Skip Headers

Oracle Advanced Security Administrator's Guide
Release 2 (9.2)
Part Number A96573-01
Go To Documentation Library
Home		 Go To Product List
Book List		 Go To Table Of Contents
Contents		 Go To Index
Index
Master Index
Feedback

Go to previous page Go to next page

11
Configuring DCE for Oracle DCE Integration

This chapter describes how to configure the Distributed Computing Environment (DCE) to use Oracle DCE Integration--after Oracle DCE Integration has been installed.

See Also:

Chapter 10, Overview of Oracle DCE Integration

To Configure DCE for Oracle DCE Integration:

The following tasks, performed by the DCE cell administrator, assume that a DCE cell has been configured and the systems being used are part of that cell:

Task 1: Create New Principals and Accounts

Use the following procedure model to add server principals:

% dce_login cell_admin password
% rgy_edit
Current site is: registry server at /.../cell1/subsys/dce/sec/master
rgy_edit=>do p
Domain changed to: principal 
rgy_edit=> add oracle
rgy_edit=> do a
Domain changed to: account
rgy_edit=> add oracle -g none -o none -pw oracle_password -mp cell_admin_
password
rgy_edit=> quit

bye

In this example, a DCE principal named oracle is created. The principal has a corresponding account with a password set to oracle_password. The account does not belong to any DCE group or DCE profile.

Note:

Perform this task on the server only once after DCE Integration has been installed; do not perform this task on client systems.

Task 2: Install the Key of the Server into a Keytab File

Install the key of the server into a keytab file, dcepa.key. This file contains the password of the principal under which the Oracle Net listener starts. The Oracle Net listener reads this file to authenticate itself to DCE. To generate the keytab file, enter the following:

% dce_login cell_admin password
% rgy_edit
Current site is: registry server at /.../cell1/subsys/dce/sec/master
rgy_edit=> ktadd -p oracle -pw Oracle_password -f
$ORACLE_HOME/dcepa/admin/dcepa.key
rgy_edit=>quit
bye
Note:
  • Perform this task on the server only once after DCE Integration has been installed. Do not perform this task on client systems.
  • Remember to substitute the full path name for the $ORACLE_HOME variable. If the specified directories do not exist, create them before running the command; to create the directories. enter the following: 
    mkdir $ORACLE_HOME/dcepa
mkdir $ORACLE_HOME/dcepa/admin

Task 3: Configure DCE CDS for Use by Oracle DCE Integration

Step 1: Create Oracle Directories in the CDS Namespace

Enter the following after installing DCE Integration for the first time in a cell; create directories on all CDS replicas:

% dce_login cell_admin

Enter Password:(password not displayed)
$ cdscp
cdscp> create dir /.:/subsys/oracle
cdscp> create dir /.:/subsys/oracle/names
cdscp> create dir /.:/subsys/oracle/service_registry
cdscp> exit
Note:
  • The directory /.:/subsys/oracle/names contains objects that map Oracle Net service names to connect descriptors, which are used by the CDS naming adapter.
  • The directory /.:/subsys/oracle/service_registry contains objects that map the service name in DCE addresses to the network endpoint that is used by both DCE protocol adapter clients and servers.

Step 2: Give Servers Permission to Create Objects in the CDS Namespace

Enter the following to add the principal oracle to the CDS-server group:

$ dce_login cell_admin
Enter Password:   (password not displayed)
$ rgy_edit
rgy_edit=> domain group
Domain changed to: group
rgy_edit=> member subsys/dce/cds-server -a oracle
rgy_edit=> exit

Step 3: Load Oracle Service Names into CDS

Load Oracle service names into the Cell Directory Service, as described in Chapter 12, Configuring Oracle9i for Oracle DCE Integration.

Go to previous page Go to next page
Oracle
Copyright © 1996, 2002 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Book List		 Go To Table Of Contents
Contents		 Go To Index
Index
Master Index
Feedback