B
Authentication Parameters

< !--/TOC=Title-->

This appendix illustrates some sample configuration files with the profile file (sqlnet.ora) and the database initialization file authentication parameters, when using Kerberos, RADIUS, or SSL authen tication.

This appendix contains the following topics:

Parameters for Clients and Servers using Kerberos Authentication

Following is a list of parameters to insert into the configuration files for clients and servers using Kerberos.

Table B-1 Kerberos Authentication Parameters

< tr class="Formal" align="left" valign="top">

File Name Configuration Parameters

File Name	Configuration Parameters
`sqlnet.ora`	< a name="634479">SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5) SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=oracle SQLNET.KERBEROS5_CC_NAME=/usr/tmp/DCE-CC SQLNET.KERBEROS5_CLOCKSKEW=1200 SQLNET.KERBEROS5_CONF=/krb5/krb.conf SQLNET.KERBEROS5_CONF_MIT=(FALSE) SQLNET.KERBEROS5_REALMS=/krb5/krb.realms SQLNET.KERBEROS5_KEYTAB=/krb5/v5srvtab
`initialization parameter fi le`	REMOTE_OS_AUTHENT=FALSE OS_AUTHENT_ PREFIX=""

sqlnet.ora

<
a name="634479">SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5)  
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=oracle
       
SQLNET.KERBEROS5_CC_NAME=/usr/tmp/DCE-CC      
SQLNET.KERBEROS5_CLOCKSKEW=1200
  
SQLNET.KERBEROS5_CONF=/krb5/krb.conf  
SQLNET.KERBEROS5_CONF_MIT=(FALSE)
SQLNET.KERBEROS5_REALMS=/krb5/krb.realms      
SQLNET.KERBEROS5_KEYTAB=/krb5/v5srvtab

initialization parameter fi le

REMOTE_OS_AUTHENT=FALSE
OS_AUTHENT_
PREFIX=""

Parameters for Clients and Servers using RADIUS Authentication

The following sections describe the parameters for RADIUS authentication

sqlnet.ora File Parameters

SQLNET.AUTHENTICATION_SERVICES

This parameter configures the client or the server to use the RADIUS adapter. < a href="asoappb.htm#634519">Table B-2 describes this parameter's attributes.

Table B-2 SQLNET.AUTHENTICATION_SERVICES Parameter Attribu tes

< td class="Formal">

SQLNET.AUTHENTICATION_SERVICES=radius

Attribute	Description
Syntax
Default setting	None

< font face="Arial, Helvetica, sans-serif" color="#330099">SQLNET.RADIUS_AUTHENTICATION

This parameter sets the location of the primary RADIUS server, either host name or dotted decimal format. If the RAD IUS server is on a different machine from the Oracle server, you must specify either the host name or the IP address of that machine. Table B-3 describes this parameter's attributes.

Table B-3 SQLNET.RADIUS_AUTHENTICATION Parameter Attributes

Attribute Description

Syntax

SQLNET.RADIUS_AUTHENTICATION=RADIUS_server_IP_address< /em>

Default sett ing

localhost

SQLNET.RADIUS_AUTHENTICATI ON_PORT

This parameter sets the listening port of the primary RADIUS server. Table B-4 describes this parameter's attributes.

Table B-4 SQLNET.RADIUS_AUTHENTICATION_PORT Parameter A ttributes

Attribute Description

Syntax
< /td>
SQLNET.RADIUS_AUTHENTICATION_PORT=port_number

Default setting

1645

SQLNET.RADIUS_AUTHENTICATIO N_TIMEOUT

This parameter sets the time to wait for response. Table B-5 describes this parameter's attributes.

Table B-5 SQLNET.RADIUS_AUTHENTICATION_TIMEOUT Parameter Attributes
< tbody>

Attribute Description

Syntax

SQLNET.RADIUS_AUTHENTICATION_TIMEOUT=time_in_seconds

Default settin g

5

SQLNET.RADIUS_AUTHENTICATION_RETRIES

This parameter sets the number of times to re-send. Table B-6 describes this parameter's attributes.

Table B-6 SQLNET.RADIUS_AUTHENTICATION_RETRIES Parameter Attributes
< tr class="Formal" align="left" valign="top">

Attribute Description

Syntax

SQLNET.RADIUS_AUTHENTICATION_RETRIES=n_times_to_resend

Default setting
< /td>
3

SQLNET.RADIUS_SEND_ACCOUNTING

This parameter turns accounting on and off. If you enable accounting, packets wil l be sent to the active RADIUS server at the listening port plus one. By default, packets are sent to port 1646. You need to turn thi s feature on only when your RADIUS server supports accounting and you want to keep track of the number of times the user is logging o n to the system. Table B-7 describes this parameter's attributes.

Table B-7 SQLNET.RADIUS_SEND_ACCOUNTING Parame ter Attributes

Attribute Description

Syntax

SQLNET.RADIUS_SEND_ACCOUNTING=on

Default s etting

off

SQLNET.RADIUS_SECRET
This parameter specifies the file name and location of the RADIUS secret key. Table B-8 describes this parameter's attributes.

Table B-8 SQLNET.RADIUS_SECRET Parameter Attributes

$ORACLE_HOME/network/security/radius.key
SQLNET.RAD IUS_ALTERNATE
This parameter sets the location of an alternate RADIUS server to be used in case the primary server becomes unavailable for fault tolerance. Table B-9 describes this parameter's attributes.
Table B-9 SQLNET.RADIUS_ALTERNATE Parameter Attributes

< font face="Arial, Helvetica, sans-serif">Attribute Description

Syntax

SQLNET.RADIUS_SECRET=path_to_RADIUS_secret_key

Default setting

Attribute Description

Syntax

SQLNET.RADIUS_ALTERNATE=alternate_RADIUS_server_hostname_or_IP_address

Default setting

off

SQLNET.RADIUS_ALTERNATE_PORT

This parameter sets the listening port for the alternate RADIUS server. Table& nbsp;B-10 describes this parameter's attributes.

Table B-10 SQLNET.RADIUS_ALTERNATE_PORT Parameter Attributes

Attribute Description

Syntax

SQLNET.RADIUS_ALTERNATE_PORT=alternate_RADIUS_server_listening_port_number

Default setting

1645

SQLNET.RADIUS_ALTERNATE_TIMEOUT

This parameter sets the time to wait for response for the alternate RADIUS server . Table B-11 describes this parameter's attributes.

Table B-11 SQLNET.RADIUS_ALTERNATE_TIMEOUT Parameter Attribu tes
< td class="Formal">
SQLNET.RADIUS_ALTERNATE_TIMEOUT=time_in_seconds< /em>

Attribute Description

Syntax

Default sett ing

5

SQLNET.RADIUS_ALTERNATE_RETRIES

This parameter sets the number of times that the alternate RADIUS serve r re-sends messages. Table B-12 describes this parameter's attributes.

Table B-12 SQLNET.RADIUS_ALTERNATE_RETRIE S Parameter Attributes

Attribute Description< /font>

Syntax

SQLNET.RADIUS_ALTERNATE_RETRIES=n_ti mes_to_resend

Default setting

3

SQLNET.RADIUS _CHALLENGE_RESPONSE

This parameter turns on or turns off the challeng e-response, or asynchronous, mode support. Table B-13 describes this parameter's attributes.

Table B-13 SQLNET.R ADIUS_CHALLENGE_RESPONSE Parameter Attributes

Attribute Description

Syntax

SQLNET.RADIUS_CHALLENGE_RESPON SE=on

Default setting

off

SQ LNET.RADIUS_CHALLENGE_KEYWORD

This parameter sets the keyword to requ est a challenge from the RADIUS server. User types no password on the client. Table B-14 descri bes this parameter's attributes.

Table B-14 SQLNET.RADIUS_CHALLENGE_KEYWORD Parameter Attributes

Attribute Description

Syntax

SQLNET.RADIUS_CHALLENGE_KEYWORD=keyword

Default setting

challenge
< h4 class="H3">SQLNET.RADIUS_AUTHENTICATION_INTERFACE

This parameter sets the name of the Java class that contains the graphical user interface w hen RADIUS is in the challenge-response (asynchronous) mode. Table B-15 describes this paramete r's attributes.

T able B-15 SQLNET.RADIUS_AUTHENTICATION_INTERFACE Parameter Attributes

Attr ibute Description

Syntax

SQLNET .RADIUS_AUTHENTICATION_INTERFACE=Java_class_name

Default setting

DefaultRadiusInterface (oracle/net/radius/DefaultRadiusInterface)

SQLNET.RADIUS_CLASSPATH

If you decide to use the challenge-response authentication mode, RADIUS pre sents the user with a Java-based graphical interface requesting first a password, then additional information--for example, a dynamic password that the user obtains from a token card. Add the SQLNET.RADIUS_CLASSPATH parameter in the sqlnet.ora file to set the path for the Java classes for that graphical interface, and to set the path to the JDK Java libraries. Table B-16 describes this parameter's attributes.
Table B-16 SQLNET.RADIUS_CLASSPATH Parameter Attributes Attribute Description Syntax SQLNET.RADIUS_CLASSPATH=path_to_GUI_Java_classes Default setting $ORACLE_HOME/jlib/netradius.jar:$ORACLE_HOME/JRE/lib/sparc/native_threads Minimum RADIUS Parameters sqlnet.authentication_se rvices = (radius) sqlnet.authentication = IP-address-of-RADIUS-server sqlnet.radius_challen ge_response = ON Initialization File Parameters REMOTE_OS_AUTHENT=FALSE OS_AUTHENT_PREFIX="" Parameters for Clients and Servers using SSL There are two ways to configure a parameter: Static: The n ame of the parameter that exists in the sqlnet.ora file. Dynamic: The name of the parameter used in the security subsection of the Oracle Net address. SSL Authentication Parameters This section describes the static and dynamic parameters for configuring SSL on the server.< /p> Parameter Name (static): SQLNET.AUTHENTICATION_SERVICES Parameter Name (dynamic): AUTHENTICATION Parameter Type: String LIST Parameter Class: Static Permitted Values: Add TCPS to the list of avail able authentication services. < p class="TS">Default Value: No default value. Description: To control which authentication se rvices a user wants to use. Note: The dynamic version supports only the setting of one type.< /p> Existing/New Parameter Existing Syntax (static): SQLNET.AUTHENTICATION _SERVICES = (TCPS, selected_method_1, selected_method_2) Example (static): SQLNET.AUTHENTICATION_SERVICES = (TCPS, radius) Syntax (dynam ic): AUTHENTICATION = string Ex ample (dynamic): AU THENTICATION = (TCPS) Cipher Suite Parameters This section des cribes the static and dynamic parameters for configuring cipher suites. Parameter Name (static): SSL_CIPHER_S UITES Parameter Name (dynamic): SSL_CIPHER_SUITES P arameter Type: String LIST Parameter Class: Static Permitted Values: Any known SSL cipher suite Default Value: No default Description: Controls th e combination of encryption and data integrity used by SSL. Existing/New Parameter Existing Syntax (static): S SL_CIPHER_SUITES=(SSL_cipher_suite1[, SSL_cipher_suite2, ... SSL_c ipher_suiteN]) Example (static): SSL_CIPHER_SUITES =(SSL_DH_DSS_WITH_DES_CBC_SHA) Syntax (dynamic): SSL_CI PHER_SUITES=(SSL_cipher_suite1 [, SSL_cipher_suite 2, ...SSL_cipher_suiteN]) Example (dynamic): < /a> SSL_CIPHER_SUITES=(SSL_DH_DSS_WITH_DES_CBC_SHA) Supported SSL Cipher Suites Oracle Advanced Security supports the following cipher suites: SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_RC4 _128_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_DES_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_RC4_128_MD5 SSL_DH_ anon_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_WITH_AES_ 128_CBC_SHA SSL_RSA_WITH_AES_256_CBC_SHA Note that the cipher suites that use Advanced Encryption Standard (AES) work with Transport Layer Security (TLS 1.0) only. SSL Version Parameters This section describes the static and dynamic parameters for configuring the version of SSL to be used. Parameter Class: < tr class="Simple" align="left" valign="top"> < /tr> Parameter Name (static): SSL_VERSION Parameter Name (dynamic): SSL_VERSION Parameter Type: string Static Permitted Values: Any version which is valid to SSL. (0, 3.0) Default Value: "0" Description: To force the version of the SSL connection. Existing/New Parameter New Syntax (sta tic): SSL_VERSION=version Examp le (static): SSL_VERSION=3.0 Syntax (dynamic): SSL_VERSION=version Example (dynamic):< /strong> SSL_VERSION=3.0 SSL Client Authentication Param eters This section describes the static and dynamic parameters for co nfiguring SSL on the client. SSL_CLIENT_AUTHENTICATION=FALSE Parameter Name (stati c): SSL_CLIENT_AUTHENTICATION Parameter Name (dynamic): SSL_CLIENT_AUTHENTICATION Parameter Type: Boolean Parameter Class: Static Permitted Values: TRUE/FALSE Default Value: TRUE Description: To control whether a client, in addition to the server, is authe nticated using SSL. Existing/New Parameter New Synt ax (static): SSL_CLIENT_AUTHENTICATION={ TRUE | FALSE} Example (static): SSL_CLIENT_AUTHENTICATION=FALSE Syntax (dynamic): SSL_CLIENT_AUTHENTICATION={TRUE | FALSE} Example (dynamic): SSL X.509 Server Match Parameters This section describes the parameters that are used to validate the identit y of a server that the client connects to. SSL_SERVER_DN_MATCH Parameter Name SSL_SERVER_DN_MATCH Where stored sqlnet.ora Purpose Use this parameter to force the server's < a href="asogls.htm#996930">distinguished name (DN) to match its service name. If you force the matc h verifications, SSL ensures that the certificate is from the server. If you choose to not enforce the match verification, SSL perfor ms the check but permits the connection, regardless if there is a match. Not forcing the match lets the server pot entially fake its identity. Values yes|on|true--Specify to enforce a match. If the DN matches the service name, the connection succeeds; otherwise , the connection fails. no|off|false--Specify to not enforce a match. If the DN does not match the service name, the connection is succes sful, but an error is logged to the sqlnet.log file. Default < /a> Oracle8i, or later:.FALSE. SSL client (always) checks server DN. If it does not match the service name, the connection succeeds but an error is logged to sqlnet.log file. Usage Notes Additionally configure the tnsnames.ora parameter SSL_SERVER_CERT_DN to enable server DN matching. SSL_SERVER_CERT_DN Parameter Name SSL_SERVER_CERT_DN Where stored tnsnames.o ra--Can be stored on the client, for every server it connects to, OR it can be stored in the LDAP directory, for every server it connects to, updated centrally. Purpose This paramet er specifies the distinguished name (DN) of the server. The client uses this information to obtain the list of DNs it expects for each of the servers--to force the server's DN to match its service name. Values Set equal to distinguished name (DN) of the server. Default n/a Usage Notes Additionally configur e the sqlnet.ora parameter SSL_SERVER_DN_MATCH to enable server DN matching. Example dbalias=(description=address_list=(address=(protocol=tcps)(host=hostname)(port=portn um)))(connect_data=(sid=Finance))(security=(SSL_SERVER_DN="CN=Finance,CN=OracleContext,C=US,O=Acme")) Wallet Location For any application that must access a wallet for loading the security credentials into the process space, you must specify the wallet location parameters defined by Table&nb sp;B-17 in each of the following configuration files: sqlnet.ora listener.ora Table B-17 Wallet Locatio n Parameters Static Configuration Dynamic Configuration WALLET_ LOCATION = (SOURCE= (METHOD =File) (METHOD_DATA= (DIREC TORY=your wallet location) ) ) MY_WALLET_DIRECTORY = your_wallet_dir The defau lt wallet location is the $ORACLE_HOME directory.

Parameter Name (static):	SQLNET.AUTHENTICATION_SERVICES
Parameter Name (dynamic):	AUTHENTICATION
Parameter Type:	String LIST
Parameter Class:	Static
Permitted Values:	Add TCPS to the list of avail able authentication services.
< p class="TS">Default Value:	No default value.
Description:	To control which authentication se rvices a user wants to use. Note: The dynamic version supports only the setting of one type.< /p>
Existing/New Parameter	Existing
Syntax (static):	SQLNET.AUTHENTICATION _SERVICES = (TCPS, selected_method_1, selected_method_2)
Example (static):	SQLNET.AUTHENTICATION_SERVICES = (TCPS, radius)
Syntax (dynam ic):	AUTHENTICATION = string
Ex ample (dynamic):	AU THENTICATION = (TCPS)

Parameter Name (static):	SSL_CIPHER_S UITES
Parameter Name (dynamic):	SSL_CIPHER_SUITES
P arameter Type:	String LIST
Parameter Class:	Static
Permitted Values:	Any known SSL cipher suite
Default Value:	No default
Description:	Controls th e combination of encryption and data integrity used by SSL.
Existing/New Parameter	Existing
Syntax (static):	S SL_CIPHER_SUITES=(SSL_cipher_suite1[, SSL_cipher_suite2, ... SSL_c ipher_suiteN])
Example (static):	SSL_CIPHER_SUITES =(SSL_DH_DSS_WITH_DES_CBC_SHA)
Syntax (dynamic):	SSL_CI PHER_SUITES=(SSL_cipher_suite1 [, SSL_cipher_suite 2, ...SSL_cipher_suiteN])
Example (dynamic):	< /a> SSL_CIPHER_SUITES=(SSL_DH_DSS_WITH_DES_CBC_SHA)

Parameter Name (stati c):	SSL_CLIENT_AUTHENTICATION
Parameter Name (dynamic):	SSL_CLIENT_AUTHENTICATION
Parameter Type:	Boolean
Parameter Class:	Static
Permitted Values:	TRUE/FALSE
Default Value:	TRUE
Description:	To control whether a client, in addition to the server, is authe nticated using SSL.
Existing/New Parameter	New
Synt ax (static):	SSL_CLIENT_AUTHENTICATION={ TRUE \| FALSE}
Example (static):	SSL_CLIENT_AUTHENTICATION=FALSE
Syntax (dynamic):	SSL_CLIENT_AUTHENTICATION={TRUE \| FALSE}
Example (dynamic):

Parameter Name	SSL_SERVER_DN_MATCH
Where stored	`sqlnet.ora`
Purpose	Use this parameter to force the server's < a href="asogls.htm#996930">distinguished name (DN) to match its service name. If you force the matc h verifications, SSL ensures that the certificate is from the server. If you choose to not enforce the match verification, SSL perfor ms the check but permits the connection, regardless if there is a match. Not forcing the match lets the server pot entially fake its identity.
Values	`yes\|on\|true`--Specify to enforce a match. If the DN matches the service name, the connection succeeds; otherwise , the connection fails.
Values	`no\|off\|false`--Specify to not enforce a match. If the DN does not match the service name, the connection is succes sful, but an error is logged to the `sqlnet.log` file.
Default	< /a> Oracle8i, or later:.FALSE. SSL client (always) checks server DN. If it does not match the service name, the connection succeeds but an error is logged to `sqlnet.log` file.
Usage Notes	Additionally configure the tnsnames.ora parameter `SSL_SERVER_CERT_DN` to enable server DN matching.

Attribute	Description
Syntax	`SQLNET.RADIUS_AUTHENTICATION=``RADIUS_server_IP_address`< /em>
Default sett ing	`localhost`

Attribute	Description
Syntax < /td>	`SQLNET.RADIUS_AUTHENTICATION_PORT=``port_number`
Default setting	`1645`

Attribute	Description
Syntax	`SQLNET.RADIUS_AUTHENTICATION_TIMEOUT=``time_in_seconds`
Default settin g	`5`

Attribute	Description
Syntax	`SQLNET.RADIUS_AUTHENTICATION_RETRIES=``n_times_to_resend`
Default setting < /td>	`3`

Attribute	Description
Syntax	`SQLNET.RADIUS_SEND_ACCOUNTING=``on`
Default s etting	`off`

< font face="Arial, Helvetica, sans-serif">Attribute	Description
Syntax	`SQLNET.RADIUS_SECRET=``path_to_RADIUS_secret_key`
Default setting

Attribute	Description
Syntax	SQLNET.RADIUS_ALTERNATE=`alternate_RADIUS_server_hostname_or_IP_address`
Default setting	`off`

Attribute	Description
Syntax	`SQLNET.RADIUS_ALTERNATE_PORT=``alternate_RADIUS_server_listening_port_number`
Default setting	`1645`

Attribute	Description< /font>
Syntax	`SQLNET.RADIUS_ALTERNATE_RETRIES=``n_ti mes_to_resend`
Default setting	`3`

Attribute	Description
Syntax	`SQLNET.RADIUS_CHALLENGE_RESPON SE=``on`
Default setting	`off`

Attribute	Description
Syntax	`SQLNET.RADIUS_CHALLENGE_KEYWORD=``keyword`
Default setting	`challenge`

Attr ibute	Description
Syntax	`SQLNET .RADIUS_AUTHENTICATION_INTERFACE=``Java_class_name`
Default setting	`DefaultRadiusInterface (oracle/net/radius/DefaultRadiusInterface)`

Attribute	Description
Syntax	`SQLNET.RADIUS_CLASSPATH=``path_to_GUI_Java_classes`
Default setting	`$ORACLE_HOME/jlib/netradius.jar:$ORACLE_HOME/JRE/lib/sparc/native_threads`

Parameter Name (static):	SSL_VERSION
Parameter Name (dynamic):	SSL_VERSION
Parameter Type:	string
Static
Permitted Values:	Any version which is valid to SSL. (0, 3.0)
Default Value:	"0"
Description:	To force the version of the SSL connection.
Existing/New Parameter	New
Syntax (sta tic):	SSL_VERSION=version
Examp le (static):	SSL_VERSION=3.0
Syntax (dynamic):	SSL_VERSION=version
Example (dynamic):< /strong>	SSL_VERSION=3.0

B Authentication Parameters

Parameters for Clients and Servers using Kerberos Authentication

Table B-1 Kerberos Authentication Parameters

Parameters for Clients and Servers using RADIUS Authentication

sqlnet.ora File Parameters

SQLNET.AUTHENTICATION_SERVICES

Table B-2 SQLNET.AUTHENTICATION_SERVICES Parameter Attribu tes

< font face="Arial, Helvetica, sans-serif" color="#330099">SQLNET.RADIUS_AUTHENTICATION

Table B-3 SQLNET.RADIUS_AUTHENTICATION Parameter Attributes

SQLNET.RADIUS_AUTHENTICATI ON_PORT

Table B-4 SQLNET.RADIUS_AUTHENTICATION_PORT Parameter A ttributes

SQLNET.RADIUS_AUTHENTICATIO N_TIMEOUT

Table B-5 SQLNET.RADIUS_AUTHENTICATION_TIMEOUT Parameter Attributes

SQLNET.RADIUS_AUTHENTICATION_RETRIES

Table B-6 SQLNET.RADIUS_AUTHENTICATION_RETRIES Parameter Attributes

SQLNET.RADIUS_SEND_ACCOUNTING

Table B-7 SQLNET.RADIUS_SEND_ACCOUNTING Parame ter Attributes

SQLNET.RADIUS_SECRET This parameter specifies the file name and location of the RADIUS secret key. Table B-8 describes this parameter's attributes.

Table B-8 SQLNET.RADIUS_SECRET Parameter Attributes

SQLNET.RAD IUS_ALTERNATE

Table B-9 SQLNET.RADIUS_ALTERNATE Parameter Attributes

SQLNET.RADIUS_ALTERNATE_PORT

Table B-10 SQLNET.RADIUS_ALTERNATE_PORT Parameter Attributes

SQLNET.RADIUS_ALTERNATE_TIMEOUT

Table B-11 SQLNET.RADIUS_ALTERNATE_TIMEOUT Parameter Attribu tes

SQLNET.RADIUS_ALTERNATE_RETRIES

Table B-12 SQLNET.RADIUS_ALTERNATE_RETRIE S Parameter Attributes

SQLNET.RADIUS _CHALLENGE_RESPONSE

Table B-13 SQLNET.R ADIUS_CHALLENGE_RESPONSE Parameter Attributes

SQ LNET.RADIUS_CHALLENGE_KEYWORD

Table B-14 SQLNET.RADIUS_CHALLENGE_KEYWORD Parameter Attributes Attribute Description Syntax SQLNET.RADIUS_CHALLENGE_KEYWORD=keyword Default setting challenge < h4 class="H3">SQLNET.RADIUS_AUTHENTICATION_INTERFACE

T able B-15 SQLNET.RADIUS_AUTHENTICATION_INTERFACE Parameter Attributes

SQLNET.RADIUS_CLASSPATH

Table B-16 SQLNET.RADIUS_CLASSPATH Parameter Attributes

Minimum RADIUS Parameters

Initialization File Parameters

Parameters for Clients and Servers using SSL

SSL Authentication Parameters

Cipher Suite Parameters

Supported SSL Cipher Suites

SSL Version Parameters

SSL Client Authentication Param eters

SSL X.509 Server Match Parameters

SSL_SERVER_DN_MATCH

SSL_SERVER_CERT_DN

Wallet Location

Table B-17 Wallet Locatio n Parameters

B
Authentication Parameters

SQLNET.RADIUS_SECRET
This parameter specifies the file name and location of the RADIUS secret key. Table B-8 describes this parameter's attributes.

Table B-14 SQLNET.RADIUS_CHALLENGE_KEYWORD Parameter Attributes

Attribute Description

Syntax

`SQLNET.RADIUS_CHALLENGE_KEYWORD=``keyword`

Default setting

`challenge`
< h4 class="H3">SQLNET.RADIUS_AUTHENTICATION_INTERFACE