Controls the use of integrated logins for the database.
Standard – the default setting, which does not permit integrated logins. An error occurs if an integrated login connection is attempted.
Mixed – both integrated logins and standard logins are allowed.
Integrated – all logins to the database must be made using integrated logins.
Kerberos – all logins to the database must be made using Kerberos logins.
LDPAUA – all logins to the database must be made using LDAP logins.
Option can be set at the database (PUBLIC) level only.
Requires the SET ANY SECURITY OPTION system privilege to set this option. Takes effect immediately.
Values are case-insensitive:
Restricting the LOGIN_MODE to a single mode in a mixed environment (for example, Integrated only or LDAPUA only) restricts connections to only those users who have been granted the corresponding login mapping. Attempting to connect using other methods generates an error. The only exceptions to this are users with full administrative rights (SYS_AUTH_DBA_ROLE or SYS_AUTH_SSO_ROLE).
Restricting the LOGIN_MODE to LDAPUA only may result in a configuration where no users can connect to the server if no user or login policy exists that permits LDAPUA. Use the command line switch -aluser-id-list with the start_iq utility to recover from this situation.