Re: change user password for huge amount of application server

From: Guillermo Alan Bort <cicciuxdba_at_gmail.com>
Date: Mon, 21 Feb 2011 10:18:14 -0300
Message-ID: <AANLkTikq2jC0MQcRebY5MrGPVUQ_jU1TF-5GkVqHot85_at_mail.gmail.com>

Hmm... I think you can do something wonky with wallet and OID here... what app server are you using? I think OracleAS supports wallet (and you can federate the wallet using OAM/OIM and an OID backstage) I don't know about JBoss or Tomcat... and I wish I didn't know OracleAS ;-)

Oh, and no matter how secure a password is, if by some (un)happy chance someone gets a hold of the hash, it can be cracked... So I am all for periodically changing app passwords (though not automatically).

Now, more to your question, if the configuration file needs to be *exactly* the same in all servers, then it's fairly easy to set up a NFS and have a symbolic link to the file (if the path is very specific). Alternatively it's possible to set up either a push job using scp(requires authorized_keys) or ftp or a pull job using rsync or some similar tool. It's also possible to set up svn/cvs/perforce and push the config file from there...

oh, and how many is "a lot"?

hth

cheers
Alan.-

On Mon, Feb 21, 2011 at 5:29 AM, Niall Litchfield < niall.litchfield_at_gmail.com> wrote:

> Sounds like a use case for o/s authentication to me - or maybe proxy
> authentication. That said most apps I've come across use a non-changing
> secure password for this purpose (except for those that use a non changing
> insecure password :( )
>
>
> On Mon, Feb 21, 2011 at 5:33 AM, Eagle Fan <eagle.f_at_gmail.com> wrote:
>
>> Hi:
>>
>> We want to implement a db password change mechanism. We have a lot of
>> application servers which have configuration file on local server.
>>
>> So if we change the password in configuration file, we need to push the
>> new file to all of the application servers and it takes some time for the
>> pushing. Some application servers can't login database using the old
>> password during the pushing.
>>
>> The current workaround we can think of is to have two passwords in the
>> configuration file, so the application server can try another one if the
>> first one is failed.
>>
>> Do you have any better solution for this? Does oracle have any solution
>> (ASO?) for this?
>>
>> Thank you in advance.
>>
>> --
>> Eagle Fan
>>
>
>
>
> --
> Niall Litchfield
> Oracle DBA
> http://www.orawin.info
>

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Feb 21 2011 - 07:18:14 CST

This message: [ Message body ]
Next message: Niall Litchfield: "Re: Steps/DOC for Physical Standby with Real-Time Apply -Creation with Rman Tool."
Previous message: nilesh kumar: "setps for refreshing a non RAC DB with RAC DB."
In reply to: Niall Litchfield: "Re: change user password for huge amount of application server"
Next in thread: David Robillard: "Re: change user password for huge amount of application server"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message