Changes in This Release for Oracle Database Enterprise User Security Administrator's Guide
Changes in this Release for Release 19c Version 19.1
The following are changes in Oracle Database Enterprise User Security Administrator's Guide for Oracle Database release 19c, version 19.1.
New Features
-
Enterprise Security Administrators can configure a client-side wallet also known as an external secure password store to store user name credentials when using standalone utilities.
Doing this simplifies deployments that rely on password credentials for connecting to databases as scripts will then no longer need to embed user names and passwords. This also reduces risk because the passwords are no longer exposed, and password policies are more easily managed without changing application code or scripts whenever user names or passwords change.
The client-side wallet can be used with the following standalone utilities:-
Enterprise User Security Manager (EUSM)
See About Using a Secure External Password Store for more information about configuring the
dbuser
,keystore
, andldap_user
credentials in the wallet and using thedb_alias
,keystore_alias
,ldap_alias
, andwallet_location
parameters on the command-line. -
User Migration Utility
See Step 0: About Using a Secure External Password Store for more information about configuring the
DBADMIN
andENTADMIN
credentials in the wallet and using theDBALIAS
,ENTALIAS
, andWALLETLOCATION
parameters on the command-line. -
External Users Conversion Script
See SSL External Users Conversion Script for more information about configuring the
dbuser
credential in the wallet and using the-dbalias
and-wallet_location
parameters on the command-line.
-
Changes in Oracle Database Release 18c Version 18.1
The following are changes in Oracle Database Enterprise User Security Administrator's Guide for Oracle Database release 18c, version 18.1.
New Features
-
Oracle Database Enterprise User Security release 18c, version 18.1 includes the following new features:
-
Enterprise User Security Manager (EUSM)
The
eusm
command-line tool can be used to manage the Enterprise User Security (EUS) Configuration in Oracle Internet Directory (OID) directory server.See Enterprise User Security Manager (EUSM) Command Reference for more information about this feature.
-
Centrally Managed Users for Microsoft Active Directory.
This integration is the preferred option from a complexity, cost, maintenance, and development perspective for new projects that do not require some of the more complex Enterprise User Security features like trusted database links.
See Configuring Authentication and Configuring Authorization in Oracle Database Security Guide for more information about using centrally managed users to directly authenticate and authorize users with Microsoft Active Directory.
See Integrating Enterprise User Security with Microsoft Active Directory for other options to authenticate and authorize users with Microsoft Active Directory.
-
Support is added for Enterprise User Security authentication with 12C verifier generated from Oracle Internet Directory
The 12C verifier generated from Oracle Internet Directory uses a new ZT tag,
MR-SHA512
, for multi-round Password-Based Key Derivation Function (PBKDF2) based keyed-hash message authentication code (HMAC) with SHA512 cryptographic hash functions to provide a strong password verifier. This support is added in OID bundle patch 11.1.1.9.0.See Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory for more information.
-
For pluggable databases, you are no longer restricted to the default wallet location. The
WALLET_LOCATION
can point to a directory location of your choice.See Wallet Location for Pluggable Databases for more information.
-
Changes in Oracle Database 12c Release 2 (12.2.0.1)
The following are changes in Oracle Database Enterprise User Security Administrator's Guide for Oracle Database 12c Release 2 (12.2.0.1).
New Features
The following features are new in this release:
-
Enterprise User Security 12c release 2 (12.2.0.1) includes the following new features:
-
The
okcreate
command-line utility to automate creation of the service principal keytab when deploying Enterprise User Security using Kerberos authentication.See Set Up Active Directory to Interoperate with Oracle Client for more information about this feature.
-