Skip to Main Content

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Question about the NTS Authentication Service

783956Aug 21 2010 — edited Aug 21 2010
Good morning,

While reading some Oracle related articles on the web, I found the following:

>
NTS Authentication Service must be disabled in a default installation.

Recent versions of Oracle feature SQLNET Authentication Services, but most times (especially but not only with Personal Oracle), those services are not installed. Nevertheless, the Oracle installer enables their use. This is a bug in the Oracle installer.

In the plain text file sqlnet.ora (located in the same directory as TNSNAMES.ORA, i.e. ORACLE_HOME\net80\admin or ORACLE_HOME\network\admin), you may find the following line:
SQLNET.AUTHENTICATION_SERVICES= (NTS)

Remove that line or prefix it with a comment sign, so that it read like this:

# SQLNET.AUTHENTICATION_SERVICES= (NTS)

Save that file. You may need to restart Oracle if it runs on the same machine. Restarting the entire machine may take longer, but it is easier to do.

PLEASE NOTE: There may be Oracle installations where the NTS Authentication Service is required. But for such installations, you can expect that the local Oracle administrator knows that it is required.
>

The question is: How can I determine if the NTS authentication service is actually needed ?

Thank you for your help,

John.
This post has been answered by Aman.... on Aug 21 2010
Jump to Answer

Comments

Aman....
Answer
John,

The NTS service is used in windows environments to make the Sys user authentication based on the o/s level authentication. So if you are not willing to supply the password of the Sys user each time, you should set this . This is normally not set with the fear of someone logging in without using the password and if I remember correctly, the o/s authentication doesn't get audited with the standard auditing.

HTH
Aman....
Marked as Answer by 783956 · Sep 27 2020
618702
Save that file. You may need to restart Oracle if it runs on the same machine. Restarting the entire machine may take longer, but it is easier to do.
I like that comment here and it explains everything :)

For further reading;

http://download.oracle.com/docs/cd/E11882_01/network.112/e10746/asoauth.htm#ASOAG9768
http://download.oracle.com/docs/cd/E11882_01/network.112/e10835/sqlnet.htm#NETRF198
Authentication Methods Available with Oracle Net Services:

    * none for no authentication methods, including Microsoft Windows native operating system authentication. When SQLNET.AUTHENTICATION_SERVICES is set to none, a valid user name and password can be used to access the database.
    * all for all authentication methods.
    * nts for Microsoft Windows native operating system authentication.
So at the end it is an authentication method that you are available to choose.

Regards.

Ogan
783956
Hi Aman,

>
The NTS service is used in windows environments to make the Sys user authentication based on the o/s level authentication. So if you are not willing to supply the password of the Sys user each time, you should set this . This is normally not set with the fear of someone logging in without using the password and if I remember correctly, the o/s authentication doesn't get audited with the standard auditing.
>

I suspect that there are implications in that statement that I do not fully understand yet. For the time being, knowing that it is related to O/S authentication will suffice. When I read the 2 Day + Security document, I'll make sure my understanding of the entire authentication mechanism is what it should be.

Aman, thank you for your help,

John.
Aman....
Hi John,

I shall wait for you to update this thread with your findings :) .

Aman....
783956
Thank you Ogan :)

I read parts of the documents you linked to. I admit that at this time, I don't fully understand the meaning of what is written there. I'll work on increasing my understanding of authentication after I've finished the 2 Day DBA document (otherwise I'll never finish it ;) )

Thanks again,

John.
amardeep.sidhu
I've finished the 2 Day DBA document (otherwise I'll never finish it ;) )

Thanks again,

John.
Are you finishing these 2 day things in 2 days only or taking more time ? ;)

Depending upon your answer, i may also think about going through it ;)
Aman....
Besides that I shall be interested in knowing the same what Sidhu asked you, offtopic, are you on Twitter, OC(www.oraclecommunity.net) ? :)

Aman....
783956
Hi Amardeep,

>
Are you finishing these 2 day things in 2 days only or taking more time ? ;)
>

There is no way I would finish in two days the way I do things. Everything I read, I try the way it is written, then I try to find other ways of making it work correctly. After that I purposely break it in every way I can think of, paying a lot of attention to what errors I get as a result. That way, I understand why it works when it works and, I learn about the behavior of the system when something is wrong. It is as important to understand why something works, as it is to understand the behavior of a system when it doesn't work. That way when it doesn't work, you know why and, you know how to correct it. There is no way to do all that in two days.

Essentially, what others read in 2 days, takes me at least 2 weeks (more likely a month). My consolation is that, after those 2 weeks (or month), I normally end up understanding how and why the system works much better than anyone who read it in 2 days.

no pain, no gain ;) (it's no pain to me anyway, I enjoy doing things that way :) )

The worst part is, this is just the "introductory" phase (Phase I of III). The phase where I learn enough to build a real foundation upon which I can add truly useful knowledge. Given the size of Oracle... this is going to take a "while" :) I doubt I'll ever get to phase III with Oracle, I'm not young enough! (don't ask what phase III is ;) )

To give you an idea, In the past 30 days, I've installed Oracle at least 30 times. I say at least because, there have been days where I've spent the entire day installing Oracle in different ways, with different options, with different network configurations, etc, etc, and that's just the installation part. I believe that yesterday I installed it 3 times, I'm satisfied with the installation I have now (I've made a lot of mistakes and created installations that were pretty bad) but, I have only created one database using Oradim and, I will eventually go back to Oradim to create a fully configured database manually. Oradim can also be used to administer a database, I'll make sure I learn that part of it too. The advantage of using Oradim is you are not going thru any of the perl scripts that may have their own quirks. The init.ora file that is fed into Oradim can take about 300 parameters, I think that means I'll be installing Oracle about 400 to 700 times before I am satisfied.

You'd think that the above would be enough, it isn't. Under Windows and Unix, services/daemons can be managed at the O/S level. I've made sure I know every what every service is there for, what its name is supposed to be and start and stop it using the O/S instead of the pl scripts.

I always like to use the utility that is "native". Oradim is the native utility for a lot of DBA administration. I will make sure I know it like the back of my hand.

When I decide to learn something, I mean really learn and understand. That's why it takes me 10 times longer than a normal person to learn something. I enjoy knowing and understanding what I do and it takes time to accomplish that.

Someday... I'll be able to help here instead of posting nothing but questions .. ;)

John.
618702
Dear 440bx - 11gR2,

I would like to give you a recommendation and please consider it as a "friend's" advice.

Reading those stuff ONLY will not help you. Some parts will remain in your brain for future usage but the most parts will be forgotten. That is how human brain acts. What you have to do then is while reading those stuff, examine it, question it and experience it.

For instance lets say you know how to alter a user and change its password. It is that simple;
ALTER USER SCOTT IDENTIFIED BY PASSWORD ACCOUNT LOCK PASSWORD EXPIRE;
That is tiny little sentence but i can remember it. Why? Because i have already run for multiple times and it is written in my brain because i experienced it.

There are more then 55k pages of online documentation and yet another 55k pages of published books ( more then 55k but i am just assuming :D ). So therefore what you are doing now is great for you because you are experiencing and questioning the stuff that you have been reading.

Alternatively if you are or you will work as a DBA, you are also going to have the hands on experience which is the most important thing for a DBA. I really would like to appreciate you because i like to see that a person is reading 2-days stuff and asking questions about the documentation.

Regards.

Ogan
783956
Hello Ogan,

>
I would like to give you a recommendation and please consider it as a "friend's" advice.
>

Your recommendations are welcome :)

>
Reading those stuff ONLY will not help you. Some parts will remain in your brain for future usage but the most parts will be forgotten. That is how human brain acts.
>

I agree, reading only is insufficient. The important thing is to understand. What a person remembers will eventually be forgotten. Memories simply do not last.

However, what you understand becomes a part of you and will never be forgotten. That's why I ask so many questions and try everything I can think of until I understand what is happening.

I'll give you an example of understanding vs learning. I learned this when I was 13 years old:

sin^2 + cos^2 = 1

The fundamental equation of trigonometry. The Sin squared of the angle + the cosine squared of the angle equals 1.

Most people have long forgotten this equation. The reason is simple, they never understood it. What's there to understand ? well... it's actually very simple....

The Pythagoream theorem states that a^2 + b^2 = c^2 (a square + b square = c square).

In words (or actually geometrically), what that equation means is that the sum of the areas of the squares that are created on the sides a (square on side a has area a^2) and b (square on side b has area b^2) equals the area of the square on the side c (called the hypothenus).

Everyone remembers that, few people have drawn it (unfortunately) because geometrically it is beautiful.

What does this have to do with trigonometry... well.. very simple...

The sine of an angle is defined as a divided by c, the cosine is defined as b divided by c. If we divide every term by c (which keeps everything the same) the Pythagorean theorem becomes:

(a/c)^2 + (b/c)^2 = (c/c)^2

We defined a/c as the sine of the angle, b/c as the cosine of the angle, therefore the above equation is simply this:

sin^2 + cos^ = 1

There... the trigonometric identity. No need to remember anything! It is simply a different way of stating the Pythagorean theorem, it's the same thing.

Once you've got that basic equation, the rest is a picnic. :) I remember that, decades later because I understood it. It is not possible for me to forget that.

Learning is good but compared to understanding, it is very little. I know that is what you were telling me in your previous post. In a very long way, I just told you that I completely agree with you and demonstrated why ;)

I hope you enjoyed that trigonometric trip back to high school :)

John.
Aman....
<head spinning> :0

My goodness! Well, I did assume almost the same but still, its awesome! I am sure, there would be a lot of learning that would happen for us from your questions, at least for me for sure since I know nothing :( .

And this was actually for you which I mentioned to Sidhu,
are you on Twitter, OC(www.oraclecommunity.net
And please start a blog, don't bother about readers, you are going to have plenty, take my words for it!

Aman....
618702
Aman.... wrote:
My goodness! Well, I did assume almost the same but still, its awesome! I am sure, there would be a lot of learning that would happen for us from your questions, at least for me for sure since I know nothing :( .
Aman....,

I am really having fun reading those threads started by John. I don't think that you "know nothing". You do my friend, you do :)

Regards.

Ogan
783956
Hi Aman,

>
at least for me for sure since I know nothing :( .
>

I have good news for you... ;) you know more than I do! :)

>
And please start a blog, don't bother about readers, you are going to have plenty, take my words for it!
>

I'm flattered but... I have 40,000+ lines of Oracle documentation to read and understand... I can't even think of starting a blog... the day I have knowledge worth sharing (for a change :D ), I'll post it here :)

John.

PS: I am not on any social internet sites and honestly, I have very little interest in those things (that's an understatement).

PPS: 5:00 a.m here... it's time to stop reading and get some sleep.
Aman....
Hi John,
I have good news for you... you know more than I do!
Thanks so much for the kind words :) . Let me rephrase my statement, I know very less compared, just few bits and pieces that's all! I hope it would be a great fun and very interesting to learn from the questions of yours since at times, a second set of eyes is needed to understand things! :)
I'm flattered but... I have 40,000+ lines of Oracle documentation to read and understand... I can't even think of starting a blog... the day I have knowledge worth sharing (for a change ), I'll post it here
Aww but a ray of hope is still there when you said that last part, "I'll post it here " :) .

Have a good sleep and with eyes, let Oracle db has some rest too :) .

Aman....
Aman....
Ogan,
I am really having fun reading those threads started by John.
Ditto is for me as well and am learning as well :) .
I don't think that you "know nothing". You do my friend, you do
No my friend, I know that I know very less, really really very less and its true!

Cheers
Aman....
amardeep.sidhu
I'll give you an example of understanding vs learning. I learned this when I was 13 years old:

sin^2 + cos^2 = 1

The fundamental equation of trigonometry. The Sin squared of the angle + the cosine squared of the angle equals 1.

Most people have long forgotten this equation. The reason is simple, they never understood it. What's there to understand ? well... it's actually very simple....

The Pythagoream theorem states that a^2 + b^2 = c^2 (a square + b square = c square).
Oh boy !!! Am i on some database or Maths forum ? ;)

Cool stuff John...really cool...

Cheers !
1 - 16
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Sep 18 2010
Added on Aug 21 2010
16 comments
5,180 views