Re: Password Management for OAS...
From: David Benjamin <davidb_at_ind.tansu.com.au>
Date: Fri, 21 Jan 2000 11:31:55 +1100
Message-ID: <Pine.GSO.3.96.1000121113019.6401a-100000_at_osprey.ind.tansu.com.au>
Date: Fri, 21 Jan 2000 11:31:55 +1100
Message-ID: <Pine.GSO.3.96.1000121113019.6401a-100000_at_osprey.ind.tansu.com.au>
Daryl,
I was able to find a solution!!!
(This solution is available ONLY for unix operating systems and
NOT for Windows NT).
- Oracle web server does not provide a utility that allows common users to change their password, However,
- By using oracle's "UNIX CRYPT" authentication mode the server will check for an external password file. (see Oracle's Security Guide 4.0 pp. 2-26).
- There is a public domain user management utility that does all your user, administration, password and group mangement work. (see http://stein.cshl.org/~lstein/user_manage).
- You can use the UNIX CRYPT authentication mode to protect static web pages as well as cartridges. I use it only for static web page. To envoke it I used the security icon located on the Oracle Application Server, not the listener to setup password file and realm. I then just added a LiveHTML application to protect my home page.
- One drawback is that although the "user_manage" utility supports groups(realm.password and realm.group files), the Oracle web server operating in "UNIX CRYPT" authentication mode does NOT use the group file.
I hope this info helps you.
Regards,
David
David Benjamin Locked Bag 6581 Sydney 1100 Telstra Intelligent Network Platforms Tel: +61 2 9206-3415 Email:davidb_at_ind.tansu.com.au Fax: +61 2 9281-1301 ----------------------------------------------------------------------Received on Fri Jan 21 2000 - 01:31:55 CET