User Guide
Enterprise User Security Configuration Overview
12-2 Oracle Database Advanced Security Administrator's Guide
Regardless of the authentication method you choose—password, SSL, or
Kerberos—you must still create the global database objects and configure the
identity management realm as described.
The primary difference between configuration for the various authentication types
lies with network connection configuration. You must consider the following three
connections:
■ Client-to-database
■ Database-to-directory
■ Database-to-database (current user database links can be secured by SSL only)
Enterprise User Security supports many combinations of authentication types
between databases, directories, and clients. The three most common
implementations of Enterprise User Security, which will be described in this
chapter, use the following authentication methods for client/database and
database/directory connections:
■ Passwords for both connections
■ SSL for both connections
■ Kerberosfor client/database connections and passwords for database/directory
connections
Primarily, your network environment—whether all clients, databases, and
directories reside within the same network behind a firewall, or are distributed
across several networks and perhaps exposed to the Internet—determines what
authentication type you choose for Enterprise User Security network connections.
Security and integrity of enterprise data depend on secure network connections.
Secondarily, the configuration complexity, additional software, and ongoing
maintenance required by more rigorous authentication types, such as SSL and
Kerberos, should also be considered when choosing which "flavor" of Enterprise
User Security to use.
Figure 12–1 shows the configuration process for Enterprise User Security. It is a
step-by-step process with decision points based on your implementation and how
your users are authenticated. Note that the steps which are represented with broken
lines are optional steps in the configuration process.










