Re: change user password for huge amount of application server

• From: Guillermo Alan Bort <cicciuxdba@xxxxxxxxx>
• To: niall.litchfield@xxxxxxxxx
• Date: Mon, 21 Feb 2011 10:18:14 -0300

Hmm... I think you can do something wonky with wallet and OID here... what
app server are you using? I think OracleAS supports wallet (and you can
federate the wallet using OAM/OIM and an OID backstage) I don't know about
JBoss or Tomcat... and I wish I didn't know OracleAS ;-)

Oh, and no matter how secure a password is, if by some (un)happy chance
someone gets a hold of the hash, it can be cracked... So I am all for
periodically changing app passwords (though not automatically).

Now, more to your question, if the configuration file needs to be *exactly*
the same in all servers, then it's fairly easy to set up a NFS and have a
symbolic link to the file (if the path is very specific). Alternatively it's
possible to set up either a push job using scp(requires authorized_keys) or
ftp or a pull job using rsync or some similar tool. It's also possible to
set up svn/cvs/perforce and push the config file from there...

oh, and how many is "a lot"?

hth

cheers
Alan.-


On Mon, Feb 21, 2011 at 5:29 AM, Niall Litchfield <
niall.litchfield@xxxxxxxxx> wrote:

> Sounds like a use case for o/s authentication to me - or maybe proxy
> authentication. That said most apps I've come across use a non-changing
> secure password for this purpose (except for those that use a non changing
> insecure password :( )
>
>
> On Mon, Feb 21, 2011 at 5:33 AM, Eagle Fan <eagle.f@xxxxxxxxx> wrote:
>
>> Hi:
>>
>> We want to implement a db password change mechanism. We have a lot of
>> application servers which have configuration file on local server.
>>
>> So if we change the password in configuration file, we need to push the
>> new file to all of the application servers and it takes some time for the
>> pushing. Some application servers can't login database using the old
>> password during the pushing.
>>
>> The current workaround we can think of is to have two passwords in the
>> configuration file, so the application server can try another one if the
>> first one is failed.
>>
>> Do you have any better solution for this? Does oracle have any solution
>> (ASO?) for this?
>>
>> Thank you in advance.
>>
>> --
>> Eagle Fan
>>
>
>
>
> --
> Niall Litchfield
> Oracle DBA
> http://www.orawin.info
>

• References:
  • change user password for huge amount of application server
    • From: Eagle Fan
  • Re: change user password for huge amount of application server
    • From: Niall Litchfield

Other related posts:

• » change user password for huge amount of application server- Eagle Fan
• » Re: change user password for huge amount of application server- Niall Litchfield
• » Re: change user password for huge amount of application server - Guillermo Alan Bort
• » Re: change user password for huge amount of application server- David Robillard

1. Home
2. oracle-l
3. Archive
4. 02-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---