Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Encrypting a password

RE: Encrypting a password

From: Jacques Kilchoer <Jacques.Kilchoer_at_quest.com>
Date: Tue, 31 Jul 2001 14:21:03 -0700
Message-ID: <F001.0035B276.20010731142612@fatcity.com>

Ron - my answer obviously doesn't do anything to address the REAL issue. I was trying to give a solution to the immediate problem of "how could I store in an Oracle database an encrypted version of a password, such that the encrypted version would match the encrypted version that a Sun Solaris unix system would create in /etc/passwd".

However, once you have the password in a database table (a user table created to hold that password, not a SYS table), I don't know if you could really accomplish anything useful with the encrypted version of the password, except look at it and say "ooh, how pretty." But then, isn't art for art's sake a laudable goal?

> -----Original Message-----
> From: Ron Rogers [mailto:RROGERS_at_galottery.org]
>
> When you say" store the encripted password in a table.."
> which table were you refering to? dba_users? I don't think
> that the encripted password such as 'EccNRiptIONB'  for the
> password "quessit1" will encript to the same string in
> Oracle. You could update the dba_users table set the password
> to values "EccNRiptIONB" and attempt to log in. If you take
> the encripted Oracle password (16 characters) and place it in
> the /etc/shadow file it will not work. Unless things have
> changed the UNIX password encripted is longer that 16 characters.
> ROR mª¿ªm
>
> >>> Jacques.Kilchoer_at_quest.com 07/31/01 02:53PM >>>
> > -----Original Message-----
> > From: Rick_Stephenson_at_ovid.com [mailto:Rick_Stephenson_at_ovid.com]
> >
> > The problem is that I need one to encrypt a password in the
> > same manner as
> > the Sun OS.  This is because we use the database to populate
> > /etc/passwd.
> > So if the OS can't compare passwords with what is stored in
> > the database,
> > then nobody will be able to log into the Unix box.
>
>
> Could you write an external procedure on the Sun box that
> a) changes the password for the user with the passwd command;
> b) retrieves the new password from the /etc/shadow file;
> c) returns the encrypted password to the database for storing
> in an Oracle
> table?
Received on Tue Jul 31 2001 - 16:21:03 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US