Oracle® Database Net Services Administrator's Guide 10g Release 2 (10.2) Part Number B14212-02 |
|
|
View PDF |
This chapter describes how to configure client and server configuration parameters in profiles. A profile is a collection of parameters that specifies preferences for enabling and configuring Oracle Net features on the client or database server. A profile is stored and implemented through the sqlnet.ora
file.
This chapter contains these topics:
You can use a profile to:
Specify the client domain to append to unqualified names
Prioritize naming methods
Enable logging and tracing features
Route connections through specific processes
Configure parameters for external naming
Configure Oracle Advanced Security
Use protocol-specific parameters to restrict access to the database
Oracle Universal Installer launches Oracle Net Configuration Assistant after software installation on the client and server. Oracle Net Configuration Assistant configures the order of the naming methods that the computer uses to resolve a connect identifier to a connect descriptor
Configuration with the Oracle Net Configuration Assistant during installation results in the following entries in the sqlnet.ora
file:
NAMES.DIRECTORY_PATH=(ezconnect,tnsnames)
NAMES.DIRECTORY_PATH
specifies the priority order of the naming methods to use to resolve connect identifiers.
If the installed configuration is not adequate, you can use Oracle Net Manager to enhance the sqlnet.ora
configuration.
The following sections describe available client configuration options:
In environments where the client often requests names from a specific domain, it is appropriate to set a default domain in the client sqlnet.ora
file with the NAMES.DEFAULT_DOMAIN
parameter.
When a default domain is set, it is automatically appended to any unqualified net service name given in the connect string, and then compared to net service names stored in a tnsnames.ora
file.
For example, if the client tnsnames.ora
file contains a net service name of sales.us.acme.com
, the user can enter the following connect string:
CONNECT scott/tiger@sales
In this example, sales
gets searched as sales.us.acme.com
.
If the connect string includes the domain extension, such as in CONNECT scott/tiger@sales.us.acme.com
, the domain is not appended. If a net service name in a tnsnames.ora
file is not domain qualified and this parameter is set, the net service name must be entered with a dot ("."). For example, if domain is set to us.acme.com
and the client tnsnames.ora
file contains a net service name of sales
, the user would enter the following connect string:
CONNECT scott/tiger@sales
To specify a default domain:
Start Oracle Net Manager.
See Also:
"Oracle Net Manager"In the navigator pane, expand Local > Profile.
From the list in the right pane, select Naming.
Click the Methods tab.
In the Default Domain field, enter the domain.
Choose File > Save Network Configuration.
The sqlnet.ora
file should contain an entry that looks like the following:
NAMES.DEFAULT_DOMAIN=us.acme.com
After naming methods are configured, as described in Chapter 8, "Configuring Naming Methods", they must be prioritized. The naming method at the top of the list is used first to resolve a connect identifier. If the first naming method in the list is unable to resolve the connect identifier, then the second method in the list is used.
To specify the order of naming methods:
Start Oracle Net Manager.
See Also:
"Oracle Net Manager"In the navigator pane, expand Local > Profile.
From the list in the right pane, select Naming.
Click the Methods tab.
Table 9-1 describes the naming method values listed in the Methods tab.
Table 9-1 Naming Method Values
Naming Method Value | Description |
---|---|
|
Select to resolve a net service name through the See Also: "Configuring the Local Naming Method" |
|
Select to resolve a database service name, net service name, or net service alias through a directory server. |
|
Select to enable clients to use a TCP/IP connect identifier, consisting of a host name and optional port and service name, or resolve a host name alias through an existing names resolution service or centrally maintained set of See Also: "Using the Easy Connect Naming Method" |
|
Set to resolve an Oracle database name in a Distributed Computing Environment (DCE) environment. See Also: Oracle Database Advanced Security Administrator's Guide |
|
Set to resolve service information through an existing NIS. See Also: "Network Information Service (NIS)" |
Select naming methods from the Available Methods list, and then click the right-arrow button.
The selected naming methods move to the Selected Methods list.
Order the naming methods according to the order in which you want Oracle Net to try to resolve the net service name or database service name. Select a naming method in the Selected Methods list, and then click Promote or Demote to move the selection up or down in the list.
Choose File > Save Network Configuration.
The sqlnet.ora
file updates with the NAMES.DIRECTORY_PATH
parameter:
NAMES.DIRECTORY_PATH=(ldap, tnsnames)
Clients and servers acting as clients can be configured so connection requests are directed to a specific process. To configure this feature so that all connections use a particular server, you choose the Always Use Dedicated Server option in Oracle Net Manager. This sets the sqlnet.ora
parameter USE_DEDICATED_SERVER
to force the listener to spawn a dedicated server for all network sessions from the client. The result is a dedicated server connection, even if shared server is configured.
To route connection requests:
Start Oracle Net Manager.
See Also:
"Oracle Net Manager"In the navigator pane, expand Local > Profile.
From the list in the right pane, select General.
Click the Routing tab.
Select the preferred way that you want connection requests routed.
See Also:
Table 9-3 for a description of the fields and optionsChoose File > Save Network Configuration.
You can configure the sqlnet.ora
file to allow access to some clients and deny access to others. Table 9-2 describes the available settings.
Table 9-2 Access Control Settings in sqlnet.ora
Oracle Net Manager Field/Option | sqlnet.ora File Parameter | Description |
---|---|---|
Use to specify whether to screen access to the database. If this field is selected, Oracle Net Manager checks the parameters |
||
Use to specify which clients using the TCP/IP protocol are denied access to the database. |
||
Use to specify which clients using the TCP/IP protocol are allowed access to the database. |
To configure database access control:
Start Oracle Net Manager.
See Also:
"Oracle Net Manager" on page 5-3In the navigator pane, expand Local > Profile.
From the list in the right pane, select General.
Click the Access Rights tab.
Select the Check TCP/IP client access rights option.
In the Clients excluded from access and Clients allowed to access fields, enter either a host name or an IP address for a client that you wish to include or exclude, using commas to delimit entries placed on the same line.
Table 9-3 describes the advanced sqlnet.ora
file settings that you can set.
Table 9-3 Advanced Settings in sqlnet.ora
Oracle Net Manager Field/Option | sqlnet.ora File Parameter | Description |
---|---|---|
Use to specify the time, in seconds, for a database server to complete a send operation to clients to complete after connection establishment. For environments in which clients shut down on occasion or abnormally, setting this parameter is recommended. If the database server is unable to complete a send operation in the time specified, then it logs an Without this parameter, the database server continues to send responses to clients that are unable to receive data due to a downed computer or a busy state. You can also set this parameter on the clientside to specify the time, in seconds, for a client to complete send operations to the database server after connection establishment. Without this parameter, the client may continue to send requests to a database server already saturated with requests. |
||
Use to specify the time, in seconds, for a database server to wait for client data after connection establishment. A client must send some data within time interval. For environments in which clients shut down on occasion or abnormally, setting this parameter is recommended. If a client does not send any data in time specified, then the database server logs an Without this parameter, the database server continues to wait for data from clients that may be down or are experiencing difficulties. You can also use this setting on the clientside to specify the time, in seconds, for a client to wait for response data from the database server after connection establishment. Without this parameter, the client may wait for a long period of time for a response from a database server saturated with requests. |
||
Specify the time, in seconds, for a client to connect with the database server and provide the necessary authentication information. See Also: "Configuring the Listener and the Oracle Database To Limit Resource Consumption By Unauthorized Users" for complete information about configuring this setting |
||
Specify the buffer space limit for send operations of sessions. See Also: "Configuring I/O Buffer Space" for complete information about configuring this setting |
||
Specify the buffer space limit for receive operations of sessions. See Also: "Configuring I/O Buffer Space" for complete information about configuring this setting |
||
Use to specify a specify the time interval, in minutes, to send a probe to verify that client/server connections are active. Setting a value greater than 0 ensures that connections are not left open indefinitely, due to an abnormal client termination. If the probe finds a terminated connection, or a connection that is no longer in use, it returns an error, causing the server process to exit. This setting is intended for the database server, which typically handles multiple connections at any one time. Limitations on using this terminated connection detection feature are:
|
||
Use to specify a unique identifier for a client. This identifier is passed to the listener with any connection request. The identifier can be any string up to 128 characters long. |
||
Can the 9i and 8i parts of this description be removed? (the whole table will be removed eventually) Use to specify which authentication protocols are allowed by the client or database. If the client and database server do not have at least one matching version, then authentication fails with an error. Supported values include:
Any value other than See Also:Oracle Database Advanced Security Administrator's Guide |
||
Use to turn on or off UNIX signal handling. Since the client application spawns a server process internally through the Bequeath protocol as a child process, the client application becomes responsible for cleaning up the child process when it completes. When the server process completes its connection responsibilities, it becomes a defunct process. Signal handlers are responsible for cleaning up these defunct processes. Setting this parameter configures the client profile to pass this process to the UNIX init process by disabling signal handlers. |
||
Use to turn on or off out-of-band breaks. If deselected or set to If selected or set to See Also: Oracle operating system-specific documentation to determine if the protocol supports urgent data requests. TCP/IP is an example of a protocol that supports this feature. |
To set advanced features:
Start Oracle Net Manager.
See Also:
"Oracle Net Manager"In the navigator pane, expand Local > Profile.
From the list in the right pane, select General.
Click the Advanced tab.
Enter the values for the fields or options you want to set.
See Also:
Table 9-3 for a description of the fields and optionsChoose File > Save Network Configuration.
Configure required client parameters needed for the NIS external naming or the CDS external naming method in the profile. Table 9-4 describes the sqlnet.ora
file external naming settings that you can set.
Table 9-4 External Naming Methods Settings in sqlnet.ora
Oracle Net Manager Field | sqlnet.ora File Parameter | Description |
---|---|---|
Enter a valid DCE cell name (prefix). |
||
Specify the map, a special file that contains the database service name. |
To configure external naming method parameters:
Start Oracle Net Manager.
See Also:
"Oracle Net Manager"In the navigator pane, expand Local > Profile.
From the list in the right pane, select Naming.
Enter a value in the appropriate field for the external naming method you are using.
Choose File > Save Network Configuration.
Oracle Advanced Security enables data encryption and integrity checking, enhanced authentication, single sign-on, and support for DCE. Oracle Advanced Security also provides centralized user management on LDAP-compliant directory servers and certificate-based single sign-on; this functionality relies on the Secure Sockets Layer (SSL).
To configure a client or server to use Oracle Advanced Security features:
Start Oracle Net Manager.
See Also:
"Oracle Net Manager"In the navigator pane, expand Local > Profile.
From the list in the right pane, select Oracle Advanced Security.
Each Oracle Advanced Security tab page enables you to configure a separate set of parameters.
See Also:
Choose the Help button on the particular tab page
Oracle Advanced Security procedural topics in the Oracle Net Manager online help. To access these topics in the online help, choose Oracle Advanced Security > How To.
Oracle Database Advanced Security Administrator's Guide for further information about configuration
Select or edit options as applicable.
Choose File > Save Network Configuration.