« Broader Look at Kerberos, Active Directory and Oracle Products | Main | Managing Users in Oracle DB on Windows »

Clarifying Questions On Kerberos and Oracle Products

By mark.wilcox on December 11, 2007 7:40 PM

I had a couple of messages posted as comments to other posts that I want to respond to.

Jackson Shaw asked me:
"I think you need to do a better job getting the word out and, unless I
am mistaken, Oracle charges for Kerberos, smartcard and radius
authentication (Oracle Advanced Security).
I realize as software vendors we all have to make money for our
shareholders but charging for OAS? Microsoft doesn't charge for any of
those capabilities.
Maybe I'm mistaken about that but if so, see your first take: "Maybe we
need to get the word out."
Best,
Jackson"

My answer:
Need to be more specific here - Oracle is *not* just the database :). If you are using Oracle SSO and/or Oracle Access Manager- they can leverage Kerberos via Windows Native Authentication without needing any other additional license.

If you do wish to use Kerberos (or any of the other authentication options covered by ASO) - you do currently need the Advanced Security Options license. I don't discuss pricing or licensing details - I just handle functional/technical issues and what the price list says :). Though I would point out there are many other features that ASO covers such as Virtual Private Database and database encryption technologies that you likely will want to use anyway. 

Finally in terms of comparing to Microsoft "for free" - as I pointed out in this post - if your client is on Windows (and can leverage OS Authentication) and the Database on Windows - you can use OS Authentication without needing ASO license (though I would ask that you confirm any licensing questions with your account represenative). That's effectively the same as what MSFT gives you. Except that we don't limit you to running your database just on Windows. Or having to just use AD for your directory.
---
James from Architect Book wrote me:
All the stuff that you mentioned requires OVD, I think Jackson wanted
it to be supported in Oracle natively without having to acquire any
additional products and/or licenses.

My reply:
Actually none of the Kerberos components require OVD at all. If you want to deploy OSSO 10g (current version) it does require OID though I believe we'll change that requirement in the future. EUS (which is orthogonal to Kerberos authentication because EUS is primarily about user management) does require either OID or OVD. But even that being said - most organizations do benefit from a virtual directory for use cases that extend beyond the database.





AddThis Social Bookmark Button

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search All Blogs

Google Search


Only search this blog

About This Entry

This page contains a single entry from the blog posted on December 11, 2007 7:40 PM.

The previous post in this blog was Broader Look at Kerberos, Active Directory and Oracle Products.

The next post in this blog is Managing Users in Oracle DB on Windows.

Many more can be found on the main index page or by looking through the archives.

Top Tags

RSS

Subscribe to this blog's feed
Powered by
Movable Type and Oracle