES=

(NUMBER OF TIMES TO RE-SEND TO RADIUS server) SQLNET.RADIUS_SECRET=(path/radius.key) Step 2C(2): Configure Challenge-Response

The challenge-response (asynchronous) mode presents the user with a graphical interface requesting first a password, then additional information (for example, a dynamic password that the user obtains from a token card). With the RADIUS adapter, this interface is Java-based to provide optimal platform independence.

To configure challenge-response:

1. If you are using JDK 1.1.7 or JRE 1.1.7, then set the JAVA_HOME environment variable to the JRE or JDK location on the system where the Oracle client is run:

■ On UNIX, enter this command at the prompt: % setenv JAVA_HOME /usr/local/packages/jre1.1.7B

■ On Windows, select Start, Settings, Control Panel, System, Environment, and

set the JAVA_HOME variable as follows:

c:\java\jre1.1.7B

This step is not required for any other JDK/JRE version.

2. Start Oracle Net Manager.

■ (UNIX) From $ORACLE_HOME/bin, enter the following command at the

command line:

Note: Third party vendors of authentication devices must

customize this graphical user interface to fit their particular device. For example, a smart card vendor would customize the Java interface so that the Oracle client reads data, such as a dynamic password, from the smart card. When the smart card receives a challenge, it responds by prompting the user for more information, such as a PIN.

See Also: Appendix C, "Integrating Authentication Devices Using RADIUS", for information about how to customize the challenge-response user interface

Enabling RADIUS Authentication, Authorization, and Accounting

netmgr

■ (Windows) Select Start, Programs, Oracle - HOME_NAME, Configuration

and Migration Tools, then Net Manager.

3. Expand Oracle Net Configuration, and from Local, select Profile.

4. From the Naming list, select Network Security. The Network Security tabbed window appears.

5. From the Authentication Service list, select RADIUS.

6. In the Challenge Response field, enter ON to enable challenge-response.

7. In the Default Keyword field, accept the default value of the challenge or enter a keyword for requesting a challenge from the RADIUS server.

The keyword feature is provided by Oracle and supported by some, but not all, RADIUS servers. You can use this feature only if your RADIUS server supports it. By setting a keyword, you let the user avoid using a password to verify identity. If the user does not enter a password, the keyword you set here is passed to the RADIUS server which responds with a challenge requesting, for example, a driver's license number or birth date. If the user does enter a password, the RADIUS server may or may not respond with a challenge, depending upon the configuration of the RADIUS server.

8. In the Interface Class Name field, accept the default value of

DefaultRadiusInterface or enter the name of the class you have created to handle the challenge-response conversation.

If other than the default RADIUS interface is used, then you also must edit the

sqlnet.ora file to enter SQLNET.RADIUS_CLASSPATH=(location), where location

is the complete path name of the jar file. It defaults to

$ORACLE_HOME/network/jlib/netradius.jar: $ORACLE_HOME/JRE/lib/vt.jar

9. From the File menu, select Save Network Configuration. The sqlnet.ora file is updated with the following entries:

SQLNET.RADIUS_CHALLENGE_RESPONSE=([ON | OFF]) SQLNET.RADIUS_CHALLENGE_KEYWORD=(KEYWORD)

SQLNET.RADIUS_AUTHENTICATION_INTERFACE=(name of interface including the package name delimited by "/" for ".")

Step 2C(3): Set Parameters for an Alternate RADIUS Server

If you are using an alternate RADIUS server, set these parameters in the sqlnet.ora

file using any text editor.

SQLNET.RADIUS_ALTERNATE=(hostname or ip address of alternate radius server) SQLNET.RADIUS_ALTERNATE_PORT=(1812)

SQLNET.RADIUS_ALTERNATE_TIMEOUT=(number of seconds to wait for response) SQLNET.RADIUS_ALTERNATE_RETRIES=(number of times to re-send to radius server)

Step 3: Create a User and Grant Access

1. Start SQL*Plus and execute these commands to create and grant access to a user identified externally on the Oracle database server.

SQL> CONNECT system@database_name; SQL> Enter password:

SQL> CREATE USER username IDENTIFIED EXTERNALLY; SQL> GRANT CREATE SESSION TO USER username;

Enabling RADIUS Authentication, Authorization, and Accounting

Configuring RADIUS Authentication 11-13

SQL> EXIT

If you are using Windows, then you can use the Security Manager tool in Oracle Enterprise Manager.

2. Enter the same username in the RADIUS server's users file.

Step 4: Configure External RADIUS Authorization (optional)

If you require external RADIUS authorization for RADIUS users who connect to an Oracle database, then you must perform the following steps to configure the Oracle server, the Oracle client, and the RADIUS server: