Revisiting user authentication with smart cards

As an Oracle DBA, I need to create and rotate secure user passwords on multiple database instances. My customer requires SSO / common access card (CAC) authentication for most all other access. The only reference I find in the Forum archives alleges that one could use the smart card, a username "EXTERNAL", and a null password. Life was simpler then, because that approach fails now.

However, a certain tool that comes bundled with Oracle does permit this. One has to create the GUI account with regular credentials, after which the authentication method can be toggled from password to external, successfully.

I'm asking whether TOAD for Oracle has a similar solution. TIA.

Question as an interested bystander: Is the target database you are working with on UNIX or Windows?


Amazon Linux 2 {aws rds)

You can definitely do this with Toad, in the Create/Alter user window.

To Create: Main Menu -> Database -> Create -> User
To Alter: Find the user in the schema browser and double-click it.

Click the indicated dropdown to choose authentication type.

Good idea, pesky permissions. I will attempt as a DBA:

alter user xxx blahblah identified by "moreblah" replacing "lessblah";
alter user xxx identifiedy externally;

2022-01-17_21-18-06.pdf (21 KB)