Re: MFA With Oracle Accounts

From: Mark J. Bobak <mark_at_bobak.net>
Date: Fri, 31 Aug 2018 13:43:50 -0400
Message-ID: <CAFQ5ACJeNtQMhURVieryV9V2hqDFmS=+aJ626Kx4nVP_f8S8AA_at_mail.gmail.com>

Hi,

I agree with Andy, but I did it was/ FreeRadius and Google Authenticator.

Build Radius server, integrate with Google Auth, then configure sqlnet.ora w/ your radius server details.

Starting with 12.1.0.2, you can do it without Advanced Security option, and will even work with SE2.

Hope that helps,

-Mark

PS. Once I tested, we abandoned it and built a VPN and firewall with same Radius server.

On Fri, Aug 31, 2018, 13:03 Andy Wattenhofer <watt0012_at_umn.edu> wrote:

> You can use Duo for Oracle auth. It is easy to set up on Linux servers,
> but I cannot speak for others. In Linux, there is a Duo RADIUS
> authentication PAM that is loading at the OS level, then you configure
> RADIUS authentication parameters in sqlnet.ora, and you alter the database
> accounts "identified externally." I can go into more detail if you're
> interested.
>
> Andy
>
> On Fri, Aug 31, 2018 at 10:16 AM, Scott Canaan <srcdco_at_rit.edu> wrote:
>
>> My boss just asked the following question:
>>
>>
>>
>> Can we use Multi-Factor Authentication, in particular Duo, with Oracle
>> database accounts?
>>
>>
>>
>> I don’t know of anyone doing this, but that doesn’t mean it isn’t
>> happening. Is anyone doing it? If so, how difficult is it to configure?
>>
>>
>>
>> Thank you,
>>
>>
>>
>> *Scott Canaan ‘88*
>>
>> *Sr Database Administrator *Information & Technology Services
>> Finance & Administration
>>
>>
>> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>>
>> srcdco_at_rit.edu | c: (585) 339-8659
>>
>> *CONFIDENTIALITY NOTE*: The information transmitted, including
>> attachments, is intended only for the person(s) or entity to which it is
>> addressed and may contain confidential and/or privileged material. Any
>> review, retransmission, dissemination or other use of, or taking of any
>> action in reliance upon this information by persons or entities other than
>> the intended recipient is prohibited. If you received this in error, please
>> contact the sender and destroy any copies of this information.
>>
>>
>>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Aug 31 2018 - 19:43:50 CEST

This message: [ Message body ]
Next message: MacGregor, Ian A.: "Re: Create 12c or 18c database in traditional architecture"
In reply to Andy Wattenhofer: "Re: MFA With Oracle Accounts"
Next in thread: angelo: "Re: MFA With Oracle Accounts"
Reply: angelo: "Re: MFA With Oracle Accounts"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message