How to do OS Authentication in Oracle with Go?

[Tieson Molly]

I am curious if anyone is connecting to an Oracle database using OS authentication on a linux platform?

I have been trying to find code or an example, but I have come up empty handed.


Best regards,

Ty

[Tamás Gulácsi]

What do you mean on "os authentication"?
(rana/ora dev here)

[Didier Spezia]

The OP probably means connecting to Oracle from an "externally identified" user.

Oracle can delegate the authentication to the OS providing the connection is done from

a given OS user (already authenticated by the system).

Normally, with OCI, you can connect by passing empty strings for user and passwd.

See https://oracle-base.com/articles/misc/os-authentication

Regards,

Didier.

[Rich]

I am not an Oracle guy but a sysadmin who had users that required the ability to do database queries. My company has a user management system that is fine for Linux where they go in to a web site in the company and request access, and their access is based off of roles. Normally there is a read only and read write role that you can request from.  On the linux system those roles are defined as unix groups and sudo access is assigned to those groups accordingly.   This makes it easy to distinguish who has read only and who has read write.   I then wrote an app called sqlrun that simply looks at the user, and then checks that user's permissions against the unix group they belong to. Then what it does is assign an Oracle user that is read-only or read-write depending.   After authentication it passes the query on to Oracle and formats the output, and the output is a lot easier to use than Oracle's SQL Plus and I can output in HTML, CSV, Excel, JSON, and a very MySQL like grid output. 

The advantage for me of doing it this way is that I don't have to control who has access to Oracle. The actual passwords are not known by the users, and access is controlled by the companies own user management system, so if John changes jobs, the company user management takes his access to that linux system away, thus removing his oracle access as well. 

[Tieson Molly]

Yes, this is exactly what I mean.

On Saturday, April 22, 2017 at 3:21:30 AM UTC-4, Didier Spezia wrote:

[Tieson Molly]

Tamás,  I was looking for a way to have the OS handle the authentication for the Oracle connection.  That is one of the options where you pass an empty username and password.  Didier provided a detailed link from Oracle.

[Tamás Gulácsi]

2017. április 25., kedd 21:46:27 UTC+2 időpontban Tieson Molly a következőt írta:

Tamás,  I was looking for a way to have the OS handle the authentication for the Oracle connection.  That is one of the options where you pass an empty username and password.  Didier provided a detailed link from Oracle.

I've checked, and rana/ora defaults to OCI_CRED_EXT/OCI_SESSGET_CREDEXT if username == "" && password == "" (/@sid).

So, just try it :)

[Tieson Molly]

Tamás, this is great news.

Thank you

-Ty