User Guide
Enterprise User Security Deployment Considerations
11-28 Oracle Database Advanced Security Administrator's Guide
Considerations for Choosing Authentication Types between Clients, Databases, and
Directories for Enterprise User Security
Enterprise User Security supports the authentication types listed in Table 11–3 for
connections between clients, databases, and directories.
However, some combinations of authentication types for connections make more
sense than others. For example, it is unusual to require a high level of security for
client-to-database connections by using SSL for all user connections, but then
configuring the database to authenticate to the directory by using passwords.
Although this configuration is supported, it does not provide consistent security for
connections. Ideally, the database-directory connection should be at least as secure
as that between users and databases.
Typical Configurations
The following combinations of authentication types between clients, databases, and
directories are typical:
■ Password authentication for all connections with no need for current user
database links
■ SSL authentication for all connections
■ Kerberos authentication for client-to-database connections, and password
authentication for database-to-directory connections
Table 11–3 Enterprise User Security: Supported Authentication Types for
Connections between Clients, Databases, and Directories
Connection Supported Authentication Types
Clients-to-Databases Passwords, SSL, and Kerberos
Databases-to-Databases
(Current User Database Links)
SSL only
Databases-to-Directories SSL and Passwords










