The Secure Sockets Layer, commonly referred to as SSL, is another method of authentication based on externally stored credentials. The mechanism is very similar to that used in authentication based on external stores. The major difference is that in authentication based on external stores, we are still using passwords, and the normal user authentication is unaltered. In SSL-based authentication, users are defined externally or globally, and authorization is based on certificates.
In this recipe we will re-use the SSL-based connection setup that was described in Chapter 2, Securing the Network and Data in Transit. Additionally we will create a user named ssluser
defined with an external identification. Before starting with the steps, set up the SSL communication as instructed in Chapter 2, Securing the Network and Data in Transit.
$ORACLE_HOME/network/admin/sqlnet.ora
and set SSL_CLIENT_AUTHENTICATION
to TRUE
, as follows:SSL_CLIENT_AUTHENTICATION = TRUE
SQLNET.AUTHENTICATION_SERVICES
, as follows:SQLNET.AUTHENTICATION_SERVICES = (BEQ, TCPS)
system
and create the user ssluser
that is identified externally, as follows:SQL> create user ssluser identified externally as 'CN=PacktPub_C,C=GB'; User created.
create session
privilege to the user ssluser
, as follows:SQL> grant create session to ssluser; Grant succeeded.
SQL> conn /@hackdb_ssl Connected
18.189.170.134