Oracle Advanced Security Administrator's Guide Release 8.1.5 A67766-01 |
|
This chapter describes what you need to do to configure DCE to use Oracle DCE Integration after Oracle DCE Integration has been successfully installed.
More Information:
See the list of books and papers in the "Related Publications" section in the Preface of this guide. |
Following is a list of steps with examples you need to follow to configure DCE to use DCE Integration. The steps assume that a DCE cell has been configured and the machines being used are part of that cell.
As the DCE cell administrator, you need to do the following:
First, you need to add server principals using a procedure like the one below:
% dce_login cell_admin password
% rgy_edit
Current site is: registry server at
/.../cell1/subsys/dce/sec/master
rgy_edit=>do p
Domain changed to: principal
rgy_edit=> add oracle
rgy_edit=> do a
Domain changed to: account
rgy_edit=> add oracle -g none -o none -pw oracle_password
-mp cell_admin_password
rgy_edit=> quit
bye
In this example, you just created a DCE principal called "oracle". The principal has a corresponding account with password "password". The account does not belong to any DCE group or DCE profile.
You only need to do this once after DCE Integration has been installed. Also, you only need to do this procedure for the Oracle database server, not for the client.
In this step by step procedure, you install the key of the server into a keytab file: dcepa.key. This keytab file contains the password of the principal under which the Net8 listener starts. The Net8 listener reads this file to authenticate itself to DCE. You only need to do this once after DCE Integration has been installed. Also, you only need to do this procedure for the Oracle database server, not for the client
.Run the following command to generate the keytab file.
% dce_login cell_admin password
% rgy_edit
Current site is: registry server at /.../cell1/subsys/dce/sec/master
rgy_edit=> ktadd -p oracle -pw Oracle_password -f
$ORACLE_HOME/dcepa/admin/dcepa.key
rgy_edit=>quit
bye
The /.:/subsys/oracle/names directory contains objects that map Net8 service names to connect descriptors, which are used by the CDS naming adapter.
The /.:/subsys/oracle/service_registry directory also contains objects that map the service name in DCE addresses to the network endpoint which is used by both DCE protocol adapter clients and servers.
You need to perform the steps in this section after installing the DCE Integration adapter for the first time in a cell.
% dce_login cell_admin
Enter Password:(password not displayed)
$ cdscp
cdscp> create dir /.:/subsys/oracle
cdscp> create dir /.:/subsys/oracle/names
cdscp> create dir /.:/subsys/oracle/service_registry
cdscp> exit
Perform the following steps to add the principal oracle to the cds-server group.
$ dce_login cell_admin
Enter Password: (password not displayed)
$ rgy_edit
rgy_edit=> domain group
Domain changed to: group
rgy_edit=> member subsys/dce/cds-server -a oracle
rgy_edit=> exit
More Information:
For instructions on how to configure clients, see "Configuring Clients to Use DCE CDS Naming". For information on how to load Oracle service names into CDS, see "Create a TNSNAMES.ORA For Loading Oracle Connect Descriptors into CDS". |