FIPS is a four letter word. It is also a source of some confusion when it comes to the Oracle database and DISA STIG compliance, which I will attempt to sort out to the best of my ability in this post.
This quick “how to” document highlights configuration steps and parameters to enable PKI authentication between the Oracle Database Client for Windows and an Oracle Database. It was written to detail configuration parameters for the Oracle Wallet to use the Department of Defense Common Access Card (CAC) and U.S. Federal Government PIV cards as an external … Continue reading Configuring SSL for Oracle Client Authentication and Encryption with DoD Common Access Cards Using Microsoft Certificate Store
This is the last post in this series, in which I have described configurations for the server wallet, server networking, client networking, and database. If you have completed all of the steps I laid out, then you are ready to test your SSL connection using your smart card. TNS Ping over TCPS First confirm that … Continue reading Database Authentication with a Smart Card – Part 5 (Testing)
In parts one, two, and three of this series I looked at configuring the database server and client software for smart card authentication. In this post I will discuss required updates to the database initialization parameters, how to gather the necessary information to create the externally authenticated database user, and how to create the user. … Continue reading Database Authentication with a Smart Card – Part 4 (Database)
In Part 1 and Part 2 of this series I described the process for configuring the server wallet, sqlnet.ora, and listener.ora files. In this post I will discuss how to configure the client for SSL authentication with a smart card. At this point it is assumed that an Oracle Client has already been installed. The … Continue reading Database Authentication with a Smart Card – Part 3 (Client)
In my previous post I discussed the first steps in the configuration of an Oracle database for user authentication using a smart card, such as the DoD Common Access Card (CAC). Along with some general considerations for setting up SSL/TLS authentication, I went over the construction of the database server's Oracle Wallet. In this post … Continue reading Database Authentication with a Smart Card – Part 2 (Server)
I hate changing passwords every so many days. Seems like I no sooner get all of my passwords reset than it is time to start changing them again. Working in a government environment, one of those things that I tried to figure out for years was how to log on to a database using my … Continue reading Database Authentication with a Smart Card – Part 1 (Wallet)