everythingOracle.bizhat.com

 

'Everything you wanted
to know about Oracle'

Training References Syntax Tell A Friend Contact Us

 

 

Application Server

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

<< Previous

Chapter # 17

Next >>




How to manage OID Credentials (Managing OID Credentials)


Keep this in mind that �UserPassword� is the attribute of a user entry that stores user password and �orclCryptoSchema� is the attribute that stores the user password-hashing schema in the root DSE entry.

Let see how password verification works.

As we mentioned that Oracle components store the password of the user in the OID server. The following are steps involved in password verification:

- The user tries to log in to an application by entering a username and a clear text password.

- The application sends the clear text password to the directory server. If the application stores password verifiers in the directory, then the application requests the directory server to compare this password value with the corresponding one in the directory.

- The directory server generates a password verifier by using the hashing algorithm specified for that particular application. It compares this password verifier with the corresponding password verifiers in the directory. It then notifies the application of the results of the compare operation. For the compare operation to be successful, the application must provide its appID as the subtype of the verifier attribute.

- Depending on the message from the directory server, the application either authenticates the user or not.

It is a good practice to modify the default password policy that the attribute Password Maximum Failure (pwdmaxfailure) value be not greater than 3.

To modify the attribute Password maximum Failure (pwdmaxfailure), start the ODM if not already started, and then connect as orcladmin. Expand the Password Policy Management node and select the Password Policy for Realm for example the dc=myhost,dc=com node.

Click the Account Lockout tab, when the password policy properties are displayed in the right pane. Then change the value and click the Apply button to save the changes.
     Reviews and Templates for FrontPage
     

Copyright � everythingOracle.bizhat.com 2006 All Rights Reserved.