Let’s say we want to create a database user who logs in with their OS account. To do so, we will use the “external authentication” option offered by oracle.
Check the value of the os_authent_prefix parameter
SQL> show parameter os_authent_prefix NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ os_authent_prefix string ops$
The ops$ value is the prefix that oracle will use for each OS account. As we can see, our user is prefixed with ops$. Oracle uses the prefix to recognize OS users when they attempt to connect. It is also a way for Oracle to separate a database account and an OS account.
Let’s create the external user account in the database
SQL> create user ops$mikando identified externally;
As we can see, our user is prefixed with ops$.
Give the necessary privileges
SQL> grant connect, resource, create session to ops$mikando;
Let’s create the user named mikando and his password.
[root@svrosisdb ~]# useradd -g oinstall -G dba,oper,asmdba mikando
[root@svrosisdb ~]# passwd mikando
Open a new session and connect with the new operating system (os) user created “mikando”
login as: mikando mikando@192.168.56.10's password
Load the database
[mikando@svrosisdb ~]$ . oraenvoracle database 11 ORACLE_SID = [mikando] ? achats ORACLE_BASE environment variable is not being set since this information is not available for the current user ID mikando. You can set ORACLE_BASE manually if it is required. Resetting ORACLE_BASE to its previous value or ORACLE_HOME The Oracle base has been set to /u01/app/oracle/product/12.1.0/db
Here, our target database is called achats
Connect to database
[mikando@svrosisdb ~]$ sqlplus / SQL*Plus: Release 12.1.0.2.0 Production on Mon Dec 23 09:47:48 2019 Copyright (c) 1982, 2014, Oracle. All rights reserved. Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production With the Partitioning, Automatic Storage Management, OLAP, Advanced Analytics and Real Application Testing options SQL>
Now the os user named “mikando” can connect to the database without being asked for a password.