Re: safe way to store passwords in unix OS

  • From: Tim Hall <tim@xxxxxxxxxxxxxxx>
  • To: oracledbaquestions@xxxxxxxxx
  • Date: Thu, 15 Dec 2011 17:46:19 +0000


Secure External Password Store sounds like the safest bet.



On Thu, Dec 15, 2011 at 5:30 PM, Dba DBA <oracledbaquestions@xxxxxxxxx> wrote:
> This is not exactly an Oracle question, but I am asking it here in case
> someone has solved this. We have alot of jobs that log into our Oracle
> databases. Some of them use ops$oracle accounts. In the future we are not
> allowed to use ops$oracle and need to provide passwords. I am trying to
> find a method, or program/script that allows us to do the following.
> 1. store oracle passwords in unix in a lock box
> 2. only given processes and users can access specific passwords
> 3. program/process/script has customizable logic that only lets specific
> jobs access the password.
> 4. We are mainly using Cron for our jobs, but may be using some other job
> schedulers in the future that have more features.
> 5. you cannot access the passwords from a user account
> basically you give the password to the script/program, etc and tell it
> which jobs/users can retrieve it. Those jobs call the script/program and
> the program can accurately decide which job gets which password.
> This is about all the requirements I have on this. Sorry if this is kind of
> vague.
> --
> //

Other related posts: