Client | For this scenario, let us say the client is using a Web browser and has started an application that prompts for the username and password.
Once the user types this in, the information goes to Oracle Net Services. |
Oracle Net Services | Oracle Net Services has Oracle Advanced Security in place, so before anything goes to the database, Oracle Net Services first passes it through the Advanced Security.
Advanced Security takes the username and password and transmits it to the RADIUS Server. |
RADIUS Server | The RADIUS Server receives the username and password and sends it on to the Authentication Server. Depending on the implementation (by a third party, not Oracle), the RADIUS Server and the Authentication Server may be within the same software. |
Oracle Server | Once the user's identity has been validated, Oracle Net Services passes the request on to the database server. The database server logs the user in, processes whatever request for data has been made, and returns the information to Oracle Net Services, which in turn returns that data to the client. |
Authentication Server | The Authentication Server validates the user's name and password and returns an "Accepted" or "Rejected" flag to the RADIUS Server. |
Remote Authentication Dial-In User Service (RADIUS) is a lightweight protocol used for authentication as well as authorization and accounting services. In an Oracle environment, the Oracle server acts as the client to a RADIUS server when an authorization
request is sent from an Oracle client. Any authentication method that supports the RADIUS standard, whether it be 1) token cards,
2) smart cards, or 3) SecurID ACE, can easily be added to the RADIUS server as a new authentication method without any changes being made on the client or server configuration files, such as sqlnet.ora.