Main Nav

Hello, Georgia Tech wishes to use centralized NetIDs and passwords within Oracle RDBMS to improve many aspects of authentication (expiration, complexity, compromised-account reset, etc). Unfortunately, we have been struggling with Oracle, its documentation and its prof services to make this happen "elegantly" via integration to our existing systems. We know there are several options that can theoretically accomplish this: -Oracle Virtual Directory (OVD) integration to Sun Directory Server or Active Directory [Where we've spent our time] -Dumping Sun/Fedora/389/Netscape LDAP for Oracle Internet Directory (OID) [aka "the path less traveled"] -Synchronizing passwords into RDBMS user tables -Synchronizing passwords into a RDBMS-authentication-only OID instance I'm writing to see if anyone is already using their central credentials for Oracle RDBMS authentication and what the successful/failed implementations were. More details: -We have NetID passwords in MIT Kerberos, Microsoft Active Directory, as well as integrated as a plugin within Fedora/389/OracleDSEE LDAP -Batch jobs (with saved passwords) would use ServiceAccount NetIDs so as to not weaken a personal credential -We have tried to use Oracle Virtual Directory in many configurations to implement Oracle's Enterprise User Security which is supposed to just work Some gory details of OVD integration: -We used both the latest Oracle-provided recipe for Oracle EUS with ODSEE and AD. We have also used a 2012 version of OVD that has a wizard for setting this up. -Things are failing when the RDBMS tries to BIND to its service account using SASL. -This fails when the OVD instance is both storing the service-account's password hash itself and when it has read-access to the hash in ODSEE. -Oracle professional services have yet to copy/paste their EUS recipe into a statement of work Thank you again for any experience you can share. Bert Bee-Lindgren, IT Architect Office of Information Technology/EIS :: Georgia Tech bert.bee-lindgren@oit.gatech.edu W: 877-237-8251 :: SMS: 402-237-8251 :: AIM: BertBeeLindgren https://mail.gatech.edu/home/bl17?fmt=freebusy (my availability)

Comments

On 4/10/2012 10:25 AM, Bee-lindgren, Bert A wrote: > I'm writing to see if anyone is already using their central > credentials for Oracle RDBMS authentication and what the > successful/failed implementations were. We have implemented a centralized Oracle authentication using our two-factor authentication system via RADIUS authentication. I believe RADIUS authentication is built-in or comes bundled with the standard Oracle database distribution. You should be able to leverage this support if you stand up a RADIUS service backed by your existing directory service. -- %% Christopher A. Bongaarts %% cab@umn.edu %% %% OIT - Identity Management %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809 %%
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.