Index

A B C D E F G H I J K L M N O P R S T U V W X

A

Access Control Lists

accessing security groups, E-24

available security groups, E-23

accounting, RADIUS, 4-22

activating checksumming and encryption, 2-7

Active Directory

accessing security groups, E-24

automatic discovery of directory servers, E-5

connecting to a database, E-19, E-20

creating security domains, E-28

defined, E-2

enhancement of directory object type descriptions, E-8

how Oracle directory objects appear, E-9

integration with directory servers, E-19

integration with Microsoft tools, E-6

integration with Windows login credentials, E-9

managing Access Control Lists, E-23

managing security groups directory server

managing Access Control Lists, E-23

requirements for creating enterprise user security, E-15

requirements for creating Oracle Net directory naming, E-15

requirements for using Oracle, E-19

testing connectivity from client computers, E-19

testing connectivity with Microsoft tools, E-20

testing connectivity with SQL*Plus, E-7

testing database connectivity, E-7

user interface extensions, E-7

Active Directory Users and Computers

accessing directory server objects, E-20

integration with Oracle objects in Active Directory, E-6

adapters, 1-15

administering enterprise domains, 19-35

administrators, 19-26, 19-39

asynchronous authentication mode in RADIUS, 4-6

ATTENTION_DESCRIPTION column, 16-6

authenticated RPC

protocol adapter includes, 10-3

authentication, 1-8, 1-15

configuring multiple methods, 9-5

methods, 1-11

modes in RADIUS, 4-4

overview, E-17

using Windows native authentication methods, E-17

authorization, 1-14

autologin, 15-43

B

benefits of Oracle Advanced Security, 1-5

browsing, 19-16

C

C:\ORANT, defined, xxxv

C:\ORAWIN95, defined, xxxv

CASCADE parameter, 16-8

CASCADE_FLAG column, 16-6, 16-7

CDS. See Cell Directory Service (CDS)

Cell Directory Service (CDS)

cds_attributes file

modifying for name resolution in CDS, 12-15

naming adapter components, 10-4

naming adapter includes, 10-4

Oracle service names, 10-4

using to perform name lookup, 12-14

certificate, 7-4

creation, 8-2

certificate authority, 7-4, 8-2

certificate authority, simulated with esm -genca tool, 19-14

certificate-authenticated enterprise users, 18-2

challenge-response authentication in RADIUS, 4-6

cipher block chaining mode, 1-6

cipher suites

Secure Sockets Layer (SSL), B-11

client authentication in SSL, 7-32

configuration files

CyberSafe, B-2

Kerberos, B-3

configuring

clients for DCE integration, 12-11

clients to use DCE CDS naming, 12-14

CyberSafe authentication service parameters, 5-6

DCE to use DCE Integration, 11-2

Kerberos authentication service parameters, 6-5

Oracle Net/DCE external roles, 12-7

Oracle server with CyberSafe, 5-3

Oracle server with Kerberos, 6-3

RADIUS authentication, 4-10

Secure Sockets Layer (SSL)

on the client, 8-10

shared schemas, 15-20

SSL, 7-14

on the client, 7-14

on the server, 7-26

thin JDBC support, 3-1

connecting

across cells, 12-6

to an Oracle database

to verify roles, 12-8

to an Oracle server in DCE, 13-3

with username and password, 13-4

without username and password, 13-3

with username and password, 9-2

creating

Oracle directories in CDS, 11-4

principals and accounts, 11-2

creating a certificate authority with esm -genca tool, 19-23

CyberSafe, 1-12

authentication parameters, B-2

configuring authentication, 5-2

kinstance, 5-3

realm, 5-3

sqlnet.ora file sample, A-3

system requirements, 1-18

CyberSafe Challenger

system requirements, 1-18

D

Data Encryption Standard (DES), 2-3

DES encryption algorithm, 1-6

DES40 encryption algorithm, 2-3

Triple-DES encryption algorithm, 1-6, 2-3

data integrity, 1-7

data privacy, 1-5

database

changing password, 18-7

database administrators, 19-32

Database Configuration Assistant

registering a database object in a directory server, E-9

database domain membership, 19-37

database password verifier, 16-3

database schema mappings, 19-32, 19-40

database security, 19-31

database security options, 19-39

DBPASSWORD column, 16-6

DBPASSWORD_EXIST_FLAG column, 16-6, 16-7

DCE. See Distributed Computing Environment (DCE)

DCE.AUTHENTICATION parameter, 12-11

DCE.LOCAL_CELL_USERNAMES parameter, 12-11

DCE.PROTECTION parameter, 12-11

DCE.TNS_ADDRESS_OID parameter, 12-11

DCE.TNS_ADDRESS.OID parameter

modifying in protocol.ora file, 12-15

DES. See Data Encryption Standard (DES)

Diffie-Hellman key negotiation algorithm, 2-6

digital signatures, 8-2

E

ELA. See Oracle Enterprise Login Assistant (ELA)

encryption, 1-17

encryption and checksumming

activating, 2-7

client profile encryption, A-10

negotiating, 2-9

parameter settings, 2-11

server encryption level setting, A-5

server encryption selected list, A-7

enterprise domain administrators, 19-39

enterprise domains, 15-57, 19-35

viewing in Active Directory, E-11

Enterprise Login Assistant. See Oracle Enterprise Login Assistant (ELA)

enterprise role grantees, 19-46

enterprise roles, 19-42, 19-44

viewing in Active Directory, E-11

enterprise user security

administrators, 15-60

autologin, 15-43

certificate authority, 15-32

components, 15-27

creation requirements, E-15

database clients, 15-49

directory entries, 15-7

directory service, 15-32

enterprise domains, 15-8, 15-50, 15-57

enterprise roles, 15-7

enterprise users, 15-7, 15-51, 15-54

add, 15-51

authorize, 15-52, 15-62

configure, 15-61

create, 15-61

create passwords, 15-63

create userids, 15-63

create wallet, 15-52

enable database access, 15-59

mapping, 15-22, 15-53

final password configuration, 15-56

final SSL configuration, 15-48

global roles, 15-7, 15-47

groups

OracleDBCreators, 15-11

OracleDBSecurity, 15-11

listener, 15-38, 15-42, 15-45

Oracle Context, 15-58

Oracle Enterprise Security Manager, 15-4

overview, 15-3

password-accessible domains, 15-60

private key decryption fails, 15-71

privileges, 15-47

roles, 15-46

schemas, 15-46

session privilege, 15-47

shared schemas, 15-19

configuring, 15-20

creating, 15-21

SSL, 15-22

SSL, 15-37

SSL service name, 15-37

troubleshooting, 15-65

tracing, 15-71

user search bases, 15-58

UserID attribute, 15-59

enterprise users

administering, 19-7

creating, 19-8

defining password, 19-11

viewing in Active Directory, E-11

Entrust Technologies, Inc., 8-2

Entrust/PKI for Oracle, 8-4

Entrust/PKI Software, 1-11, 8-1, 8-2

authentication, 8-7, 8-8

authority, 8-5

certificate revocation, 8-3

components, 8-4

configuring

client, 8-10

server, 8-12

creating database users, 8-15

Entelligence, 8-5

etbinder command, 8-12

IPSEC Negotiator Toolkit, 8-6

issues and restrictions, 8-16

key management, 8-3

profiles, 8-8

administrator-created, 8-8

user-created, 8-9

RA, 8-5

toolkit server login, 8-6

versions supported, 8-4

error messages

ORA-12650, 2-7, 2-9, A-7, A-8, A-9

ORA-28890, 8-17

Oracle Enterprise Security Manager, 15-36, 15-55

tracing, 15-71

esm -genca tool, 19-14, 19-23

ESM. See Oracle Enterprise Security Manager (ESM)

etbinder command, 8-12

F

Federal Information Processing Standard

configuration, xxvii

Federal Information Processing Standard (FIPS), 1-7, D-1

sqlnet.ora parameters, D-2

FIPS. See Federal Information Processing Standard (FIPS)

G

GDS. See Global Directory Service (GDS)

generic documentation references

Windows NT-specific authentication methods, E-17

Global Directory Service (GDS), 10-4

global roles, 15-47, 19-44

global schema, 15-47

grantees, 19-46

H

handshake

SSL, 7-6

hints, 18-9

HTTPS, 7-7

I

initialization parameter file

parameters for clients and servers using CyberSafe, B-2

parameters for clients and servers using Kerberos, B-3

parameters for clients and servers using RADIUS, B-4

parameters for clients and servers using SSL, B-10

installing

key of server, 11-3

internet, 7-7

Internet Inter-ORB Protocol (IIOP)

secured by SSL, 7-7

J

Java Byte Code Obfuscation, 3-4

Java Database Connectivity (JDBC)

configuration parameters, 3-5

Oracle extensions, 3-2

Oracle O3LOGON, 3-3

thin driver features, 3-3

Java Database connectivity (JDBC)

implementation of Oracle Advanced Security, 3-2

JDBC. See Java Database Connectivity

K

Kerberos, 1-12

authentication adapter utilities, 6-13

configuring authentication, 6-2, 6-5

kinstance, 6-3

kservice, 6-3

realm, 6-3

sqlnet.ora file sample, A-3

system requirements, 1-18

kinstance (CyberSafe), 5-3

kinstance (Kerberos), 6-3

kservice (Kerberos), 6-3

L

LAN environments

vulnerabilities of, 1-2

LDAP. See Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP), 18-1, 18-2, 18-5, 18-6, 18-9, 18-10

Listener, 15-37

listener, 15-38, 15-42, 15-45

endpoint

SSL configuration, 7-34

listener.ora file, 15-41

starting in the DCE environment, 13-2

listener.ora file, 15-41

parameters for DCE, 12-4

logging into Oracle

using DCE authentication, 13-3

logging out, 18-10

M

managing roles with RADIUS server, 4-24

mapping DCE groups

to Oracle roles, 12-7

MAPPING_LEVEL column, 16-6, 16-7

MAPPING_TYPE column, 16-6, 16-7

mappings, 19-40

MD5 message digest algorithm, 2-5

membership, 19-37

N

NAMES.DIRECTORY_PATH parameter, 12-17

NEEDS_ATTENTION_FLAG column, 16-6

Netscape Communications Corporation, 7-2

network protocol boundaries, 1-17

O

obfuscation, 3-4

okdstry

Kerberos adapter utility, 6-13

okinit

Kerberos adapter utility, 6-13

oklist

Kerberos adapter utility, 6-13

OLD_SCHEMA_TYPE column, 16-6

operating systems

authentication overview, E-17

ORA-12650 error message, A-8

Oracle Advanced Security

checksum sample for sqlnet.ora file, A-2

configuration parameters, 3-5

disabling authentication, 9-3

encryption sample for sqlnet.ora file, A-2

Java implementation, 3-2, 3-4

SSL features, 7-2

Oracle Connection Manager, 1-17

Oracle Context, 15-58, 19-7, 19-20, 19-26, 19-31

defined, E-11

Oracle Enterprise Login Assistant (ELA), 15-27, 18-1

and LDAP directory, 18-6

certificate-authenticated enterprise users, 18-3

changing passwords, 18-7, 18-11

disabling SSL connection, 18-10

downloading wallet, 18-6

logging out, 18-10

opening local wallet, 18-3

password-authenticated users, 18-11

starting, 18-2

uploading wallet, 18-10

Oracle Enterprise Manager, 19-2, 19-4

Oracle Enterprise Security

initial configuration, 15-31

Oracle Enterprise Security Manager (ESM), 15-20, 19-1

administering enterprise domains, 19-35

browsing for users, 19-16

command line syntax, 19-5

concepts, 15-2

configuring, 19-3

creating a certificate authority, 19-14

creating security domains, E-28

database access, 19-19

database administrators, 19-32

database domain membership, 19-37

database schema mappings, 19-32

database security, 19-31

database security options, 19-39

defining a directory base, 19-9

defining enterprise user password, 19-11

defining role, 19-13

domain database schema mappings, 19-40

enterprise domain administrators, 19-39

enterprise role grantees, 19-46

enterprise roles, 19-42

esm -genca tool, 19-14, 19-23

global role membership, 19-44

installing, 19-3

introduction, 19-2

Oracle Context, 19-20, 19-26

Oracle Context Administrators, 19-26

password accessible domains, 19-30

RDBMS_SERVER_DN parameter, 19-24

spfile.ora, 19-24

starting, 19-4

user search bases, 19-24

userpkcs12 attribute, 19-15

using, E-18

Oracle Java SSL

cipher suite, F-4

features, F-3

Oracle Net, 15-37

Oracle Net Configuration Assistant

automatically discovering directory server information, E-11

configuring Oracle software with a directory server, E-5, E-9

creating the Oracle schema, E-12

Oracle Net directory naming

connecting to a database through a directory server, E-19

creation requirements, E-15

testing connectivity from client computers, E-20

testing connectivity with Microsoft tools, E-20

Oracle parameters

authentication, 9-7

Oracle Password Protocol, 3-4

Oracle schema

creating with Oracle Net Configuration Assistant, E-12

Oracle service names, 10-4

loading into CDS, 12-17

Oracle Wallet Manager, 8-2, 15-28, 15-42, 15-46

key management, F-5

Oracle Wallet manager, 15-42

ORACLE_BASE

explained, xxxv

ORACLE_HOME

explained, xxxv

OracleDBCreator security group

defined, E-23

OracleDBCreators group, 15-11

OracleDBSecurity group, 15-11

OracleDBSecurityAdmin security group

defined, E-23

OracleDefaultDomain

directory server security domain, E-28

OracleNetAdmins security group

defined, E-23

ORCL_GLOBAL_USR_MIGRATION_DATA interface table, 16-4

access to, 16-5

ATTENTION_DESCRIPTION column, 16-6

CASCADE_FLAG column, 16-6, 16-7

DBPASSWORD column, 16-6

DBPASSWORD_EXIST_FLAG column, 16-6, 16-7

DIRPASSWORD column, 16-6

MAPPING_LEVEL column, 16-6, 16-7

MAPPING_TYPE column, 16-6, 16-7

NEEDS_ATTENTION_FLAG column, 16-6

OLD_SCHEMA_TYPE column, 16-6

PASSWORD_VERIFIER column, 16-6

PHASE_COMPLETED column, 16-6, 16-7

SHARED_SCHEMA column, 16-6, 16-7

USERDN column, 16-6, 16-7

USERDN_EXIST_FLAG column, 16-6, 16-7

USERNAME column, 16-6

OS_AUTHENT_PREFIX parameter, 9-8

CyberSafe authentication, 5-8

OS_ROLES parameter

setting, 12-7

OSS.SOURCE.MY_WALLET parameter, 7-19, 7-27

P

parameters

authentication

CyberSafe, B-2

Kerberos, B-3

RADIUS, B-4

Secure Sockets Layer (SSL), B-10

configuration for JDBC, 3-5

encryption and checksumming, 2-11

password accessible domains, 19-30

password hints, 18-9

password reminders, 18-9

PASSWORD_VERIFIER column, 16-6

password-authenticated enterprise users, 18-2, 18-11

changing passwords, 18-11

PHASE_COMPLETED column, 16-6, 16-7

PKI. See public key infrastructure

privileges, 15-47

protocol.ora file

DCE.AUTHENTICATION parameter, 12-11

DCE.LOCAL_CELL_USERNAMES parameter, 12-11

DCE.PROTECTION parameter, 12-11

DCE.TNS_ADDRESS_OID parameter, 12-11

parameter for CDS, 12-12

public key infrastructure (PKI), 1-11, 8-2, 18-2

public/private key pair, 8-2

R

RADIUS, 1-11

accounting, 4-22

asynchronous authentication mode, 4-6

authentication modes, 4-4

authentication parameters, B-4

challenge-response

authentication, 4-6, C-1, D-1

user interface, C-1, C-2, C-3, D-1

configuring, 4-10

location of secret key, 4-16

smartcards and, 1-11, 4-8, 4-17, C-2

sqlnet.ora file sample, A-3

synchronous authentication mode, 4-4

system requirements, 1-18

RC4 encryption algorithm, 1-6, 2-3

RDBMS_SERVER_DN parameter, 19-24

realm (CyberSafe), 5-3

realm (Kerberos), 6-3

reminders, 18-9

REMOTE_OS_AUTHENT parameter

CyberSafe authentication, 5-8

requirements

for creating enterprise user security in Active Directory, E-15

for creating Oracle Net directory naming in Active Directory, E-15

for using Oracle with Active Directory, E-19

restrictions, 1-19

revocation, 8-3

role grantees, 19-46

roles, 15-47, 19-13, 19-42, 19-44, 19-46

managing with RADIUS server, 4-24

roles, external, mapping to DCE groups, 12-7

RSA Security, Inc. (RSA), 1-6

S

schema mappings, 19-32, 19-40

secret key

location in RADIUS, 4-16

Secure Sockets Layer (SSL), 1-11, 7-1, 8-1, 8-2, 15-37, 18-1, 18-4, 18-10

architecture, 7-9

authentication parameters, B-10

authentication process in an Oracle environment, 7-6

authorization, 7-13

certificate, 7-4

certificate authority, 7-4

cipher suites, B-11

client authentication parameter, B-13

client configuration, 7-14

combining with other authentication methods, 7-8

components in an Oracle environment, 7-4

configuring, 7-14

configuring on the client, 8-10

disabling connection, 18-10

enabling, 7-14, 8-8

handshake, 7-6

industry standard protocol, 7-2

privileges, 7-13

requiring client authentication, 7-32

roles, 7-13

server configuration, 7-26

shared schemas, 15-22

sqlnet.ora file sample, A-2

system requirements, 1-18

version parameter, B-12

wallet, 7-4

wallet location, parameter, B-16

SecurID, 4-5

token cards, 4-5

security

between clients and servers, 7-7

Internet, 1-2

Intranet, 1-2

threats, 1-2

data tampering, 1-3

dictionary attacks, 1-3

eavesdropping, 1-2

falsifying identities, 1-3

password-related, 1-3

security groups

accessing, E-24

security implications

hints, 18-9

reminders, 18-9

security options, 19-39

session privilege, 15-47

shared schemas, 15-20, 15-47

SSL, 15-22

SHARED_SCHEMA column, 16-6, 16-7

single sign-on (SSO), 1-11, 8-3, 13-3, 18-2

smartcards, 1-12

and RADIUS, 1-11, 4-8, 4-17, C-2

spfile.ora, 15-34, 15-35, 15-36, 15-68, 15-70, 19-24

SQL*Plus

connecting to a database through Active Directory, E-7

SQLNET.AUTHENTICATION_GSSAPI_SERVICE parameter, 5-7, B-2

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8

SQLNET.AUTHENTICATION_SERVICES parameter, 4-12, 5-7, 6-8, 7-25, 7-34, 9-4, 9-5, B-2

SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 2-15, A-6

SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 2-15, A-6

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 2-15, A-9

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 2-15, A-9

SQLNET.CRYPTO_SEED parameter, 2-13, A-10

SQLNET.ENCRYPTION_CLIENT parameter, 2-13, A-5

SQLNET.ENCRYPTION_SERVER parameter, 2-13, A-5

SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 2-13, A-8

SQLNET.ENCRYPTION_TYPES_SERVER parameter, 2-13, A-7

SQLNET.FIPS_140 parameter, D-3

SQLNET.KERBEROS5_CC_NAME parameter, 6-9

SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9

SQLNET.KERBEROS5_CONF parameter, 6-9

SQLNET.KERBEROS5_CONF_MIT parameter, 6-9

SQLNET.KERBEROS5_KEYTAB parameter, 6-10

SQLNET.KERBEROS5_REALMS parameter, 6-10

sqlnet.ora file, 15-39

Common sample, A-3

CyberSafe sample, A-3

FIPS 140-1 parameters, D-2

Kerberos sample, A-3

modifying so CDS can resolve names, 12-17

NAMES.DIRECTORY_PATH parameter, 12-17

Oracle Advanced Security checksum sample, A-2

Oracle Advanced Security encryption sample, A-2

OSS.SOURCE.MY_WALLET parameter, 7-19, 7-27

parameters for clients and servers using CyberSafe, B-2

parameters for clients and servers using Kerberos, B-3

parameters for clients and servers using RADIUS, B-4

parameters for clients and servers using SSL, B-10

RADIUS sample, A-3

sample, A-2

SQLNET.AUTHENTICATION_GSAPPI_SERVICE parameter, B-2

SQLNET.AUTHENTICATION_GSSAPI_SERVICE parameter, 5-7

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 6-8

SQLNET.AUTHENTICATION_SERVICES parameter, 5-7, 6-8, 7-25, 7-34, 9-4, 9-5, B-2

SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 2-15, A-6

SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 2-15, A-6

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 2-15, A-9

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 2-15, A-9

SQLNET.CRYPTO_SEED parameter, 2-13, A-10

SQLNET.ENCRYPTION_CLIENT parameter, A-5

SQLNET.ENCRYPTION_SERVER parameter, 2-13, A-5

SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 2-13, A-8

SQLNET.ENCRYPTION_TYPES_SERVER parameter, 2-13, A-7

SQLNET.FIPS_140 parameter, D-3

SQLNET.KERBEROS5_CC_NAME parameter, 6-9

SQLNET.KERBEROS5_CLOCKSKEW parameter, 6-9

SQLNET.KERBEROS5_CONF parameter, 6-9

SQLNET.KERBEROS5_CONF_MIT parameter, 6-9

SQLNET.KERBEROS5_KEYTAB parameter, 6-10

SQLNET.KERBEROS5_REALMS parameter, 6-10

SSL sample, A-2

SSL_CLIENT_AUTHENTICATION parameter, 7-33

SSL_CLIENT_AUTHETNICATION parameter, 7-19

SSL_VERSION parameter, 7-24, 7-31

Trace File Set Up sample, A-2

SQLNET.RADIUS_ALTERNATE parameter, 4-19

SQLNET.RADIUS_ALTERNATE_PORT parameter, 4-19

SQLNET.RADIUS_ALTERNATE_RETRIES parameter, 4-19

SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter, 4-19

SQLNET.RADIUS_SEND_ACCOUNTING parameter, 4-22

SSL. See Secure Sockets Layer (SSL)

SSL_CLIENT_AUTHENTICATION parameter, 7-19, 7-33

SSL_VERSION parameter, 7-24, 7-31

SSO. See single sign-on (SSO)

synchronous authentication mode, RADIUS, 4-4

SYS schema, 16-4

system requirements, 1-18

CyberSafe, 1-18

DCE integration, 10-2

Kerberos, 1-18

RADIUS, 1-18

SSL, 1-18

T

thin JDBC support, 3-1

tnsnames.ora file, 15-40

loading into CDS using tnnfg, 12-17

modifying to load connect descriptors into CDS, 12-15

renaming, 12-17

token cards, 1-13

trace file

set up sample for sqlnet.ora file, A-2

tracing, 15-71

Triple-DES encryption algorithm, 1-6

troubleshooting, 5-11, 6-22, 8-17, 15-65

trust points, 8-2

U

user migration utility

access to interface table, 16-5

accessing help, 16-14

ATTENTION_DESCRIPTION column, 16-6

CASCADE parameter, 16-8

CASCADE_FLAG column, 16-6, 16-7

certificate authenticated users, 16-9

database password verifier, 16-3

DBPASSWORD column, 16-6

DBPASSWORD_EXIST_FLAG column, 16-6, 16-7

directory location of utility, 16-10

DIRPASSWORD column, 16-6

example

parameter text file (par.txt), 16-30

users list text file (usrs.txt), 16-31

using CASCADE=NO, 16-25

using CASCADE=YES, 16-27

using MAPSCHEMA=PRIVATE, 16-24

using MAPSCHEMA=SHARED, 16-25

using MAPTYPE options, 16-28

using PARFILE, USERSFILE, and LOGFILE parameters, 16-31

LOGFILE precedence, 16-31

MAPPING_LEVEL column, 16-6, 16-7

MAPPING_TYPE column, 16-6, 16-7

MAPSCHEMA parameter

PRIVATE, 16-19

SHARED, 16-19

MAPTYPE parameter

DB mapping type, 16-20

DOMAIN mapping type, 16-20

ENTRY mapping level, 16-20

SUBTREE mapping level, 16-20, 16-29

NEEDS_ATTENTION_FLAG column, 16-6

OLD_SCHEMA_TYPE column, 16-6

ORCL_GLOBAL_USR_MIGRATION_DATA interface table, 16-4

password authenticated users, 16-9

PASSWORD_VERIFIER column, 16-6

PHASE_COMPLETED column, 16-6, 16-7

retrieving dropped schema objects, 16-27

shared schema mapping, 16-8

SHARED_SCHEMA column, 16-6, 16-7

SSL authentication for current release, 16-9

SYS schema, 16-4

USER parameter

ALL_EXTERNAL, 16-17

ALL_GLOBAL, 16-17

LIST, 16-17

USERSFILE, 16-17

USERDN column, 16-6, 16-7

USERDN_EXIST_FLAG column, 16-6, 16-7

USERNAME column, 16-6

X.509 v3 certificates, 16-9

user search bases, 15-58, 19-24

USERDN column, 16-6, 16-7

USERDN_EXIST_FLAG column, 16-6, 16-7

UserID attribute, 15-59

USERNAME column, 16-6

userpkcs12 attribute, 19-15

V

viewing mapping in CDS namespace, for listener endpoint, 13-2

W

wallet, 7-5

changing password, 18-7

downloading, 18-6

opening on local system, 18-3

uploading, 18-10

wallets

changing a password, 17-17

closing, 17-13

creating, 17-11

deleting, 17-17

managing, 17-11

managing certificates, 17-19

managing trusted certificates, 17-24

opening, 17-13

saving, 17-16

setting location, 7-18, 7-27

Windows 2000 domains

required domains for Oracle clients and server to use directory server features, E-12

Windows Explorer

accessing directory server objects, E-20

integration with Oracle objects in Active Directory, E-6

Windows native authentication

benefits, E-17

installation of, E-17

methods and use of, E-17

overview, E-17

X

X.500 naming convention, E-19

X.509 PKI certificate standard, 8-3