Oracle Advanced Security Administrator's Guide Release 8.1.5 A67766-01 |
|
This chapter describes how clients outside DCE can connect to Oracle servers in DCE and how a local naming configuration file (tnsnames.ora) can be used for name lookup when CDS is accessible.
This chapter covers the following topics:
Clients without access to DCE and CDS can still connect to Oracle servers in DCE using TCP/IP or some other protocol if a listener is configured to do this. If a listener has been configured in the listener.ora file on the server (see the sample listener.ora file in the next section), non-DCE clients can use normal Oracle and Net8 procedures to connect to an Oracle server in DCE.
Following are samples of listener.ora and tnsnames.ora files as they would need to be configured if a client from outside of DCE wanted to connect to Oracle database servers in a DCE environment.
At least two Oracle parameter files are needed for successful client/server communications. Create and modify these files using you favorite text editor. The files are as follows:
This file resides on the listener node. It defines listener characteristics and the addresses at which the listener listens.
In the following example, each element is laid out on a separate line, so it is easy to see the file's structure. This is the recommended format. If you must edit a listener.ora file by hand, you do not have to put each element on a separate line. Be careful, though, to include all the appropriate parentheses and to indent if you must continue an element onto the next line.
This example assumes the UNIX operating system and the TCP/IP protocol for one listener, and the DCE protocol for another listener. A single listener may have multiple addresses too. For example, instead of having two separate listeners for different database instances on a server node, you could have one listener for both, listening on both TCP/IP and on DCE. However, performance will be better with separate listeners.
LSNR_TCP= (ADDRESS_LIST= (ADDRESS= (PROTOCOL=IPC) (KEY=DB1) ) (ADDRESS= (PROTOCOL=tcp) (HOST=rose) (PORT=1521) )) SID_LIST_LSNR_TCP= (SID_DESC= (SID_NAME=ORASID) (ORACLE_HOME=/usr/jprod/oracle7) ) LSNR_DCE= (ADDRESS= (PROTOCOL=DCE) (SERVER_PRINCIPAL=oracle) (CELL_NAME=cell1) (SERVICE=dce_svc)) SID_LIST_LSNR_DCE= (SID_DESC= (SID_NAME=ORASID) (ORACLE_HOME=/usr/prod/oracle8)) #For all listeners, the following parameters list sample #default values. PASSWORDS_LISTENER= STARTUP_WAIT_TIME_LISTENER=0 CONNECT_TIMEOUT_LISTENER=10 TRACE_LEVEL_LISTENER=OFF TRACE_DIRECTORY_LISTENER=/usr/prod/oracle7/neatwork/trace TRACE File_LISTENER=listener.trc LOG_DIRECTORY_LISTENER=/usr/prod/oracle7/network/log LOG_FILE_LISTENER=listener.log
This file resides on both the client and the server nodes. It provides a list of the service names and addresses of all services on the network.
The following tnsnames.ora file maps the service name ORATCP to the connect descriptor that includes a TCP/IP address and the service name ORADCE to a connect descriptor that includes a DCE address.
ORATCP = (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=rose) (PORT=1521) ) (CONNECT_DATA= (SID=DB1) ) ) ORADCE=(DESCRIPTION= (ADDRESS= (PROTOCOL=DCE) (SERVER_PRINCIPAL=oracle) (CELL_NAME=cell1) (SERVICE=dce_svc) ) (CONNECT_DATA= (SID=ORASID) ) )
A user who wished to access the DB1 database would use ORATCP to identify the appropriate connect descriptor. For example:
SQLPLUS SCOTT/TIGER@ORATCP
Typically, names are resolved into network addresses by CDS. Though the main purpose (in the context of Native Naming adapters) of tnsnames.ora is to load Oracle service names and network addresses into CDS, it could be used temporarily as a backup name resolution service if CDS is inaccessible.
To use tnsnames.ora for name lookup and resolution, remove (or comment out) the "native name" parameters from sqlnet.ora on the client. To comment out the lines, add a # at the beginning of each line. For example:
#native_names.use_native=true #native_names.directory_path=(dce)
You can use tnsnames.ora for name lookup and resolution when DCE CDS is unavailable if you have tnsnames listed as a value for the NAMES.DIRECTORY_PATH parameter in the sqlnet.ora file on the client. For example:
names.directory_path=(dce, tnsnames)
This parameter enables you to list more than one names resolution method. The methods are tried in order. In this example, dce is attempted first. If it is unsuccessful, tnsnames is tried next.