Authentication

The database driver maps LN users to Oracle user accounts to allow these users to establish a connection to Oracle and access data. To prevent unauthorized users from accessing the database, non-mapped users cannot establish a connection to the database.

If you create a database, an administrator creates a login for the user and associates the user with a group in the database that has object privileges. The group user corresponds to the target database. The members that belong to this group inherit the group privileges and can establish a connection to the database either by unified login or by a valid password stored in encrypted form in the driver administration files.

To add or drop DBA from the Oracle role, use the LN Database Administration (DBA) module. Users authorized to access the database are registered in the LN driver administration files. The user name and password LN uses to log onto Oracle on behalf of the user are maintained in the Windows file %BSE%\lib\ora\ora_users or the UNIX file $BSE/lib/ora/ora_users.

You define all the LN users, their corresponding Oracle logon names and passwords, and the name of the group to which the names and passwords are assigned in the Windows file %BSE%\lib\ora\ora_users or the UNIX file $BSE/lib/ora/ora_users. The format of each entry in this file is as follows: 

<LN User>:<Oracle User>:<Encrypted Oracle User Password>:<LN Group Name>

The LN application virtual machine starts the LN Oracle driver on behalf of the user. From the Windows file %BSE%\lib\ora\ora_users or the UNIX file $BSE/lib/ora/ora_users, the driver identifies the Oracle user and the user’s password and establishes the connection to Oracle.

The group logon procedure also includes a password, which is defined in the Windows file %BSE%\lib\ora\ora_groups or the UNIX file $BSE/lib/ora/ora_groups. The format is as follows: 

<Group Name>:<Encrypted Group Password>

Oracle can also use the operating system authentication to permit users to connect to the Oracle database. To enable this, you can create automatic logons (ops$ accounts). After the user logs onto the operating system, the user can connect to Oracle without supplying the user name and password. This facility is also available for the Oracle driver. You can configure the ops$ prefix with the OS_AUTHENT_PREFIX resource; this resource must be equal to the value of the OS_AUTHENT_PREFIX in the init<SID>.ora parameter file. The value defaults to ops$. The OS_AUTHENT_PREFIX resource is described in Database Driver Resources and Environment Variable.