| Author |
Message
|
| KIT_INC |
 Posted: Thu Jun 05, 2014 11:15 am Post subject: Password change for DB access |
 |
|
Knight
Joined: 25 Aug 2006
Posts: 589
|
Our WMB (Opensuse, WMB V70) access oracle DB with userid and passwords set by setdbparm command and password do not expire. However security department is concern about password never expire. They also prefer that userId and passowrd are only stored in one controlled repository. They ask if the broker can go to the central repositiry to get the userID and password for DB access instead of using what is saved in the WMB registry.
Is the do-able with V7 or newer like V9 ? |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu Jun 05, 2014 11:27 am Post subject: Re: Password change for DB access |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| KIT_INC wrote: |
| However security department is concern about password never expire. |
Rightly so - you should be worried about that as well.
| KIT_INC wrote: |
| They also prefer that userId and passowrd are only stored in one controlled repository. They ask if the broker can go to the central repositiry to get the userID and password for DB access instead of using what is saved in the WMB registry. |
What central repository do they have in mind, and how does that differ from the WMB registry?
| KIT_INC wrote: |
| Is the do-able with V7 or newer like V9 ? |
Not so far as I'm aware
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| KIT_INC |
| Posted: Fri Jun 06, 2014 7:40 am Post subject: |
|
|
Knight
Joined: 25 Aug 2006
Posts: 589
|
| Quote: |
| What central repository do they have in mind, and how does that differ from the WMB registry? |
Not sure what repository. But password for other use cannot be put into WMB which means that they now have more than 1 places which stores userId and password. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jun 06, 2014 7:45 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| KIT_INC wrote: |
| But password for other use cannot be put into WMB which means that they now have more than 1 places which stores userId and password. |
What other use?
If your problem is that (for example) you can't store the WMB infomation in the same place that you store people's desktop login identities (i.e. the Windows domains) then that's a problem for more software than just WMB. Many tools store internal credentials. A z/OS mainframe authenticates against RACF and no distributed system can use that. A distributed system will use LDAP but only if configured; by default a Unix system will look to it's internal user list.
If you're trying to get one single store for all credentials, that's going to be a long road......
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Jun 06, 2014 7:52 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
And of course (to return to your original point) the common DB systems use the same technique as Unix & are delivered pointing to an internal security system. They have to be set to look at LDAP.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| KIT_INC |
| Posted: Sun Jun 08, 2014 7:49 pm Post subject: |
|
|
Knight
Joined: 25 Aug 2006
Posts: 589
|
| Thanks for all the responses. |
|
| Back to top |
|
|
|
|
