With proxy authentication you can fulfill your requirement. The application can
continue using the current authentication. The humans can connect with their
own authentication (preferably strong, such as Kerberos) to become the
application user.
See the demo in Tim Hall’s blog post:
https://oracle-base.com/articles/misc/proxy-users-and-connect-through ;.
Best regards
Nenad
https://nenadnoveljic.com/blog/
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> On Behalf
Of Martin Klier - Performing Databases GmbH
Sent: Mittwoch, 27. November 2019 11:47
To: Oracle-L Freelists <oracle-l@xxxxxxxxxxxxx>
Subject: Oracle Authentication pw/ssl parallel
Dear Listers,
is there a way to use a DB user with password OR SSL certificates in parallel?
Background: We have an app, that connects with a single DB user (end user auth
is in the app). Supporters and developers are using the same DB user as the app
does, to reproduce issues and solve problems. We'd want a way to change the
password for the humans at regular intervals, with no need to touch the
application's config. We have the chance to make the app use certificates. But
we have no chance, to move the whole "zoo" of people, tools and whatever to
using certificates, too.
We are running Java 8 and DB 12.1, but I won't exclude an upgrade if it helps
on the long term.
Any ideas?
Many thanks in advance!
Martin
--
Martin Klier // Performing Databases GmbH
Managing Partner // Senior DB Consultant
Oracle ACE Director
martin.klier@xxxxxxxxxxxxxxxxx<mailto:martin.klier@xxxxxxxxxxxxxxxxx> //
https://www.performing-databases.com
____________________________________________________
Please consider the environment before printing this e-mail.
Bitte denken Sie an die Umwelt, bevor Sie dieses E-Mail drucken.
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">p { font-family: Arial;font-size:9pt }</style>
</head>
<body>
<p>
<br>Important Notice</br>
<br />
This message is intended only for the individual named. It may contain
confidential or privileged information. If you are not the named addressee you
should in particular not disseminate, distribute, modify or copy this e-mail.
Please notify the sender immediately by e-mail, if you have received this
message by mistake and delete it from your system.<br />
Without prejudice to any contractual agreements between you and us which shall
prevail in any case, we take it as your authorization to correspond with you by
e-mail if you send us messages by e-mail. However, we reserve the right not to
execute orders and instructions transmitted by e-mail at any time and without
further explanation.<br />
E-mail transmission may not be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also
processing of incoming e-mails cannot be guaranteed. All liability of Vontobel
Holding Ltd. and any of its affiliates (hereinafter collectively referred to as
"Vontobel Group") for any damages resulting from e-mail use is excluded. You
are advised that urgent and time sensitive messages should not be sent by
e-mail and if verification is required please request a printed version.</br>
Please note that all e-mail communications to and from the Vontobel Group are
subject to electronic storage and review by Vontobel Group. Unless stated to
the contrary and without prejudice to any contractual agreements between you
and Vontobel Group which shall prevail in any case, e-mail-communication is for
informational purposes only and is not intended as an offer or solicitation for
the purchase or sale of any financial instrument or as an official confirmation
of any transaction.<br />
The legal basis for the processing of your personal data is the legitimate
interest to develop a commercial relationship with you, as well as your consent
to forward you commercial communications. You can exercise, at any time and
under the terms established under current regulation, your rights. If you
prefer not to receive any further communications, please contact your client
relationship manager if you are a client of Vontobel Group or notify the sender.
Please note for an exact reference to the affected group entity the corporate
e-mail signature.
For further information about data privacy at Vontobel Group please consult <a
href="https://www.vontobel.com";>www.vontobel.com</a>.<br />
</p>
</body>
</html>
