行锋

未命名

发表于 2009-06-25

创建网络服务名

注：只有 OracleNetAdmins 或 OracleContextAdmins 组的成员用户可以在目录中创建网络服务名条目。

要向 tnsnames.ora 文件或目录服务器添加网络服务名，请执行以下操作：

在导航器窗格中，展开 Oracle 网络配置 > 目录/本地 > 服务命名。
从工具栏中选择加号 (+)，或从菜单栏中选择编辑 > 创建。将显示“网络服务名向导”的“欢迎使用”页。
在网络服务名字段中输入任意名称。网络服务名可使用客户机的域进行限定。如果指定了客户机域，网络服务名将自动限定域。
选择下一步。此时将显示“协议”页。
选择配置的监听程序进行监听的协议。请注意，此协议也必须安装在客户机上。
选择下一步。此时将显示“协议设置”页。
在提供的字段中为所选协议输入相应的协议参数。
选择下一步。此时将显示“服务”页。
选择一种发行版，输入目标服务，并且作为一种选择，可从 Oracle8i 或更高版本的“连接类型”列表中选择一种数据库连接类型。

如果目标服务是 Oracle8i 或更高版本的服务，请选择 Oracle8i 或更高版本，并在服务名字段中输入服务名，然后选择下一步。如果目标服务是 Oracle8 或 Oracle7，请选择 Oracle8 或更低版本，在数据库 SID 字段中输入 Oracle 系统标识符，然后选择下一步。

Oracle Corporation 建议对连接类型使用“数据库默认设置”。如果在初始化参数文件中配置了共享服务器，就可以选择专用服务器迫使监听程序绕过共享服务器配置来衍生一个专用服务器。如果在服务器上启用了“数据库驻留连接共享”，您可以选择池中服务器，从池中获取连接。如果在初始化参数文件中配置了共享服务器，并且希望确保此连接始终使用共享服务器，请选择共享服务器。
选择下一步。此时将显示“测试”页。
选择测试以验证网络服务名是否可用，或单击“完成”保存配置并关闭“网络服务名向导”。
如果选择测试，Oracle Net 将通过使用您配置的连接描述符信息连接到数据库服务器。因此，要使测试成功，数据库和监听程序必须都在运行。如果没有运行，请参阅 Oracle10i Net Administrator's Guide 中的第 15 章“Establishing a Connection and Testing the Network”来启动这些组件。一个成功的测试将产生以下消息：

连接测试成功。

如果测试成功，请选择关闭以关闭“连接测试”对话框，然后继续步骤 12。

如果测试不成功：

a. 确保数据库和监听程序都在运行，然后选择测试。

b. 选择“更改登录”以更改连接的用户名和口令，然后选择测试。
选择完成保存配置并关闭“网络服务名向导”。
请确保概要文件反映本地 (LOCAL) 或目录命名 (LDAP) 方法。

未命名

发表于 2009-06-25

CyberSafe

CyberSafe 验证方法要求您设置以下参数：

GSSAPI 服务

要使用的 GSSAPI 服务的名称。

未命名

发表于 2009-06-25

目录信息树 (DIT)

在条目唯一判别名 (DN) 的目录服务器中的树形层次结构。

未命名

发表于 2009-06-25

Oracle Net Manager 的目录命名要求

在目录服务器中，使用 Oracle Net Manager 可以创建数据库服务的网络路由信息，还可以创建网络服务名。

为了使 Oracle Net Manager 写入目录，应具备以下条件：

必须给目录配置 Oracle Schema。
运行 Oracle Net Manager 的计算机必须用默认的 Oracle Context 配置才能访问和写入条目。

如目录命名配置概述中所述，这些配置设置都使用 Oracle Net Configuration Assistant 来设置。Oracle Net Manager 不提供该功能

如果尚未配置目录访问，则导航器窗格中的 Oracle Net 配置 > 目录文件夹和命令 > 目录菜单将不可用。

未命名

发表于 2009-06-25

唯一判别名 (DN)

指定条目驻留在目录服务器层次结构中的位置，与目录路径指定文件的精确位置很类似。

Listeners are configured to listen for incoming connection requests for a database on a specific network protocol address. The Listening Locations tab enables you to configure one or more listening location addresses on which a listener will wait for client connections.

Protocol

From the list, select the protocol for the address. Depending on the protocol chosen, enter protocol parameter information in the fields as appropriate.

Show Advanced/Hide Advanced button

Use the Show Advanced/Hide Advanced toggle to display or hide settings for specifying the I/O buffer space limit for the listener.

These settings are supported by the TCP/IP, TCP/IP with SSL, and SDP protocols.

Total Send Buffer Size

Specify, in bytes, the buffer space for send operations of sessions.

Because the database server writes data to clients, setting this setting at the serverside is typically adequate. If the database server is receiving a large volume of requests, then also set the Total Receive Buffer Size setting.

Total Receive Buffer Size

Specify, in bytes, the buffer space for receive operations of sessions.

Statically dedicate this address for JServer connections

Choose to configure the listener.ora file with General Inter-Orb Protocol (GIOP) endpoints for Oracle JServer release 8.1 connections.

Add Address

Choose to create a new protocol address. A new Address tab displays where you can select the protocol and enter protocol information in the fields.

Remove Address

Choose to delete the selected Address tab and its address information.

For more information about configuring I/O buffer space, see Chapter 14, Optimizing Performance, in the Oracle10i Net Administrator's Guide.

未命名

发表于 2009-05-28

Oracle Advanced Security: Other Params

The Other Params tab enables you to configure additional authentication services parameters.

From the Authentication Service list, select the authentication method. Depending on the authentication method chosen, enter information in the fields as appropriate.

KERBEROS(V5)

Element	Description
Service	Enter any string to specify the Kerberos service name.
Credential Cache File	Enter any valid path name to specify the Kerberos credential cache path name.
Configuration File	Enter any valid path name to specify the Kerberos configuration file.
Realm Translation File	Enter any valid path name to specify the Kerberos host name to realm translation file.
Key Table	Enter any valid path name to specify the Kerberos secret key file.
Clock Skew	Enter any positive integer to specify the acceptable difference in the number of seconds between when a credential is sent and received.

CYBERSAFE

GSSAPI Service: Specify a CYBERSAFE service principal. Enter any correctly formatted service principal string.

NTS

No additional parameters are required.

RADIUS

Element	Description
Host Name	Enter the name of the primary RADIUS server.
Port Number	Enter the port number of the primary RADIUS server.
Timeout (seconds)	Enter the number of seconds the Oracle database server should wait for response from the primary RADIUS server.
Number of Retries	Enter the number of times the Oracle database server should resend messages to the primary RADIUS server.
Secret File	Enter the path name of the secret key file.
Send Accounting	Enter on to enable accounting or to disable it.
Challenge Response	Enter on to enable challenge-response or off to disable it.
Default Keyword	Enter the keyword for requesting a challenge from the RADIUS server.
Interface Class Name	Enter the name of the class you have created to handle the challenge-response conversation between the Oracle client and the RADIUS server.

For more information, see Oracle Advanced Security Administrator's Guide.

未命名

发表于 2009-05-28

Oracle Advanced Security: SSL

The SSL tab enables you to modify Secure Sockets Layer (SSL) settings. SSL is an industry standard protocol for securing network communications. SSL provides for authentication, encryption, and data integrity. Use SSL to secure communications between any client and any server. Specifically, you can use SSL to authenticate any client or server to one or more Oracle servers or an Oracle server to any client.

Configure SSL

From the list, select to specify settings for either the client or server.

The settings you need to configure for the server are similar to those you set for the client. There is one additional parameter: a check box entitled Require Client Authentication.

Configuration Method

TBD...From the list, select File System to...., or select Entrust to...

Wallet Configuration

A wallet is contains certificates, keys and trust points. Select one of the four configuration methods described in the table. If the method chosen is File System or Entrust Wallets, Browse to search for a wallet in your file system.

Wallet Configuration Method	Access Method
File system	Directory path
Microsoft certificate	None
Microsoft registry	Registry key
Entrust wallets	Directory path

Cipher Suite Configuration

Several SSL cipher suites have been installed by default. These default cipher suites will be overwritten if you add one or more manually.

Element	Description
Add button	Choose to invoke the Select a Cipher Suite to enable dialog box. In the dialog box, select a suite, and then choose OK . The cipher suite is added to the list box. Note: All Oracle Advanced Security encryption algorithms and key lengths are available for both U.S. domestic and international use.
Remove button	Choose to remove a selected Cipher Suite.
Promote button	Choose to move a selected Cipher Suite to a higher level in the list.
Demote button	Choose to move a selected Cipher Suite to a lower level in the list.

Revocation Check (Server only)

Specify a revocation check for a certificate. Select from one of the following values:

None: Select to turn off certificate revocation checking.
Required: Select to perform certificate revocation when a certificate is available. If a certificate is revoked and no appropriate Certificate Revocation List (CRL) is found, then reject the SSL connection If no appropriate CRL is found to ascertain the revocation status of the certificate and the certificate is not revoked. then accept the SSL connection.
Requested: Select to perform certificate revocation in case a CRL is available. Reject SSL connection if the certificate is revoked. If no appropriate CRL is found to determine the revocation status of the certificate and the certificate is not revoked, then accept the SSL connection

Require SSL Version (optional)

From the list, select the version of SSL. The client and the server must use a compatible versions of SSL. You can select SSL v3.0 or choose to allow any existing or future version of SSL to be used.

Require Client Authentication (Server only)

This check box is selected by default. Deselect this check box if you do not want to require client-side authentication.

Match server X.509 name (Client only)

From the list, select whether or not check to see if the server's distinguished name (DN) matches its service name. If you enforce the match verifications, then SSL ensures that the certificate is from the server. If you select to not enforce the match verification, then SSL performs the check but allows the connection, regardless if there is a match. Not enforcing the match allows the server to potentially fake its identify. Select from one of the following values:

Yes: Select to check the server DN. If the DN matches the service name, the connection succeeds. If the DN does not match the service name, the connection is successful, but an error is logged in the sqlnet.log file..
No: Select to not check the server DN. Ignoring this check can enable the server to fake its identity.
Let Client Decide: TBD

未命名

发表于 2009-05-28

Oracle Enterprise Manager

A product family that consists of system management tools designed to efficiently manage the complete Oracle environment.

未命名

发表于 2009-05-28

Other Services

The Other Services tab enables you to specify the non-database services for which the listener is to receive connect requests. Non-database services can be external procedures or Heterogeneous Services.

Global Service Name

Enter the service name and domain name of the service.

Program Name

Enter the executable program name. For example, extproc.exe.

Program Argument Zero

Enter the internal first argument, which is often used as an alternative program name. For example: argv0

Program Arguments

Enter the command line arguments that should be passed when starting the service. For example, -mode=5.

Environment

Enter any environment variables that should be set prior to starting the service. Environment variables are specified in the following format:

environment_variable=values

For example, user=scott, start=immediate.

Note that variables are separated by commas.

SID

Enter the program name or Oracle System Identifier (SID) for the service.

Oracle Home Directory

Enter the location of the program executable.

Add Service button

Choose to configure non-database service information. A new Service tab displays where you can enter information for another service.

Remove Service button

Choose to delete the selected Service tab and its service information.

低头走路，抬头思考

未命名

创建网络服务名

相关主题

未命名

CyberSafe

相关主题

未命名

目录信息树 (DIT)

相关主题

未命名

Oracle Net Manager 的目录命名要求

相关主题

未命名

唯一判别名 (DN)

相关主题

未命名

Listening Locations

Related Topics

未命名

Oracle Advanced Security: Other Params

Related Topics

未命名

Oracle Advanced Security: SSL

未命名

Oracle Enterprise Manager

Related Topics

未命名

Other Services

Related Topics