Oracle Advanced Security Administrator's Guide Release 8.1.5 A67766-01 |
|
This appendix explains how third party vendors of authentication devices customize the RADIUS challenge-response user interface to fit their particular device.
This appendix covers the following topics:
You can set up any authentication device that supports the RADIUS standard to authenticate Oracle users. When your authentication device uses the challenge-response mode, a graphical interface prompts the user first for a password, then for additional information--for example, a dynamic password that the user obtains from a token card. This interface is Java-based to provide optimal platform independence.
Third party vendors of authentication devices must customize this graphical user interface to fit their particular device. For example, a smartcard vendor customizes the Oracle client to issue the challenge to the smartcard reader. Then, when the smartcard receives a challenge, it responds by prompting the user for more information, for example, a PIN.
Oracle has developed a Java interface class for this interface. It is a set of methods written in C code using the Java Native Interface as specified in release 1.1 of the Java Development KitTM from JavaSoft. This code, provided below, is system specific. You can find it in the file OracleRadiusInterface in the following directory: $ORACLE_HOME/network/security/classes.
You customize this interface by creating your own class to handle the challenge-response conversation between the Oracle client and the RADIUS server. You then open your sqlnet.ora file, look up the SQLNET.RADIUS_AUTHENTICATION_INTERFACE parameter, and replace the name of the class listed there, namely, DefaultRadiusInterface, with the name of the new class you have just created. When you make this change in the sqlnet.ora file, this class is loaded on the Oracle client in order to handle the authentication process.
The third party must implement the Oracle RADIUS Interface which is located in the ORACLE.NET.RADIUS package.
public interface OracleRadiusInterface { public void radiusRequest(); public void radiusChallenge(String challenge); public String getUserName(); public String getPassword(); public String getResponse();
}