RE: safe way to store passwords in unix OS
Date: Wed, 4 Jan 2012 18:57:31 +0100
Message-ID: <4814386347E41145AAE79139EAA39898197BF9E992_at_ws03-exch07.iconos.be>
Richard,
Secure External password store is included within the EE license (except if you use PKI):
http://download.oracle.com/docs/cd/E11882_01/license.112/e10594/editions.htm#CJACGHEB
Freek D'Hooge
Uptime
Oracle Database Administrator
email: freek.dhooge_at_uptime.be
tel +32(0)3 451 23 82
http://www.uptime.be
disclaimer: www.uptime.be/disclaimer
-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Goulet, Richard
Sent: woensdag 4 januari 2012 18:37
To: tim_at_oracle-base.com; oracledbaquestions_at_gmail.com
Cc: ORACLE-L
Subject: RE: safe way to store passwords in unix OS
Question, isn't the use of a wallet a part of the advanced security option???
Richard Goulet
Senior Oracle DBA/Na Team Leader
-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Tim Hall
Sent: Thursday, December 15, 2011 12:46 PM
To: oracledbaquestions_at_gmail.com
Cc: ORACLE-L
Subject: Re: safe way to store passwords in unix OS
Hi.
Secure External Password Store sounds like the safest bet.
http://www.oracle-base.com/articles/10g/SecureExternalPasswordStore_10gR2.php
Cheers
Tim...
On Thu, Dec 15, 2011 at 5:30 PM, Dba DBA <oracledbaquestions_at_gmail.com> wrote:
> This is not exactly an Oracle question, but I am asking it here in
> case someone has solved this. We have alot of jobs that log into our
> Oracle databases. Some of them use ops$oracle accounts. In the future
> we are not allowed to use ops$oracle and need to provide passwords. I
> am trying to find a method, or program/script that allows us to do the following.
> 1. store oracle passwords in unix in a lock box 2. only given
> processes and users can access specific passwords 3.
> program/process/script has customizable logic that only lets specific
> jobs access the password.
> 4. We are mainly using Cron for our jobs, but may be using some other
> job schedulers in the future that have more features.
> 5. you cannot access the passwords from a user account
>
>
> basically you give the password to the script/program, etc and tell it
> which jobs/users can retrieve it. Those jobs call the script/program
> and the program can accurately decide which job gets which password.
>
> This is about all the requirements I have on this. Sorry if this is
> kind of vague.
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
-- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-lReceived on Wed Jan 04 2012 - 11:57:31 CST