Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 345128 Details for
Bug 465252
=dev-db/oracle-instantclient-basic-11.2.0.3 should install Network Client startup parameter file (sqlnet.ora)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
sqlnet.ora for oracle 11.2 (instantclient)
sqlnet.ora (text/plain), 63.75 KB, created by
Michael Haubenwallner (RETIRED)
on 2013-04-10 15:14:08 UTC
(
hide
)
Description:
sqlnet.ora for oracle 11.2 (instantclient)
Filename:
MIME Type:
Creator:
Michael Haubenwallner (RETIRED)
Created:
2013-04-10 15:14:08 UTC
Size:
63.75 KB
patch
obsolete
># ># This file basically is a dump of the sqlnet.ora documentation found here: ># http://docs.oracle.com/cd/E11882_01/network.112/e10835/sqlnet.htm ># ># ># Overview of Profile Configuration File ># ># The |sqlnet.ora| file is the profile configuration file. It resides on ># the client machines and the database server. Profiles are stored and ># implemented using this file. The database server can be configured with ># access control parameters in the |sqlnet.ora| file. These parameters ># specify whether clients are allowed or denied access based on the protocol. ># ># The |sqlnet.ora| file enables you to do the following: ># ># * Specify the client domain to append to unqualified names ># * Prioritize naming method ># * Enable logging and tracing features ># * Route connections through specific processes ># * Configure parameters for external naming ># * Configure Oracle Advanced Security ># * Use protocol-specific parameters to restrict access to the database ># ># By default, the |sqlnet.ora| file is located in the ># |ORACLE_HOME/network/admin| directory. The |sqlnet.ora| file can also be ># stored in the directory specified by the |TNS_ADMIN| environment variable. ># ># >############################### ># BEQUEATH_DETACH >############################### ># ># Purpose: ># To turn signal handling on or off for Linux and UNIX systems. ># ># Default: NO ># ># Values: ># * |yes| to turn signal handling off ># * |no| to leave signal handling on ># ># Example: ># BEQUEATH_DETACH=yes ># ># >############################### ># DEFAULT_SDU_SIZE >############################### ># ># Purpose: ># To specify the session data unit (SDU) size, in ># bytes to connections. ># ># Usage: ># Oracle recommends setting this parameter in both the client-side and ># server-side |sqlnet.ora| file to ensure the same SDU size is used ># throughout a connection. When the configured values of client and ># database server do not match for a session, the lower of the two values ># is used. ># ># You can override this parameter for a particular client connection by ># specifying the SDU parameter in the connect ># descriptor for a client. ># ># See Also: ># Oracle Database Net Services Administrator's Guide ># for complete SDU ># usage and configuration information ># ># Default: 8192 bytes (8 KB) ># ># Values: 512 to 65535 bytes ># ># Example: ># DEFAULT_SDU_SIZE=4096 ># ># >############################### ># DISABLE_OOB >############################### ># ># Purpose: ># To enable or disable Oracle Net to send or receive out-of-band break ># messages using urgent data provided by the underlying protocol. ># ># If turned |off|, then the parameter enables Oracle Net to send and ># receive break messages. If turned |on|, then the parameter disables the ># ability to send and receive break messages. Once enabled, this feature ># applies to all protocols used by this client. ># ># Default: OFF ># ># Example: ># DISABLE_OOB=on ># ># See Also: ># Operating system-specific documentation to determine if the protocols ># you are using support urgent data requests. TCP/IP is an example of a ># protocol that supports this feature. ># ># >############################### ># NAMES.DEFAULT_DOMAIN >############################### ># ># Purpose: ># To set the domain from which the client most often looks up names ># resolution requests. When this parameter is set, the default domain name ># is automatically appended to any unqualified net service name or service ># name. ># ># For example, if the default domain is set to |us.example.com|, then the ># connect string |CONNECT scott@sales| gets searched as ># |sales.us.example.com|. If the connect string includes the domain ># extension, such as |CONNECT scott@sales.us.example.com|, then the domain ># is not appended to the string. ># ># Default: None ># ># Example: ># NAMES.DEFAULT_DOMAIN=example.com ># ># >############################### ># NAMES.DIRECTORY_PATH >############################### ># ># Purpose: ># To specify the order of the naming methods used for client name ># resolution lookups. ># ># Default: NAMES.DIRECTORY_PATH=(tnsnames, ldap, ezconnect) ># ># Values: ># +----------------------------+---------------------------------------------------------------+ ># | Naming Method Value | Description | ># +----------------------------+---------------------------------------------------------------+ ># | |tnsnames| | Set to resolve a net service name through the |tnsnames.ora| | ># | (local naming method) | file on the client. | ># +----------------------------+---------------------------------------------------------------+ ># | |ldap| | Set to resolve a database service name, net service name, or | ># | (directory naming method) | net service alias through a directory server. | ># +----------------------------+---------------------------------------------------------------+ ># | |ezconnect| or |hostname| | Select to enable clients to use a TCP/IP connect identifier, | ># | (Easy Connect naming or | consisting of a host name and optional port and service name. | ># | host naming method) | | ># +----------------------------+---------------------------------------------------------------+ ># | |nis| (Network Information | Set to resolve service information through an existing NIS. | ># | Service (NIS) external | | ># | naming method) | | ># +----------------------------+---------------------------------------------------------------+ ># ># Example: ># NAMES.DIRECTORY_PATH=(tnsnames) ># ># >############################### ># NAMES.LDAP_AUTHENTICATE_BIND >############################### ># ># Purpose: ># To specify whether the LDAP naming adapter should attempt to ># authenticate using a specified wallet when it connects to the LDAP ># directory to resolve the name in the connect string. ># ># Usage: ># The parameter value is Boolean. ># ># If the parameter is set to |TRUE|, then the LDAP connection is ># authenticated using a wallet whose location must be specified in the ># WALLET_LOCATION parameter. ># ># If the parameter is set to |FALSE|, then the LDAP connection is ># established using an anonymous bind. ># ># Default: FALSE ># ># Example: ># NAMES.LDAP_AUTHENTICATE_BIND=TRUE ># ># >############################### ># NAMES.LDAP_CONN_TIMEOUT >############################### ># ># Purpose: ># To specify number of seconds for a non-blocking connect timeout to the ># LDAP server. ># ># Usage: ># The parameter value -1 is for infinite timeout. ># ># Default: 15 seconds ># ># Values: Values are in seconds. The range is |-1| to the number of seconds ># acceptable for your environment. There is no upper limit. ># ># Example: ># names.ldap_conn_timeout = -1 ># ># >############################### ># NAMES.LDAP_PERSISTENT_SESSION >############################### ># ># Purpose: ># To specify whether the LDAP naming adapter should leave the session with ># the LDAP server open after name lookup is complete. ># ># Usage: ># The parameter value is Boolean. ># ># If the parameter is set to |TRUE|, then the connection to the LDAP ># server is left open after the name lookup is complete; the connection ># will effectively stay open for the duration of the process. If the ># connection is lost, then it will be re-established as needed. ># ># If the parameter is set to |FALSE|, then the LDAP connection is ># terminated as soon as the name lookup completes. Every subsequent lookup ># opens the connection, performs the lookup, and closes the connection. ># This option prevents the LDAP server from having a large number of ># clients connected to it at any one time. ># ># Default: FALSE ># ># Example: ># NAMES.LDAP_PERSISTENT_SESSION=TRUE ># ># >############################### ># RECV_BUF_SIZE >############################### ># ># Purpose: ># To specify the buffer space limit for receive operations of sessions. ># This parameter is supported by the TCP/IP, TCP/IP with SSL, and SDP ># protocols. ># ># Note: ># ># Additional protocols might support this parameter on certain operating ># systems. Refer to the operating system-specific documentation for ># additional information about additional protocols that support this ># parameter. ># ># See Also: ># Oracle Net Services Administrator's Guide ># for additional ># information about configuring this parameter ># ># Default: The default value for this parameter is operating system-specific. ># ># Usage: ># You can override this parameter for a particular client connection by ># specifying the RECV_BUF_SIZE parameter in the ># connect descriptor for a client. ># ># Example: ># RECV_BUF_SIZE=11784 ># ># >############################### ># SDP.PF_INET_SDP >############################### ># ># Purpose: ># To specify the protocol family or address family constant for the SDP ># protocol on your system. ># ># Default: 27 ># ># Values: Any positive integer ># ># Example: ># SDP.PF_INET_SDP=30 ># ># >############################### ># SEC_USER_AUDIT_ACTION_BANNER >############################### ># ># Purpose: ># To specify a text file containing the banner contents that warn the user ># about possible user action auditing. The complete path of the text file ># must be specified in the |sqlnet.ora| file on the server. Oracle Call ># Interface (OCI) applications can make use of OCI features to retrieve ># this banner and display it to the user. The text file has a maximum ># limit of 512 bytes. ># ># Default: None ># ># Values: Name of the file for which the database owner has read permissions. ># ># Example: ># SEC_USER_AUDIT_ACTION_BANNER=/opt/oracle/admin/data/auditwarning.txt ># ># >############################### ># SEC_USER_UNAUTHORIZED_ACCESS_BANNER >############################### ># ># Purpose: ># To specify a text file containing the banner contents that warn the user ># about unauthorized access to the database. The complete path of the text ># file must be specified in the |sqlnet.ora| file on the server. OCI ># applications can make use of OCI features to retrieve this banner and ># display it to the user. The text file has a maximum limit of 512 bytes. ># ># Default: None ># ># Values: Name of the file for which the database owner has read permissions. ># ># Example: ># SEC_USER_UNAUTHORIZED_ACCESS_BANNER=/opt/oracle/admin/data/unauthwarning.txt ># ># >############################### ># SEND_BUF_SIZE >############################### ># ># Purpose: ># To specify the buffer space limit for send operations of sessions. This ># parameter is supported by the TCP/IP, TCP/IP with SSL, and SDP protocols. ># ># Note: ># ># Additional protocols might support this parameter on certain operating ># systems. Refer to the operating system-specific documentation for ># additional information about additional protocols that support this ># parameter. ># ># See Also: ># Oracle Database Net Services Administrator's Guide ># for additional ># information about configuring this parameter ># ># Default: The default value for this parameter is operating system-specific. ># ># Usage: ># You can override this parameter for a particular client connection by ># specifying the SEND_BUF_SIZE parameter in the ># connect descriptor for a client. ># ># Example: ># SEND_BUF_SIZE=11784 ># ># >############################### ># SQLNET.ALLOWED_LOGON_VERSION >############################### ># ># Purpose: ># To set the minimum authentication protocol allowed when connecting to ># Oracle Database instances. The term |VERSION| in the parameter name ># refers to the version of the authentication protocol, not the Oracle ># Database release. ># ># If the client release does not meet or exceed the value defined by this ># parameter, then authentication fails with an |ORA-28040 ># : No matching ># authentication protocol| error or an |ORA-03134 ># : Connections to ># this server version are no longer supported| error. ># ># Usage Notes ># ># A setting of |8| permits most password versions, and allows any ># combination of the |DBA_USERS.PASSWORD_VERSIONS| values |10G|, and |11G|. ># ># A greater value means the server is less compatible in terms of the ># protocol that clients must understand in order to authenticate. The ># server is also more restrictive in terms of the password version that ># must exist to authenticate any specific account. The ability for a ># client to authenticate depends on the |DBA_USERS.PASSWORD_VERSIONS| ># value on the server for that account. ># ># Note the following implications of setting the value to |12|: ># * To take advantage of the password protections introduced in Oracle ># Database 11g, users must change their passwords. The new passwords ># are case sensitive. When an account password is changed, the earlier ># |10G| case-insensitive password version is automatically removed. ># * Releases of OCI clients before Oracle Database 10g and all versions ># of JDBC thin clients cannot authenticate to the Oracle database ># using password-based authentication. ># * If the client uses Oracle9i Database, then the client will receive ># an |ORA-03134| ># error message. To allow the connection, remove the ># |SQLNET.ALLOWED_LOGON_VERSION| setting to return to the default. ># Ensure the |DBA_USERS.PASSWORD_VERSIONS| value for the account ># contains the value |10G|. It may be necessary to reset the password ># for that account. ># ># The client must support certain abilities of an authentication protocol ># before the server will authenticate. If the client does not support a ># specified authentication ability, then the server rejects the connection ># with an |ORA-28040 ># : No matching ># authentication protocol| error message. ># ># The following is the list of all client abilities. Some clients do not ># have all abilities. Clients that are more recent have all the ># capabilities of the older clients, but older clients tend to have less ># abilities than more recent clients. ># * |O5L_NP|: The ability to perform the Oracle Database 10g ># authentication protocol using the |11G| password version, and ># generating a session key encrypted for critical patch update CPUOct2012. ># * |O5L|: The ability to perform the Oracle Database 10g authentication ># protocol using the |10G| password version. ># * |O4L|: The ability to perform the Oracle9i database authentication ># protocol using the |10G| password version. ># * |O3L|: The ability to perform the Oracle8i database authentication ># protocol using the |10G| password version. ># ># A higher ability value is more recent and secure than a lower ability ># value. Clients that are more recent have all the capabilities of the ># older clients. ># ># The following table describes the allowed values, password versions, and ># descriptions: ># ># Value of the ALLOWED_LOGON_VERSION Parameter Generated Password ># Version Ability Required of the Client Meaning for Clients ># |12|^Foot 1 |11G| |O5L_NP| Only clients which have ># applied critical patch update CPUOct2012 or later, or release 11.2.0.3 ># clients with an equivalent update can connect to the server. ># |11| |10G|, |11G| |O5L| Clients using Oracle Database 10g and later ># can connect to the server. ># ># Clients using releases earlier than Oracle Database release 11.2.0.3 ># that have not applied critical patch update CPUOct2012 or later patches ># must use the |10G| password version. ># ># |10| |10G|, |11G| |O5L| Clients using Oracle Database 10g and later ># can connect to the server. ># ># Clients using releases earlier than Oracle Database release 11.2.0.3 ># that have not applied critical patch update CPUOct2012 or later patches ># must use the |10G| password version. ># ># |9| |10G|, |11G| |O4L| Oracle9i Database or later clients can connect ># to the server. ># |8| |10G|, |11G| |O3L| Oracle8i Database and later clients can ># connect to the server. ># ># ># ^Footnote 1 This is considered "Exclusive Mode" because it excludes the ># use of the |10G| password version. ># ># Allowed Values ># * |12| for the critical patch updates CPUOct2012 and later Oracle ># Database 11g authentication protocols (recommended) ># * |11| for Oracle Database 11g authentication protocols ># * |10| for Oracle Database 10g authentication protocols ># * |9| for Oracle9i Database authentication protocols ># * |8| for Oracle8i Database authentication protocols (default) ># ># Default: 8 ># ># Example: ># If both Oracle Database 11g and Oracle Database 10g are present, then ># set the parameter as follows: ># ># SQLNET.ALLOWED_LOGON_VERSION=10 ># ># >############################### ># SQLNET.AUTHENTICATION_KERBEROS5_SERVICE >############################### ># ># Purpose: ># To define the name of the service used to obtain a Kerberos service ticket. ># ># Default: None ># ># Example: ># SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=oracle ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.AUTHENTICATION_SERVICES >############################### ># ># Purpose: ># To enable one or more authentication services. If authentication has ># been installed, then it is recommended that this parameter be set to ># either |none| or to one of the authentication methods. ># ># Default: None ># ># Note: ># ># When installing the database with Database Configuration Assistant ># (DBCA), this parameter may be set to |nts| in the |sqlnet.ora| file. ># ># Values ># * Authentication Methods Available with Oracle Net Services: ># ># o ># ># |none| for no authentication methods, including Microsoft ># Windows native operating system authentication. When ># |SQLNET.AUTHENTICATION_SERVICES| is set to |none|, a valid user ># name and password can be used to access the database. ># ># o ># ># |all| for all authentication methods. ># ># o ># ># |nts| for Microsoft Windows native operating system authentication. ># * Authentication Methods Available with Oracle Advanced Security: ># ># o ># ># |kerberos5| for Kerberos authentication. ># ># o ># ># |radius| for RADIUS authentication. ># ># o ># ># |tcps| for SSL authentication. ># ># Example: ># SQLNET.AUTHENTICATION_SERVICES=(kerberos5) ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.CLIENT_REGISTRATION >############################### ># ># Purpose: ># To set a unique identifier for the client computer. This identifier is ># passed to the listener with any connection request and is included in ># the Audit Trail. The identifier can be any alphanumeric string up to 128 ># characters long. ># ># Default: None ># ># Example: ># SQLNET.CLIENT_REGISTRATION=1432 ># ># >############################### ># SQLNET.CRYPTO_CHECKSUM_CLIENT >############################### ># ># Purpose: ># To specify the checksum behavior for the client. ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># Default: accepted ># ># Values ># * |accepted| to enable the security service if required or requested ># by the other side. ># * |rejected| to disable the security service, even if the required by ># the other side. ># * |requested| to enable the security service if the other side allows it. ># * |required| to enable the security service and disallow the ># connection if the other side is not enabled for the security service. ># ># Example: ># SQLNET.CRYPTO_CHECKSUM_CLIENT=accepted ># ># >############################### ># SQLNET.CRYPTO_CHECKSUM_SERVER >############################### ># ># Purpose: ># To specify the checksum behavior for the database server. ># ># Default: accepted ># ># Values ># * |accepted| to enable the security service if required or requested ># by the other side. ># * |rejected| to disable the security service, even if the required by ># the other side. ># * |requested| to enable the security service if the other side allows it. ># * |required| to enable the security service and disallow the ># connection if the other side is not enabled for the security service. ># ># Example: ># SQLNET.CRYPTO_CHECKSUM_SERVER=accepted ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT >############################### ># ># Purpose: ># To specify a list of crypto-checksum algorithms for the client to use. ># ># Default: All available algorithms ># ># Values ># * |md5| for the RSA Data Security MD5 algorithm. ># * |sha1| for the Secure Hash algorithm. ># ># Example: ># SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT=(MD5) ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER >############################### ># ># Purpose: ># To specify a list of crypto-checksum algorithms for the database server ># to use. ># ># Default: All available algorithms ># ># Values ># * |md5| for the RSA Data Security's MD5 algorithm ># * |sha1| for the Secure Hash algorithm ># ># Example: ># SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(md5) ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.ENCRYPTION_CLIENT >############################### ># ># Purpose: ># To turn encryption on for the client. ># ># Default: accepted ># ># Values ># * |accepted| to enable the security service if required or requested ># by the other side. ># * |rejected| to disable the security service, even if the required by ># the other side. ># * |requested| to enable the security service if the other side allows it. ># * |required| to enable the security service and disallow the ># connection if the other side is not enabled for the security service. ># ># Example: ># SQLNET.ENCRYPTION_CLIENT=accepted ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.ENCRYPTION_SERVER >############################### ># ># Purpose: ># To turn encryption on for the database server. ># ># Default: accepted ># ># Values ># * |accepted| to enable the security service if required or requested ># by the other side. ># * |rejected| to disable the security service, even if the required by ># the other side. ># * |requested| to enable the security service if the other side allows it. ># * |required| to enable the security service and disallow the ># connection if the other side is not enabled for the security service. ># ># Example: ># SQLNET.ENCRYPTION_SERVER=accepted ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.ENCRYPTION_TYPES_CLIENT >############################### ># ># Purpose: ># To specify a list of encryption algorithms for the client to use. ># ># Default: All available algorithms. ># ># Values: One or more of the following: ># * |3des112| for triple DES with a two-key (112-bit) option ># * |3des168| for triple DES with a three-key (168-bit) option ># * |des| for standard 56-bit key size ># * |des40| for 40-bit key size ># * |rc4_40| for 40-bit key size ># * |rc4_56| for 56-bit key size ># * |rc4_128| for 128-bit key size ># * |rc4_256| for 256-bit key size ># ># Example: ># SQLNET.ENCRYPTION_TYPES_CLIENT=(rc4_56) ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.ENCRYPTION_TYPES_SERVER >############################### ># ># Purpose: ># To specify a list of encryption algorithms for the database server to use. ># ># Default: All available algorithms. ># ># Values: One or more of the following: ># * |3des112| for triple DES with a two-key (112-bit) option ># * |3des168| for triple DES with a three-key (168-bit) option ># * |des| for standard 56-bit key size ># * |des40| for 40-bit key size ># * |rc4_40| for 40-bit key size ># * |rc4_56| for 56-bit key size ># * |rc4_128| for 128-bit key size ># * |rc4_256| for 256-bit key size ># ># Example: ># SQLNET.ENCRYPTION_TYPES_SERVER=(rc4_56, des, ...) ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.EXPIRE_TIME >############################### ># ># Purpose: ># To specify a time interval, in minutes, to send a check to verify that ># client/server connections are active. The following usage notes apply to ># this parameter: ># * Setting a value greater than 0 ensures that connections are not left ># open indefinitely, due to an abnormal client termination. ># * If the probe finds a terminated connection, or a connection that is ># no longer in use, then it returns an error, causing the server ># process to exit. ># * This parameter is primarily intended for the database server, which ># typically handles multiple connections at any one time. ># * Limitations on using this terminated connection detection feature are: ># ># o ># ># It is not allowed on bequeathed connections. ># ># o ># ># Though very small, a probe packet generates additional traffic ># that may downgrade network performance. ># ># o ># ># Depending on which operating system is in use, the server may ># need to perform additional processing to distinguish the ># connection probing event from other events that occur. This can ># also result in degraded network performance. ># ># Default: 0 ># ># Minimum Value ># ># 0 ># ># Recommended Value ># ># 10 ># ># Example: ># SQLNET.EXPIRE_TIME=10 ># ># >############################### ># SQLNET.INBOUND_CONNECT_TIMEOUT >############################### ># ># Purpose: ># To specify the time, in seconds, for a client to connect with the ># database server and provide the necessary authentication information. ># ># If the client fails to establish a connection and complete ># authentication in the time specified, then the database server ># terminates the connection. In addition, the database server logs the IP ># address of the client and an |ORA-12170 ># : TNS:Connect ># timeout occurred| error message to the |sqlnet.log| file. The client ># receives either an |ORA-12547 ># : TNS:lost contact| ># or an |ORA-12637: ># Packet receive failed| error message. ># ># The default value of this parameter is appropriate for typical usage ># scenarios. However, if you need to explicitly set a different value, ># then Oracle recommends setting this parameter in combination with the ># INBOUND_CONNECT_TIMEOUT_listener_name parameter ># in the |listener.ora| file. When specifying the values for these ># parameters, note the following recommendations: ># * Set both parameters to an initial low value. ># * Set the value of the |INBOUND_CONNECT_TIMEOUT_||listener_name| ># parameter to a lower value than the |SQLNET.INBOUND_CONNECT_TIMEOUT| ># parameter. ># ># For example, you can set |INBOUND_CONNECT_TIMEOUT_||listener_name| to 2 ># seconds and |SQLNET.INBOUND_CONNECT_TIMEOUT| parameter to 3 seconds. If ># clients are unable to complete connections within the specified time due ># to system or network delays that are normal for the particular ># environment, then increment the time as needed. ># ># Default: 60 seconds ># ># Example: ># SQLNET.INBOUND_CONNECT_TIMEOUT=3 ># ># See Also: ># * "Control Parameters" for additional ># information about |INBOUND_CONNECT_TIMEOUT_||listener_name| ># * Oracle Net Services Administrator's Guide ># for additional ># information about configuring these parameters ># ># >############################### ># SQLNET.KERBEROS5_CC_NAME >############################### ># ># Purpose: ># To specify the complete path name to the Kerberos credentials cache file. ># ># Default: |/usr/tmp/krbcache| on Linux and UNIX operating systems, and ># |c:\tmp\krbcache| on Microsoft Windows operating systems ># ># Example: ># SQLNET.KERBEROS5_CC_NAME=/usr/tmp/krbcache ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.KERBEROS5_CLOCKSKEW >############################### ># ># Purpose: ># To specify how many seconds can pass before a Kerberos credential is ># considered out of date. ># ># Default: 300 ># ># Example: ># SQLNET.KERBEROS5_CLOCKSKEW=1200 ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.KERBEROS5_CONF >############################### ># ># Purpose: ># To specify the complete path name to the Kerberos configuration file, ># which contains the realm for the default Key Distribution Center (KDC) ># and maps realms to KDC hosts. The KDC maintains a list of user ># principals and is contacted through the |kinit| program for the user's ># initial ticket. ># ># Default: |/krb5/krb.conf| on Linux and UNIX operating systems and ># |c:\krb5\krb.conf| on Microsoft Windows operating systems ># ># Example: ># SQLNET.KERBEROS5_CONF=/krb5/krb.conf ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.KERBEROS5_KEYTAB >############################### ># ># Purpose: ># To specify the complete path name to the Kerberos principal/secret key ># mapping file, which is used to extract keys and decrypt incoming ># authentication information. ># ># Default: |/etc/v5srvtab| on Linux and UNIX operating systems and ># |c:\krb5\v5srvtab| on Microsoft Windows operating systems ># ># Example: ># SQLNET.KERBEROS5_KEYTAB=/etc/v5srvtab ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.KERBEROS5_REALMS >############################### ># ># Purpose: ># To specify the complete path name to the Kerberos realm translation ># file, which provides a mapping from a host name or domain name to a realm. ># ># Default: |/krb5/krb.realms| on Linux and UNIX operating systems and ># |c:\krb5\krb.realms| on Microsoft Windows operating systems ># ># Example: ># SQLNET.KERBEROS5_REALMS=/krb5/krb.realms ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.OUTBOUND_CONNECT_TIMEOUT >############################### ># ># Purpose: ># To specify the time, in seconds, for a client to establish an Oracle Net ># connection to the database instance. ># ># If an Oracle Net connection is not established in the time specified, ># then the connect attempt is terminated. The client receives an ># |ORA-12170: ># TNS:Connect timeout occurred| error. ># ># The outbound connect timeout interval is a superset of the TCP connect ># timeout interval, which specifies a limit on the time taken to establish ># a TCP connection. Additionally, the outbound connect timeout interval ># includes the time taken to be connected to an Oracle instance providing ># the requested service. ># ># Without this parameter, a client connection request to the database ># server may block for the default TCP connect timeout duration (60 ># seconds) when the database server host system is unreachable. ># ># The outbound connect timeout interval is only applicable for TCP, TCP ># with SSL, and IPC transport connections. ># ># Default: None ># ># Usage Notes ># ># This parameter is overridden by the |CONNECT_TIMEOUT ># | parameter in the address description. ># ># Example: ># SQLNET.OUTBOUND_CONNECT_TIMEOUT=10 ># ># >############################### ># SQLNET.RADIUS_ALTERNATE >############################### ># ># Purpose: ># To specify an alternate RADIUS server to use in case the primary server ># is unavailable. The value can be either the IP address or host name of ># the server. ># ># Default: None ># ># Example: ># SQLNET.RADIUS_ALTERNATE=radius2 ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RADIUS_ALTERNATE_PORT >############################### ># ># Purpose: ># To specify the listening port of the alternate RADIUS server. ># ># Default: 1645 ># ># Example: ># SQLNET.RADIUS_ALTERNATE_PORT=1667 ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RADIUS_ALTERNATE_RETRIES >############################### ># ># Purpose: ># To specify the number of times the database server should resend ># messages to the alternate RADIUS server. ># ># Default: 3 ># ># Example: ># SQLNET.RADIUS_ALTERNATE_RETRIES=4 ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RADIUS_AUTHENTICATION >############################### ># ># Purpose: ># To specify the location of the primary RADIUS server, either by its host ># name or IP address. ># ># Default: Local host ># ># Example: ># SQLNET.RADIUS_AUTHENETICATION=officeacct ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RADIUS_AUTHENTICATION_INTERFACE >############################### ># ># Purpose: ># To specify the class containing the user interface used to interact with ># the user. ># ># Default: DefaultRadiusInterface ># ># Example: ># SQLNET.RADIUS_AUTHENTICATION_INTERFACE=DefaultRadiusInterface ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RADIUS_AUTHENTICATION_PORT >############################### ># ># Purpose: ># Use the parameter |SQLNET.RADIUS_AUTHENTICATION_PORT| to specify the ># listening port of the primary RADIUS server. ># ># Default: 1645 ># ># Example: ># SQLNET.RADIUS_AUTHENTICATION_PORT= 1667 ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RADIUS_AUTHENTICATION_RETRIES >############################### ># ># Purpose: ># To specify the number of times the database server should resend ># messages to the primary RADIUS server. ># ># Default: 3 ># ># Example: ># SQLNET.RADIUS_AUTHENTICATION_RETRIES=4 ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RADIUS_AUTHENTICATION_TIMEOUT >############################### ># ># Purpose: ># To specify the time, in seconds, that the database server should wait ># for a response from the primary RADIUS server. ># ># Default: 5 ># ># Example: ># SQLNET.RADIUS_AUTHENTICATION_TIMEOUT=10 ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RADIUS_CHALLENGE_RESPONSE >############################### ># ># Purpose: ># To turn challenge response on or off. ># ># Default: off ># ># Values: on | off ># ># Example: ># SQLNET.RADIUS_CHALLENGE_RESPONSE=on ># ># >############################### ># SQLNET.RADIUS_SECRET >############################### ># ># Purpose: ># ># To specify the location of the RADIUS secret key. ># ># Default: The |ORACLE_HOME/network/security/radius.key| file. ># ># Example: ># SQLNET.RADIUS_SECRET=oracle/bin/admin/radiuskey ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RADIUS_SEND_ACCOUNTING >############################### ># ># Purpose: ># To turn accounting |on| and |off|. If enabled, then packets are sent to ># the active RADIUS server at listening port plus one. The default port is ># 1646. ># ># Default: off ># ># Values: on | off ># ># Example: ># SQLNET.RADIUS_SEND_ACCOUNTING=on ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SQLNET.RECV_TIMEOUT >############################### ># ># Purpose: ># To specify the time, in seconds, for a database server to wait for ># client data after establishing a connection. A client must send some ># data within the time interval. ># ># For environments in which clients shut down on occasion or abnormally, ># setting this parameter is recommended. If a client does not send any ># data in time specified, then the database server logs |ORA-12535 ># : TNS:operation ># timed out| and |ORA-12609 ># : TNS: Receive ># timeout occurred| messages to the |sqlnet.log| file. Without this ># parameter, the database server may continue to wait for data from ># clients that may be down or are experiencing difficulties. ># ># You can also set this parameter on the client-side to specify the time, ># in seconds, for a client to wait for response data from the database ># server after connection establishment. Without this parameter, the ># client may wait a long period of time for a response from a database ># server saturated with requests. If you choose to set the value, then set ># the value to an initial low value and adjust according to system and ># network capacity. If necessary, use this parameter with the ># SQLNET.SEND_TIMEOUT parameter. ># ># Default: None ># ># Example: ># SQLNET.RECV_TIMEOUT=3 ># ># See Also: ># Oracle Database Net Services Administrator's Guide ># for additional ># information about configuring these parameters ># ># >############################### ># SQLNET.SEND_TIMEOUT >############################### ># ># Purpose: ># To specify the time, in seconds, for a database server to complete a ># send operation to clients after establishing a connection. Setting this ># parameter is recommended for environments in which clients shut down ># occasionally or abnormally. ># ># If the database server cannot complete a send operation in the time ># specified, then it logs |ORA-12535 ># : TNS:operation ># timed out| and |ORA-12608 ># : TNS: Send timeout ># occurred| messages to the |sqlnet.log| file. Without this parameter, the ># database server may continue to send responses to clients that are ># unable to receive data due to a downed computer or a busy state. ># ># You can also set this parameter on the client-side to specify the time, ># in seconds, for a client to complete send operations to the database ># server after connection establishment. Without this parameter, the ># client may continue to send requests to a database server already ># saturated with requests. If you choose to set the value, then set the ># value to an initial low value and adjust according to system and network ># capacity. If necessary, use this parameter with the SQLNET.RECV_TIMEOUT ># parameter. ># ># Default: None ># ># Example: ># SQLNET.SEND_TIMEOUT=3 ># ># See Also: ># Oracle Database Net Services Administrator's Guide ># for additional ># information about configuring these parameters ># ># >############################### ># SSL_CERT_REVOCATION >############################### ># ># Purpose: ># To configure a revocation check for a certificate. ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># Default: None ># ># Values ># * |none| to turn off certificate revocation checking. This is the default. ># * |requested| to perform certificate revocation in case a Certificate ># Revocation List (CRL) is available. Reject SSL connection if the ># certificate is revoked. If no appropriate CRL is found to determine ># the revocation status of the certificate and the certificate is not ># revoked, then accept the SSL connection. ># * |required| to perform certificate revocation when a certificate is ># available. If a certificate is revoked and no appropriate CRL is ># found, then reject the SSL connection. If no appropriate CRL is ># found to ascertain the revocation status of the certificate and the ># certificate is not revoked, then accept the SSL connection. ># ># Example: ># SSL_CERT_REVOCATION=required ># ># >############################### ># SSL_CERT_FILE >############################### ># ># Purpose: ># To specify the name of the file where you can assemble the certificate ># revocation list (CRL) for client authentication. ># ># This file contains the PEM-encoded CRL files, in order of preference. ># You can use this file alternatively or in addition to the SSL_CERT_PATH ># parameter. This parameter is only valid if ># SSL_CERT_REVOCATION is set to either |requested| or |required|. ># ># Default: None ># ># Example: ># SSL_CERT_FILE= ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SSL_CERT_PATH >############################### ># ># Purpose: ># To specify the destination directory of the CRL of CA. The files in this ># directory are hashed symbolic links created by Oracle Wallet Manager. ># This parameter is only valid if SSL_CERT_REVOCATION is set ># to either |requested| or |required|. ># ># See Also: ># Oracle Database Security Guide ># ># ># Default: None ># ># Example: ># SSL_CERT_PATH= ># ># >############################### ># SSL_CIPHER_SUITES >############################### ># ># Purpose: ># To control which combination of encryption and data integrity is used by ># the Secure Sockets Layer (SSL). Cipher suites ># that use Advanced Encryption Standard (AES) only work with Transport ># Layer Security (TLS 1.0). ># ># Default: None ># ># Values ># * SSL_RSA_WITH_3DES_EDE_CBC_SHA ># * SSL_RSA_WITH_RC4_128_SHA ># * SSL_RSA_WITH_RC4_128_MD5 ># * SSL_RSA_WITH_DES_CBC_SHA ># * SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ># * SSL_DH_anon_WITH_RC4_128_MD5 ># * SSL_DH_anon_WITH_DES_CBC_SHA ># * SSL_RSA_EXPORT_WITH_RC4_40_MD5 ># * SSL_RSA_EXPORT_WITH_DES40_CBC_SHA ># * SSL_RSA_WITH_AES_128_CBC_SHA ># * SSL_RSA_WITH_AES_256_CBC_SHA ># ># Example: ># SSL_CIPHER_SUITES=(ssl_rsa_with_rc4_138_md5) ># ># See Also: ># Oracle Database Security Guide ># for ># additional information about cipher suite values ># ># >############################### ># SSL_CLIENT_AUTHENTICATION >############################### ># ># Purpose: ># To specify whether a client, in addition to the database server, is ># authenticated using SSL. ># ># Default: true ># ># Values: true | false ># ># Example: ># SSL_CLIENT_AUTHENTICATION=true ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SSL_SERVER_DN_MATCH >############################### ># ># Purpose: ># To enforce that the distinguished name (DN) for ># the database server matches its service name. If you enforce the match ># verifications, then SSL ensures that the certificate is from the server. ># If you select to not enforce the match verification, then SSL performs ># the check but allows the connection, regardless if there is a match. Not ># enforcing the match allows the server to potentially fake its identify. ># ># Default: no ># ># Values ># * |yes| | |on| | |true| to specify to enforce a match. If the DN ># matches the service name, then the connection succeeds. If the DN ># does not match the service name, then the connection fails. ># * |no| | |off| | |false| to specify not to enforce a match. If the DN ># does not match the service name, then the connection is successful, ># but an error is logged to the |sqlnet.log| file. ># ># Usage Notes ># ># In addition to the |sqlnet.ora| file, configure the |tnsnames.ora| ># parameter SSL_SERVER_CERT_DN to enable server DN ># matching. ># ># Example: ># SSL_SERVER_DN_MATCH=yes ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># SSL_VERSION >############################### ># ># Purpose: ># To force the version of the SSL connection. Clients and database servers ># must use a compatible version. ># ># Default: undetermined ># ># Values: undetermined | 2.0 | 3.0 ># ># Example: ># SSL_VERSION=2.0 ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># TCP.CONNECT_TIMEOUT >############################### ># ># Purpose: ># To specify the time, in seconds, for a client to establish a TCP ># connection (|PROTOCOL=tcp| in the TNS connect address) to the database ># server. If a TCP connection to the database host is not established in ># the time specified, then the connection attempt is terminated. The ># client receives an |ORA-12170 ># : TNS:Connect ># timeout occurred| error. ># ># The timeout applies to each IP address to which a host name resolves. ># For example, if a host name resolves to an IPv6 and an IPv4 address, and ># if the host is not reachable through the network, then the connection ># request times out twice the |TCP.CONNECT_TIMEOUT| setting because there ># are two IP addresses. In this example, the default timeout setting of 60 ># would cause a timeout in 120 seconds. ># ># Default: 60 ># ># Example: ># TCP.CONNECT_TIMEOUT=10 ># ># >############################### ># TCP.EXCLUDED_NODES >############################### ># ># Purpose: ># To specify which clients are denied access to the database. ># ># Syntax ># ># TCP.EXCLUDED_NODES=(hostname | ip_address, hostname | ip_address, ...) ># ># Usage Notes ># * This parameter is only valid when the |TCP.VALIDNODE_CHECKING| ># parameter is set to |yes|. ># * This parameter can use wildcards for IPv4 addresses and CIDR ># (Classless Inter-Domain Routing) notation for IPv4 and IPv6 addresses. ># ># Example: ># TCP.EXCLUDED_NODES=(finance.us.example.com, mktg.us.example.com, 192.168.2.25, 172.30.*, 2001:DB8:200C:417A/32) ># ># >############################### ># TCP.INVITED_NODES >############################### ># ># Purpose: ># To specify which clients are allowed access to the database. This list ># takes precedence over the |TCP.EXCLUDED_NODES| parameter if both lists ># are present. ># ># Syntax ># ># TCP.INVITED_NODES=(hostname | ip_address, hostname | ip_address, ...) ># ># Usage Notes ># * This parameter is only valid when the |TCP.VALIDNODE_CHECKING| ># parameter is set to |yes|. ># * This parameter can use wildcards for IPv4 addresses and CIDR ># notation for IPv4 and IPv6 addresses. ># ># Example: ># TCP.INVITED_NODES=(sales.us.example.com, hr.us.example.com, 192.168.*, 2001:DB8:200C:433B/32) ># ># >############################### ># TCP.NODELAY >############################### ># ># Purpose: ># To preempt delays in buffer flushing within the TCP/IP protocol stack. ># ># Default: yes ># ># Values: yes | no ># ># Example: ># TCP.NODELAY=yes ># ># >############################### ># TCP.VALIDNODE_CHECKING >############################### ># ># Purpose: ># To enable and disable valid node checking for incoming connections. If ># this parameter is set to |yes|, then incoming connections are allowed ># only if they originate from a node that conforms to list specified by ># TCP.INVITED_NODES or TCP.EXCLUDED_NODES parameters. ># ># Default: no ># ># Values: yes | no ># ># Usage Notes ># ># The TCP.INVITED_NODES and TCP.EXCLUDED_NODES parameters are valid only ># when the TCP.VALIDNODE_CHECKING parameter is set to |yes|. ># ># Example: ># TCP.VALIDNODE_CHECKING=yes ># ># >############################### ># TNSPING.TRACE_DIRECTORY >TNSPING.TRACE_DIRECTORY=/var/log/oracle/network/trace >############################### ># ># Purpose: ># To specify the destination directory for the TNSPING utility trace file, ># |tnsping.trc|. ># ># Default: The |ORACLE_HOME/network/trace| directory. ># ># Example: ># TNSPING.TRACE_DIRECTORY=/oracle/traces ># ># >############################### ># TNSPING.TRACE_LEVEL >############################### ># ># Purpose: ># To turn TNSPING utility tracing on at a specified level or to turn it off. ># ># Default: off ># ># Values ># * |off| for no trace output ># * |user| for user trace information ># * |admin| for administration trace information ># * |support| for Oracle Support Services trace information ># ># Example: ># TNSPING.TRACE_LEVEL=admin ># ># >############################### ># USE_CMAN >############################### ># ># Purpose: ># To specify client routing to Oracle Connection Manager. ># ># If set to |true|, then the parameter routes the client to a protocol ># address for an Oracle Connection Manager. ># ># If set to |false|, then the client picks one of the address lists at ># random and fails over to the other address list if the chosen ># |ADDRESS_LIST| fails. With |USE_CMAN|=|true|, the client always uses the ># first address list. ># ># If no Oracle Connection Manager addresses are available, then ># connections are routed through any available listener address. ># ># Default: false ># ># Values: true | false ># ># Example: ># USE_CMAN=true ># ># >############################### ># USE_DEDICATED_SERVER >############################### ># ># Purpose: ># To append |(SERVER=dedicated)| to the |CONNECT_DATA| section of the ># connect descriptor used by the client. It overrides the current value of ># the SERVER parameter in the |tnsnames.ora| file. ># ># If set to |on|, then the parameter |USE_DEDICATED_SERVER| automatically ># appends |(SERVER=dedicated)| to the connect data for a connect ># descriptor. This way connections from this client use a dedicated server ># process, even if shared server ># is configured. ># ># Default: off ># ># Values ># * |on| to append |(SERVER=dedicated)| ># * |off| to send requests to existing server processes ># ># Example: ># USE_DEDICATED_SERVER=on ># ># See Also: ># Oracle Database Net Services Administrator's Guide ># for complete ># configuration information ># ># >############################### ># WALLET_LOCATION >############################### ># ># Purpose: ># To specify the location of wallets. Wallets are certificates, keys, and ># trustpoints processed by SSL. ># ># Syntax ># ># The syntax depends on the wallet, as follows: ># * Oracle wallets on the file system: ># ># WALLET_LOCATION= ># (SOURCE= ># (METHOD=file) ># (METHOD_DATA= ># (DIRECTORY=directory) ># [(PKCS11=TRUE/FALSE)])) ># * Microsoft certificate store: ># ># WALLET_LOCATION= ># (SOURCE= ># (METHOD=mcs)) ># * Oracle wallets in the Microsoft Windows registry: ># ># WALLET_LOCATION= ># (SOURCE= ># (METHOD=reg) ># (METHOD_DATA= ># (KEY=registry_key))) ># * Entrust wallets: ># ># WALLET_LOCATION= ># (SOURCE= ># (METHOD=entr) ># (METHOD_DATA= ># (PROFILE=file.epf) ># (INIFILE=file.ini))) ># ># Additional Parameters ># ># |WALLET_LOCATION| supports the following parameters: ># * |SOURCE|: The type of storage for wallets and storage location. ># * |METHOD|: The type of storage. ># * |METHOD_DATA|: The storage location. ># * |DIRECTORY|: The location of Oracle wallets on file system. ># * |KEY|: The wallet type and location in the Microsoft Windows registry. ># * |PROFILE|: The Entrust profile file (|.epf|). ># * |INIFILE|: The Entrust initialization file (|.ini|). ># ># Default: None ># ># Usage Notes ># * The key/value pair for Microsoft certificate store (MCS) omits the ># |METHOD_DATA| parameter because MCS does not use wallets. Instead, ># Oracle PKI (public key infrastructure) applications obtain ># certificates, trustpoints and private keys directly from the user's ># profile. ># * If an Oracle wallet is stored in the Microsoft Windows registry and ># the wallet's key (|KEY)| is |SALESAPP|, then the storage location of ># the encrypted wallet is ># |HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\EWALLET.P12|. ># The storage location of the decrypted wallet is ># |HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\CWALLET.SSO.| ># ># Values: true | false ># ># Examples ># ># Oracle wallets on file system: ># ># WALLET_LOCATION= ># (SOURCE= ># (METHOD=file) ># (METHOD_DATA= ># (DIRECTORY=/etc/oracle/wallets/databases))) ># ># Microsoft certificate store: ># ># WALLET_LOCATION= ># (SOURCE= ># (METHOD=mcs)) ># ># ># Oracle Wallets in the Microsoft Windows registry: ># ># WALLET_LOCATION= ># (SOURCE= ># (METHOD=REG) ># (METHOD_DATA= ># (KEY=SALESAPP))) ># ># Entrust Wallets: ># ># WALLET_LOCATION= ># (SOURCE= ># (METHOD=entr) ># (METHOD_DATA= ># (PROFILE=/etc/oracle/wallets/test.epf) ># (INIFILE=/etc/oracle/wallets/test.ini))) ># ># See Also: ># Oracle Database Advanced Security Administrator's Guide ># ># ># >############################### ># WALLET_OVERRIDE >############################### ># ># Purpose: ># To determine whether the client should override the strong ># authentication credential with the password credential in the stored ># wallet to log in to the database. ># ># Usage Notes ># * When wallets are used for authentication, the database credentials ># for user name and password are securely stored in an Oracle wallet. ># The auto-login feature of the wallet is turned on so the database ># does not need a password to open the wallet. From the wallet, the ># database gets the credentials to access the database for the user. ># * Wallet usage can simplify large-scale deployments that rely on ># password credentials for connecting to databases. When this feature ># is configured, application code, batch jobs, and scripts do not need ># embedded user names and passwords. Risk is reduced because such ># passwords are no longer exposed in the clear, and password ># management policies are more easily enforced without changing ># application code whenever user names or passwords change. ># * Users connect using the |connect /@||database_name| command instead ># of specifying a user name and password explicitly. This simplifies ># the maintenance of the scripts and secures the password management ># for the applications. ># * Middle-tier applications create an Oracle Applications wallet at ># installation time to store the application's specific identity. The ># password may be randomly generated rather than hardcoded. When an ># Oracle application accesses the database, it sets appropriate values ># for |SQLNET.AUTHENTICATION_SERVICES| and |WALLET_LOCATION|. The new ># wallet-based password authentication code uses the password ># credential in the Oracle Applications wallet to log on to the database. ># ># Values: TRUE | FALSE ># ># Examples ># ># WALLET_OVERRIDE=TRUE ># ># See Also: ># In order to use wallets, a wallet must be configured on the client. ># Refer to Oracle Database Security Guide ># for additional ># information about configuring the clients. ># ># ># ADR Diagnostic Parameters in sqlnet.ora ># ># Beginning with Oracle Database 11g, Oracle Database includes an advanced ># fault diagnosability infrastructure for preventing, detecting, ># diagnosing, and resolving problems. The problems are critical errors ># such as those caused by database code bugs, metadata corruption, and ># customer data corruption. ># ># When a critical error occurs, it is assigned an incident number, and ># diagnostic data for the error, such as traces and dumps, is immediately ># captured and tagged with the incident number. The data is then stored in ># the Automatic Diagnostic Repository (ADR), a ># file-based repository outside the database. ># ># This section describes the parameters used when ADR is enabled. "Non-ADR ># Diagnostic Parameters in sqlnet.ora" describes the ># parameters used when ADR is disabled. Non-ADR parameters listed in the ># |sqlnet.ora| file are ignored when ADR is enabled. ADR is enabled by ># default. ># ># This section lists the parameters used when ADR is enabled (when ># |DIAG_ADR_ENABLED| is set to |on|): ># * ADR_BASE ># * DIAG_ADR_ENABLED ># * TRACE_LEVEL_CLIENT ># * TRACE_LEVEL_SERVER ># * TRACE_TIMESTAMP_CLIENT ># * TRACE_TIMESTAMP_SERVER ># ># >############################### ># ADR_BASE >ADR_BASE=/var/log/oracle/log >############################### ># ># Purpose: ># To specify the base directory into which tracing and logging incidents ># are stored when ADR is enabled. ># ># Default: The default on the server side is |ORACLE_BASE|, or |ORACLE_HOME/log|, ># if |ORACLE_BASE| is not defined. ># ># Values: Any valid directory path to a directory with write permission. ># ># Example: ># ADR_BASE=/oracle/network/trace ># ># See Also: ># Oracle Call Interface Programmer's Guide ># for the default on the ># client side ># ># >############################### ># DIAG_ADR_ENABLED >############################### ># ># Purpose: ># To specify whether ADR tracing is enabled. ># ># Usage: ># If the |DIAG_ADR_ENABLED| parameter is set to |OFF|, then non-ADR file ># tracing is used. ># ># Default: on ># ># Values: |on| | |off| ># ># Example: ># DIAG_ADR_ENABLED=on ># ># >############################### ># TRACE_LEVEL_CLIENT >############################### ># ># Purpose: ># To turn client tracing on at a specified level or to turn it off. This ># parameter is also applicable when non-ADR tracing is used. ># ># Default: off or 0 ># ># Values ># * |off| or |0| for no trace output ># * |user| or |4| for user trace information ># * |admin| or |10| for administration trace information ># * |support| or |16| for Oracle Support Services trace information ># ># Example: ># TRACE_LEVEL_CLIENT=user ># ># >############################### ># TRACE_LEVEL_SERVER >############################### ># ># Purpose: ># To turn server tracing on at a specified level or to turn it off. This ># parameter is also applicable when non-ADR tracing is used. ># ># Default: off or 0 ># ># Values ># * |off| or |0| for no trace output ># * |user| or |4| for user trace information ># * |admin| or |10| for administration trace information ># * |support| or |16| for Oracle Support Services trace information ># ># Example: ># TRACE_LEVEL_SERVER=admin ># ># >############################### ># TRACE_TIMESTAMP_CLIENT >############################### ># ># Purpose: ># To add a time stamp in the form of |dd-mon-yyyy hh:mi:ss:mil| to every ># trace event in the client trace file, which has a default name of ># |sqlnet.trc|. This parameter is also applicable when non-ADR tracing is ># used. ># ># Default: on ># ># Values: |on| or |true| | |off| or |false| ># ># Example: ># TRACE_TIMESTAMP_CLIENT=true ># ># >############################### ># TRACE_TIMESTAMP_SERVER >############################### ># ># Purpose: ># To add a time stamp in the form of |dd-mon-yyyy hh:mi:ss:mil| to every ># trace event in the database server trace file, which has a default name ># of |svr_||pid||.trc|. This parameter is also applicable when non-ADR ># tracing is used. ># ># Default: on ># ># Values: |on| or |true| | |off| or |false| ># ># Example: ># TRACE_TIMESTAMP_SERVER=true ># ># ># Non-ADR Diagnostic Parameters in sqlnet.ora ># ># This section lists the parameters used when ADR is disabled. ># ># Notes: ># ># The default value of DIAG_ADR_ENABLED is |on|. Therefore, ># the |DIAG_ADR_ENABLED| parameter must explicitly be set to |off| in ># order for non-ADR tracing to be used. ># * LOG_DIRECTORY_CLIENT ># * LOG_DIRECTORY_SERVER ># * LOG_FILE_CLIENT ># * LOG_FILE_SERVER ># * TRACE_DIRECTORY_CLIENT ># * TRACE_DIRECTORY_SERVER ># * TRACE_FILE_CLIENT ># * TRACE_FILE_SERVER ># * TRACE_FILELEN_CLIENT ># * TRACE_FILELEN_SERVER ># * TRACE_FILENO_CLIENT ># * TRACE_FILENO_SERVER ># * TRACE_UNIQUE_CLIENT ># ># >############################### ># LOG_DIRECTORY_CLIENT >LOG_DIRECTORY_CLIENT=/var/log/oracle/network/log >############################### ># ># Purpose: ># To specify the destination directory for the client log file. Use this ># parameter when ADR is not enabled. ># ># Default: ORACLE_HOME/network/log ># ># Values: Any valid directory path. ># ># Example: ># LOG_DIRECTORY_CLIENT=/oracle/network/log ># ># >############################### ># LOG_DIRECTORY_SERVER >LOG_DIRECTORY_SERVER=/var/log/oracle/network/trace >############################### ># ># Purpose: ># To specify the destination directory for the database server log file. ># Use this parameter when ADR is not enabled. ># ># Default: ORACLE_HOME/network/trace ># ># Values: Any valid directory path to a directory with write permission. ># ># Example: ># LOG_DIRECTORY_SERVER=/oracle/network/trace ># ># >############################### ># LOG_FILE_CLIENT >LOG_FILE_CLIENT=/var/log/oracle/network/log/sqlnet.log >############################### ># ># Purpose: ># To specify the name of the log file for the client. Use this parameter ># when ADR is not enabled. ># ># Default: ORACLE_HOME/network/log/sqlnet.log ># ># Values: The default value cannot be changed. ># ># >############################### ># LOG_FILE_SERVER >############################### ># ># Purpose: ># To specify the name of the log file for the database server. Use this ># parameter when ADR is not enabled. ># ># Default: sqlnet.log ># ># Example: ># LOG_FILE_SERVER=svr.log ># ># >############################### ># TRACE_DIRECTORY_CLIENT >############################### ># ># Purpose: ># To specify the destination directory for the client trace file. Use this ># parameter when ADR is not enabled. ># ># Default: The current working directory. ># ># Values: Any valid directory path to a directory with write permission. ># ># Example: ># TRACE_DIRECTORY_CLIENT=/oracle/traces ># ># >############################### ># TRACE_DIRECTORY_SERVER >TRACE_DIRECTORY_SERVER=/var/log/oracle/network/trace >############################### ># ># Purpose: ># To specify the destination directory for the database server trace file. ># Use this parameter when ADR is not enabled. ># ># Default: ORACLE_HOME/network/trace ># ># Values: Any valid directory path to a directory with write permission. ># ># Example: ># TRACE_DIRECTORY_SERVER=/oracle/traces ># ># >############################### ># TRACE_FILE_CLIENT >TRACE_FILE_CLIENT=/var/log/oracle/network/trace/cli.trc >############################### ># ># Purpose: ># To specify the name of the client trace file. Use this parameter when ># ADR is not enabled. ># ># Values: Any valid file name. ># ># Default: ORACLE_HOME/network/trace/cli.trc ># ># Example: ># TRACE_FILE_CLIENT=clientsqlnet.trc ># ># >############################### ># TRACE_FILE_SERVER >TRACE_FILE_SERVER=/var/log/oracle/network/trace/svr.trc >############################### ># ># Purpose: ># To specify the name of the file to which the execution trace of the ># server program is written. Use this parameter when ADR is not enabled. ># ># Default: ORACLE_HOME/network/trace/svr_pid.trc ># ># Values: Any valid file name. The pid is appended to the name automatically. ># ># Example: ># TRACE_FILE_SERVER=svrsqlnet.trc ># ># >############################### ># TRACE_FILELEN_CLIENT >############################### ># ># Purpose: ># To specify the size of the client trace files in kilobytes (KB). When ># the size is met, the trace information is written to the next file. The ># number of files is specified with the TRACE_FILENO_CLIENT ># parameter. Use this parameter when ADR is not enabled. ># ># Example: ># TRACE_FILELEN_CLIENT=100 ># ># >############################### ># TRACE_FILELEN_SERVER >############################### ># ># Purpose: ># To specify the size of the database server trace files in kilobytes ># (KB). When the size is met, the trace information is written to the next ># file. The number of files is specified with the TRACE_FILENO_SERVER ># parameter. Use this parameter when ADR is not enabled. ># ># Example: ># TRACE_FILELEN_SERVER=100 ># ># >############################### ># TRACE_FILENO_CLIENT >############################### ># ># Purpose: ># To specify the number of trace files for client tracing. When this ># parameter is set with the TRACE_FILELEN_CLIENT parameter, ># trace files are used in a cyclical fashion. The first file is filled ># first, then the second file, and so on. When the last file has been ># filled, the first file is re-used, and so on. ># ># The trace file names are distinguished from one another by their ># sequence number. For example, if the default trace file of |sqlnet.trc| ># is used, and this parameter is set to 3, then the trace files would be ># named |sqlnet1.trc|, |sqlnet2.trc| and |sqlnet3.trc|. ># ># In addition, trace events in the trace files are preceded by the ># sequence number of the file. Use this parameter when ADR is not enabled. ># ># Default: None ># ># Example: ># TRACE_FILENO_CLIENT=3 ># ># >############################### ># TRACE_FILENO_SERVER >############################### ># ># Purpose: ># To specify the number of trace files for database server tracing. When ># this parameter is set with the TRACE_FILELEN_SERVER ># parameter, trace files are used in a cyclical fashion. The first file is ># filled first, then the second file, and so on. When the last file has ># been filled, the first file is re-used, and so on. ># ># The trace file names are distinguished from one another by their ># sequence number. For example, if the default trace file of ># |svr_||pid||.trc| is used, and this parameter is set to 3, then the ># trace files would be named |svr1_||pid||.trc|, |svr2_||pid||.trc| and ># |svr3_||pid||.trc|. ># ># In addition, trace events in the trace files are preceded by the ># sequence number of the file. Use this parameter when ADR is not enabled. ># ># Default: None ># ># Example: ># TRACE_FILENO_SERVER=3 ># ># >############################### ># TRACE_UNIQUE_CLIENT >############################### ># ># Purpose: ># To specify whether a unique trace file is created for each client trace ># session. When the value is set to |on|, a process identifier is appended ># to the name of each trace file, enabling several files to coexist. For ># example, trace files named |sqlnet||pid||.trc| are created if default ># trace file name |sqlnet.trc| is used. When the value is set to |off|, ># data from a new client trace session overwrites the existing file. Use ># this parameter when ADR is not enabled. ># ># Default: on ># ># Values: |on| or |off| ># ># Example: ># TRACE_UNIQUE_CLIENT=on >#
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=345128">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 465252
:
344966
|
345116
| 345128
