Oracle Database B10772 01 Users Manual Advanced Security Administrator’s Guide

2015-02-05

• Contents
• List of Figures
• List of Tables
• Send Us Your Comments
• Preface
  • Audience
  • Organization
  • Related Documentation
  • Conventions
  • Documentation Accessibility
• What's New in Oracle Advanced Security?
  • Oracle Database 10g Release 1 (10.1) New Features in Oracle Advanced Security
  • Oracle9i Release 2 (9.2) New Features in Oracle Advanced Security
• Part I Getting Started with Oracle Advanced Security
  • 1 Introduction to Oracle Advanced Security
    • Security Challenges in an Enterprise Environment
      • Security in Enterprise Grid Computing Environments
      • Security in an Intranet or Internet Environment
      • Common Security Threats
        • Eavesdropping and Data Theft
        • Data Tampering
        • Falsifying User Identities
        • Password-Related Threats
    • Solving Security Challenges with Oracle Advanced Security
      • Data Encryption
        • Supported Encryption Algorithms
          • RC4 Encryption
          • DES Encryption
          • Triple-DES Encryption
          • Advanced Encryption Standard
        • Data Integrity
        • Federal Information Processing Standard
      • Strong Authentication
        • Centralized Authentication and Single Sign-On
          • How Centralized Network Authentication Works
        • Supported Authentication Methods
          • Kerberos
          • RADIUS (Remote Authentication Dial-In User Service)
          • DCE (Distributed Computing Environment)
          • Secure Sockets Layer
          • Entrust/PKI
      • Enterprise User Management
    • Oracle Advanced Security Architecture
    • Secure Data Transfer Across Network Protocol Boundaries
    • System Requirements
    • Oracle Advanced Security Restrictions
  • 2 Configuration and Administration Tools Overview
    • Network Encryption and Strong Authentication Configuration Tools
      • Oracle Net Manager
        • Starting Oracle Net Manager
        • Navigating to the Oracle Advanced Security Profile
        • Oracle Advanced Security Profile Property Sheets
          • Authentication Property Sheet
          • Other Params Property Sheet
          • Integrity Property Sheet
          • Encryption Property Sheet
          • SSL Property Sheet
      • Oracle Advanced Security Kerberos Adapter Command-Line Utilities
    • Public Key Infrastructure Credentials Management Tools
      • Oracle Wallet Manager
        • Starting Oracle Wallet Manager
        • Navigating the Oracle Wallet Manager User Interface
          • Navigator Pane
          • Right Pane
        • Toolbar
        • Menus
          • Wallet Menu
          • Operations Menu
          • Help Menu
      • orapki Utility
    • Enterprise User Security Configuration and Management Tools
      • Database Configuration Assistant
        • Starting Database Configuration Assistant
      • Enterprise Security Manager and Enterprise Security Manager Console
        • Enterprise Security Manager Initial Installation and Configuration Overview
          • Task 1: Install Enterprise Security Manager
          • Task 2: Configure an Oracle Identity Management Infrastructure
        • Starting Enterprise Security Manager
        • Navigating the Enterprise Security Manager User Interface
          • Navigator Pane
          • Right Pane
          • Tool Bar
          • Menus
          • File Menu
          • Operations Menu
          • Help Menu
        • Enterprise Security Manager Console Overview
        • Logging in to Enterprise Security Manager Console
          • Configuring Enterprise Security Manager Console for Kerberos-Authenticated Enterprise Users
        • Navigating Enterprise Security Manager Console User Interface
          • Home Tabbed Window
          • Users and Groups Tabbed Window
          • Realm Configuration Tabbed Window
        • Enterprise Security Manager Command-Line Utility
          • Accessing Enterprise Security Manager Command-Line Utility Help
      • Oracle Net Configuration Assistant
        • Starting Oracle Net Configuration Assistant
      • User Migration Utility
    • Duties of a Security Administrator/DBA
    • Duties of an Enterprise User Security Administrator/DBA
• Part II Network Data Encryption and Integrity
  • 3 Configuring Network Data Encryption and Integrity for Oracle Servers and Clients
    • Oracle Advanced Security Encryption
      • About Encryption
      • Advanced Encryption Standard
      • DES Algorithm Support
      • Triple-DES Support
        • DES40 Algorithm
      • RSA RC4 Algorithm for High Speed Encryption
    • Oracle Advanced Security Data Integrity
      • Data Integrity Algorithms Supported
    • Diffie-Hellman Based Key Management
      • Authentication Key Fold-in
    • How To Configure Data Encryption and Integrity
      • About Activating Encryption and Integrity
      • About Negotiating Encryption and Integrity
        • REJECTED
        • ACCEPTED
        • REQUESTED
        • REQUIRED
      • Setting the Encryption Seed (Optional)
      • Configuring Encryption and Integrity Parameters Using Oracle Net Manager
        • Configuring Encryption on the Client and the Server
        • Configuring Integrity on the Client and the Server
  • 4 Configuring Network Data Encryption and Integrity for Thin JDBC Clients
    • About the Java Implementation
      • Java Database Connectivity Support
      • Securing Thin JDBC
      • Implementation Overview
      • Obfuscation
    • Configuration Parameters
      • Client Encryption Level: ORACLE.NET.ENCRYPTION_CLIENT
      • Client Encryption Selected List: ORACLE.NET.ENCRYPTION_TYPES_CLIENT
      • Client Integrity Level: ORACLE.NET.CRYPTO_CHECKSUM_CLIENT
      • Client Integrity Selected List: ORACLE.NET.CRYPTO_CHEKSUM_TYPES_CLIENT
• Part III Oracle Advanced Security Strong Authentication
  • 5 Configuring RADIUS Authentication
    • RADIUS Overview
    • RADIUS Authentication Modes
      • Synchronous Authentication Mode
      • Challenge-Response (Asynchronous) Authentication Mode
    • Enabling RADIUS Authentication, Authorization, and Accounting
      • Task 1: Install RADIUS on the Oracle Database Server and on the Oracle Client
      • Task 2: Configure RADIUS Authentication
        • Step 1: Configure RADIUS on the Oracle Client
        • Step 2: Configure RADIUS on the Oracle Database Server
        • Step 3: Configure Additional RADIUS Features
      • Task 3: Create a User and Grant Access
      • Task 4: Configure External RADIUS Authorization (optional)
      • Task 5: Configure RADIUS Accounting
        • Set RADIUS Accounting on the Oracle Database Server
        • Configure the RADIUS Accounting Server
      • Task 6: Add the RADIUS Client Name to the RADIUS Server Database
      • Task 7: Configure the Authentication Server for Use with RADIUS
      • Task 8: Configure the RADIUS Server for Use with the Authentication Server
      • Task 9: Configure Mapping Roles
    • Using RADIUS to Log In to a Database
    • RSA ACE/Server Configuration Checklist
  • 6 Configuring Kerberos Authentication
    • Enabling Kerberos Authentication
      • Task 1: Install Kerberos
      • Task 2: Configure a Service Principal for an Oracle Database Server
      • Task 3: Extract a Service Table from Kerberos
      • Task 4: Install an Oracle Database Server and an Oracle Client
      • Task 5: Install Oracle Net Services and Oracle Advanced Security
      • Task 6: Configure Oracle Net Services and Oracle Database
      • Task 7: Configure Kerberos Authentication
        • Step 1: Configure Kerberos on the Client and on the Database Server
        • Step 2: Set the Initialization Parameters
        • Step 3: Set sqlnet.ora Parameters (optional)
      • Task 8: Create a Kerberos User
      • Task 9: Create an Externally Authenticated Oracle User
      • Task 10: Get an Initial Ticket for the Kerberos/Oracle User
    • Utilities for the Kerberos Authentication Adapter
      • Obtaining the Initial Ticket with the okinit Utility
      • Displaying Credentials with the oklist Utility
      • Removing Credentials from the Cache File with the okdstry Utility
      • Connecting to an Oracle Database Server Authenticated by Kerberos
    • Configuring Interoperability with a Windows 2000 Domain Controller KDC
      • Task 1: Configuring an Oracle Kerberos Client to Interoperate with a Windows 2000 Domain Controll...
        • Step 1: Creating Client Kerberos Configuration Files to Use a Windows Domain Controller KDC
        • Step 2: Specifying Oracle Configuration Parameters in the sqlnet.ora File
        • Step 3: Specifying the Listening Port Number
      • Task 2: Configuring a Windows 2000 Domain Controller KDC to Interoperate with an Oracle Client
        • Step 1: Creating the User
        • Step 2: Creating the Oracle Database Principal
      • Task 3: Configuring an Oracle Database to Interoperate with a Windows 2000 Domain Controller KDC
        • Step 1: Setting Configuration Parameters in the sqlnet.ora File
        • Step 2: Creating an Externally Authenticated Oracle User
      • Task 4: Getting an Initial Ticket for the Kerberos/Oracle User
    • Troubleshooting
  • 7 Configuring Secure Sockets Layer Authentication
    • SSL and TLS in an Oracle Environment
      • Difference between SSL and TLS
      • About Using SSL
      • How SSL Works in an Oracle Environment: The SSL Handshake
    • Public Key Infrastructure in an Oracle Environment
      • About Public Key Cryptography
      • Public Key Infrastructure Components in an Oracle Environment
        • Certificate Authority
        • Certificates
        • Certificate Revocation Lists
        • Wallets
        • Hardware security modules
    • SSL Combined with Other Authentication Methods
      • Architecture: Oracle Advanced Security and SSL
      • How SSL Works with Other Authentication Methods
    • SSL and Firewalls
    • SSL Usage Issues
    • Enabling SSL
      • Task 1: Install Oracle Advanced Security and Related Products
      • Task 2: Configure SSL on the Server
        • Step 1: Confirm Wallet Creation on the Server
        • Step 2: Specify the Database Wallet Location on the Server
        • Step 3: Set the SSL Cipher Suites on the Server (Optional)
        • Step 4: Set the Required SSL Version on the Server (Optional)
        • Step 5: Set SSL Client Authentication on the Server (Optional)
        • Step 6: Set SSL as an Authentication Service on the Server (Optional)
        • Step 7: Create Listening Endpoint that Uses TCP/IP with SSL on the Server
      • Task 3: Configure SSL on the Client
        • Step 1: Confirm Client Wallet Creation
        • Step 2: Configure Oracle Net Service Name to Include Server DNs and Use TCP/IP with SSL on the Cl...
        • Step 3: Specify Required Client SSL Configuration (Wallet Location)
        • Step 4: Set the Client SSL Cipher Suites (Optional)
        • Step 5: Set the Required SSL Version on the Client (Optional)
        • Step 6: Set SSL as an Authentication Service on the Client (Optional)
      • Task 4: Log on to the Database
    • Troubleshooting SSL
    • Certificate Validation with Certificate Revocation Lists
      • What CRLs Should You Use?
      • How CRL Checking Works
      • Configuring Certificate Validation with Certificate Revocation Lists
      • Certificate Revocation List Management
        • Displaying orapki Help
        • Renaming CRLs with a Hash Value for Certificate Validation
        • Uploading CRLs to Oracle Internet Directory
        • Listing CRLs Stored in Oracle Internet Directory
        • Viewing CRLs in Oracle Internet Directory
        • Deleting CRLs from Oracle Internet Directory
      • Troubleshooting Certificate Validation
        • Oracle Net Tracing File Error Messages Associated with Certificate Validation
    • Configuring Your System to Use Hardware Security Modules
      • General Guidelines for Using Hardware Security Modules with Oracle Advanced Security
      • Configuring Your System to Use nCipher Hardware Security Modules
        • Oracle Components Required To Use an nCipher Hardware Security Module
        • About Installing an nCipher Hardware Security Module
      • Troubleshooting Using Hardware Security Modules
        • Error Messages Associated with Using Hardware Security Modules
  • 8 Using Oracle Wallet Manager
    • Oracle Wallet Manager Overview
      • Wallet Password Management
      • Strong Wallet Encryption
      • Microsoft Windows Registry Wallet Storage
        • Options Supported:
      • Backward Compatibility
      • Public-Key Cryptography Standards (PKCS) Support
      • Multiple Certificate Support
      • LDAP Directory Support
    • Starting Oracle Wallet Manager
    • How To Create a Complete Wallet: Process Overview
    • Managing Wallets
      • Required Guidelines for Creating Wallet Passwords
      • Creating a New Wallet
        • Creating a Standard Wallet
        • Creating a Wallet to Store Hardware Security Module Credentials
      • Opening an Existing Wallet
      • Closing a Wallet
      • Importing Third-Party Wallets
      • Exporting Oracle Wallets to Third-Party Environments
      • Exporting Oracle Wallets to Tools that Do Not Support PKCS #12
      • Uploading a Wallet to an LDAP Directory
      • Downloading a Wallet from an LDAP Directory
      • Saving Changes
      • Saving the Open Wallet to a New Location
      • Saving in System Default
      • Deleting the Wallet
      • Changing the Password
      • Using Auto Login
        • Enabling Auto Login
        • Disabling Auto Login
    • Managing Certificates
      • Managing User Certificates
        • Adding a Certificate Request
        • Importing the User Certificate into the Wallet
        • Removing a User Certificate from a Wallet
        • Removing a Certificate Request
        • Exporting a User Certificate
        • Exporting a User Certificate Request
      • Managing Trusted Certificates
        • Importing a Trusted Certificate
        • Removing a Trusted Certificate
        • Exporting a Trusted Certificate
        • Exporting All Trusted Certificates
  • 9 Configuring Multiple Authentication Methods and Disabling Oracle Advanced Security
    • Connecting with User Name and Password
    • Disabling Oracle Advanced Security Authentication
    • Configuring Multiple Authentication Methods
    • Configuring Oracle Database for External Authentication
      • Setting the SQLNET.AUTHENTICATION_SERVICES Parameter in sqlnet.ora
      • Verifying that REMOTE_OS_AUTHENT Is Not Set to TRUE
      • Setting OS_AUTHENT_PREFIX to a Null Value
  • 10 Configuring Oracle DCE Integration
    • Introduction to Oracle DCE Integration
      • System Requirements
      • Backward Compatibility
      • Components of Oracle DCE Integration
        • DCE Communication/Security
          • Authenticated RPC
          • Integrated Security and Single Sign-On
          • Data Privacy and Integrity
        • DCE Cell Directory Services Native Naming
      • Flexible DCE Deployment
      • Release Limitations
    • Configuring DCE for Oracle DCE Integration
      • Task 1: Create New Principals and Accounts
      • Task 2: Install the Key of the Server into a Keytab File
      • Task 3: Configure DCE CDS for Use by Oracle DCE Integration
    • Configuring Oracle Database and Oracle Net Services for Oracle DCE Integration
      • DCE Address Parameters
      • Task 1: Configure the Server
      • Task 2: Create and Name Externally Authenticated Accounts
      • Task 3: Set up DCE Integration External Roles
      • Task 4: Configure DCE for SYSDBA and SYSOPER Connections to Oracle Databases
      • Task 5: Configure the Client
        • Parameters in protocol.ora
        • DCE.AUTHENTICATION
        • DCE.PROTECTION
        • DCE.TNS_ADDRESS_OID
        • DCE.LOCAL_CELL_USERNAMES
      • Task 6: Configure Clients to Use DCE CDS Naming
        • Step 1: Enable CDS for use in Performing Name Lookup
        • Step 2: Modify the CDS Attributes File and Restart the CDS
        • Step 3: Create a tnsnames.ora File for Loading Oracle Connect Descriptors into CDS
        • Step 4: Load Oracle Connect Descriptors into CDS
        • Step 5: Delete or Rename the tnsnames.ora File
        • Step 6: Modify the sqlnet.ora File to Resolve Names in CDS
    • Connecting to an Oracle Database Server in the DCE Environment
      • Starting the Listener
      • Connecting to an Oracle Database by Using DCE Authentication for Single Sign-On
      • Connecting to an Oracle Database by Using Password Authentication
    • Connecting Clients Outside DCE to Oracle Servers in DCE
      • Sample Parameter Files
        • The listener.ora File
        • The tnsnames.ora File
      • Using tnsnames.ora for Name Lookup When CDS Is Inaccessible
        • SQL*Net Release 2.2 and Earlier
        • SQL*Net Release 2.3 and Oracle Net Services
• Part IV Enterprise User Security
  • 11 Getting Started with Enterprise User Security
    • Introduction to Enterprise User Security
      • The Challenges of User Management
      • Enterprise User Security: The Big Picture
        • How Oracle Internet Directory Implements Identity Management
          • About Identity Management Realms
          • About Identity Management Realm-Specific Oracle Contexts
        • Enterprise Users Compared to Database Users
        • About Enterprise User Schemas
          • Exclusive-Schema Enterprise Users
          • Shared Schema Enterprise Users
        • How Enterprise Users Access Database Resources with Database Links
        • How Enterprise Users Are Authenticated
      • About Enterprise User Security Directory Entries
        • Enterprise Users
        • Enterprise Roles
        • Enterprise Domains
        • Database Server Entries
        • User-Schema Mappings
        • Administrative Groups
    • About Using Shared Schemas for Enterprise User Security
      • Overview of Shared Schemas Used in Enterprise User Security
      • How Shared Schemas Are Configured for Enterprise Users
      • How Enterprise Users Are Mapped to Schemas
    • About Using Current User Database Links for Enterprise User Security
    • Enterprise User Security Deployment Considerations
      • Security Aspects of Centralizing Security Credentials
        • Security Benefits Associated with Centralized Security Credential Management
        • Security Risks Associated with Centralized Security Credential Management
      • Security of Password-Authenticated Enterprise User Database Login Information
        • What is Meant by Trusted Databases
        • Protecting Database Password Verifiers
      • Considerations for Defining Database Membership in Enterprise Domains
      • Considerations for Choosing Authentication Types between Clients, Databases, and Directories for ...
        • Typical Configurations
  • 12 Enterprise User Security Configuration Tasks and Troubleshooting
    • Enterprise User Security Configuration Overview
    • Enterprise User Security Configuration Roadmap
    • Preparing the Directory for Enterprise User Security
      • About the Database Wallet and Password
    • Configuring Enterprise User Security Objects in the Database and the Directory
    • Configuring Enterprise User Security for Password Authentication
    • Configuring Enterprise User Security for Kerberos Authentication
    • Configuring Enterprise User Security for SSL Authentication
      • Viewing the Database DN in the Wallet and in the Directory
    • Enabling Current User Database Links
    • Troubleshooting Enterprise User Security
      • ORA-# Errors for Password-Authenticated Enterprise Users
      • ORA-# Errors for Kerberos-Authenticated Enterprise Users
      • ORA-# Errors for SSL-Authenticated Enterprise Users
      • NO-GLOBAL-ROLES Checklist
      • USER-SCHEMA ERROR Checklist
      • DOMAIN-READ-ERROR Checklist
  • 13 Administering Enterprise User Security
    • Enterprise User Security Administration Tools Overview
    • Administering Identity Management Realms
      • Identity Management Realm Versions
      • Setting Properties of an Identity Management Realm
      • Setting Login Name, Kerberos Principal Name, User Search Base, and Group Search Base Identity Man...
      • Setting the Default Database-to-Directory Authentication Type for an Identity Management Realm
      • Managing Identity Management Realm Administrators
    • Administering Enterprise Users
      • Creating New Enterprise Users
      • Setting Enterprise User Passwords
      • Defining an Initial Enterprise Role Assignment
      • Browsing Users in the Directory
    • Administering Enterprise Domains
      • Creating a New Enterprise Domain
      • Defining Database Membership of an Enterprise Domain
      • Managing Database Security Options for an Enterprise Domain
      • Managing Enterprise Domain Administrators
      • Managing Enterprise Domain Database Schema Mappings
      • Managing Password Accessible Domains
      • Managing Database Administrators
    • Administering Enterprise Roles
      • Creating a New Enterprise Role
      • Assigning Database Global Role Membership to an Enterprise Role
      • Granting Enterprise Roles to Users
• Part V Appendixes
  • A Data Encryption and Integrity Parameters
    • Sample sqlnet.ora File
    • Data Encryption and Integrity Parameters
      • Encryption and Integrity Parameters
        • SQLNET.ENCRYPTION_SERVER
        • SQLNET.ENCRYPTION_CLIENT
        • SQLNET.CRYPTO_CHECKSUM_SERVER
        • SQLNET.CRYPTO_CHECKSUM_CLIENT
        • SQLNET.ENCRYPTION_TYPES_SERVER
        • SQLNET.ENCRYPTION_TYPES_CLIENT
        • SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER
        • SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT
      • Seeding the Random Key Generator (Optional)
  • B Authentication Parameters
    • Parameters for Clients and Servers using Kerberos Authentication
    • Parameters for Clients and Servers using RADIUS Authentication
      • sqlnet.ora File Parameters
        • SQLNET.AUTHENTICATION_SERVICES
        • SQLNET.RADIUS_AUTHENTICATION
        • SQLNET.RADIUS_AUTHENTICATION_PORT
        • SQLNET.RADIUS_AUTHENTICATION_TIMEOUT
        • SQLNET.RADIUS_AUTHENTICATION_RETRIES
        • SQLNET.RADIUS_SEND_ACCOUNTING
        • SQLNET.RADIUS_SECRET
        • SQLNET.RADIUS_ALTERNATE
        • SQLNET.RADIUS_ALTERNATE_PORT
        • SQLNET.RADIUS_ALTERNATE_TIMEOUT
        • SQLNET.RADIUS_ALTERNATE_RETRIES
        • SQLNET.RADIUS_CHALLENGE_RESPONSE
        • SQLNET.RADIUS_CHALLENGE_KEYWORD
        • SQLNET.RADIUS_AUTHENTICATION_INTERFACE
        • SQLNET.RADIUS_CLASSPATH
      • Minimum RADIUS Parameters
      • Initialization File Parameters
    • Parameters for Clients and Servers using SSL
      • SSL Authentication Parameters
      • Cipher Suite Parameters
        • Supported SSL Cipher Suites
      • SSL Version Parameters
      • SSLClient Authentication Parameters
        • SSL X.509 Server Match Parameters
          • SSL_SERVER_DN_MATCH
          • SSL_SERVER_CERT_DN
      • Wallet Location
  • C Integrating Authentication Devices Using RADIUS
    • About the RADIUS Challenge-Response User Interface
    • Customizing the RADIUS Challenge-Response User Interface
  • D Oracle Advanced Security FIPS 140-1 Settings
    • Configuration Parameters
      • Server Encryption Level Setting
      • Client Encryption Level Setting
      • Server Encryption Selection List
      • Client Encryption Selection List
      • Cryptographic Seed Value
      • FIPS Parameter
    • Post Installation Checks
    • Status Information
    • Physical Security
  • E orapki Utility
    • orapki Utility Overview
      • orapki Utility Syntax
    • Creating Signed Certificates for Testing Purposes
    • Managing Oracle Wallets with orapki Utility
      • Creating and Viewing Oracle Wallets with orapki
      • Adding Certificates and Certificate Requests to Oracle Wallets with orapki
      • Exporting Certificates and Certificate Requests from Oracle Wallets with orapki
    • Managing Certificate Revocation Lists (CRLs) with orapki Utility
    • orapki Utility Commands Summary
      • orapki cert create
        • Purpose
        • Syntax
      • orapki cert display
        • Purpose
        • Syntax
      • orapki crl delete
        • Purpose
        • Prerequisites
        • Syntax
      • orapki crl display
        • Purpose
        • Syntax
      • orapki crl hash
        • Purpose
        • Syntax
      • orapki crl list
        • Purpose
        • Syntax
      • orapki crl upload
        • Purpose
        • Syntax
      • orapki wallet add
        • Purpose
        • Syntax
      • orapki wallet create
        • Purpose
        • Syntax
      • orapki wallet display
        • Purpose
        • Syntax
      • orapki wallet export
        • Purpose
        • Syntax
  • F Entrust-Enabled SSL Authentication
    • Benefits of Entrust-Enabled Oracle Advanced Security
      • Enhanced X.509-Based Authentication and Single Sign-On
      • Integration with Entrust Authority Key Management
      • Integration with Entrust Authority Certificate Revocation
    • Required System Components for Entrust-Enabled Oracle Advanced Security
      • Entrust Authority for Oracle
        • Entrust Authority Security Manager
        • Entrust Authority Self-Administration Server
        • Entrust Entelligence Desktop Manager
      • Entrust Authority Server Login Feature
      • Entrust Authority IPSec Negotiator Toolkit
    • Entrust Authentication Process
    • Enabling Entrust Authentication
      • Creating Entrust Profiles
        • Administrator-Created Entrust Profiles
        • User-Created Entrust Profiles
      • Installing Oracle Advanced Security and Related Products for Entrust-Enabled SSL
      • Configuring SSL on the Client and Server for Entrust-Enabled SSL
      • Configuring Entrust on the Client
        • Configuring Entrust on a UNIX Client
        • Configuring Entrust on a Windows Client
      • Configuring Entrust on the Server
        • Configuring Entrust on a UNIX Server
        • Configuring Entrust on a Windows Server
      • Creating Entrust-Enabled Database Users
      • Logging Into the Database Using Entrust-Enabled SSL
    • Issues and Restrictions that Apply to Entrust-Enabled SSL
    • Troubleshooting Entrust In Oracle Advanced Security
      • Error Messages Returned When Running Entrust on Any Platform
      • Error Messages Returned When Running Entrust on Windows Platforms
      • General Checklist for Running Entrust on Any Platform
        • Checklist for Entrust Installations on Windows
  • G Using the User Migration Utility
    • Benefits of Migrating Local or External Users to Enterprise Users
    • Introduction to the User Migration Utility
      • Bulk User Migration Process Overview
        • Step 1: Phase One Preparing for the Migration
        • Step 2: Verify User Information
        • Step 3: Phase Two Completing the Migration
      • About the ORCL_GLOBAL_USR_MIGRATION_DATA Table
        • Which Interface Table Column Values Can Be Modified between Phase One and Phase Two?
      • Migration Effects on Users' Old Database Schemas
      • Migration Process
    • Prerequisites for Performing Migration
      • Required Database Privileges
      • Required Directory Privileges
      • Required Setup to Run the User Migration Utility
    • User Migration Utility Command Line Syntax
    • Accessing Help for the User Migration Utility
    • User Migration Utility Parameters
      • Keyword: HELP
      • Keyword: PHASE
      • Keyword: DBLOCATION
      • Keyword: DIRLOCATION
      • Keyword: DBADMIN
      • Keyword: ENTADMIN
      • Keyword: USERS
      • Keyword: USERSLIST
      • Keyword: USERSFILE
      • Keyword: MAPSCHEMA
      • Keyword: MAPTYPE
      • Keyword: CASCADE
      • Keyword: CONTEXT
      • Keyword: LOGFILE
      • Keyword: PARFILE
    • User Migration Utility Usage Examples
      • Migrating Users While Retaining Their Own Schemas
      • Migrating Users and Mapping to a Shared Schema
        • Mapping Users to a Shared Schema Using Different CASCADE Options
          • Mapping Users to a Shared Schema with CASCADE=NO
          • Mapping Users to a Shared Schema with CASCADE=YES
        • Mapping Users to a Shared Schema Using Different MAPTYPE Options
          • About Using the SUBTREE Mapping Level Option
      • Migrating Users Using the PARFILE, USERSFILE, and LOGFILE Parameters
    • Troubleshooting Using the User Migration Utility
      • Common User Migration Utility Error Messages
        • Resolving Error Messages Displayed for Both Phases
        • Resolving Error Messages Displayed for Phase One
        • Resolving Error Messages Displayed for Phase Two
      • Common User Migration Utility Log Messages
        • Common Log Messages for Phase One
        • Common Log Messages for Phase Two
      • Summary of User Migration Utility Error and Log Messages
• Glossary
• Index
  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H
  • I
  • J
  • K
  • L
  • M
  • N
  • O
  • P
  • R
  • S
  • T
  • U
  • V
  • W
  • X