|
|
Application Server
|
|
|
|
How to manage OID Credentials
(Managing OID Credentials)
Keep this in mind that �UserPassword� is the attribute of a user
entry that stores user password and �orclCryptoSchema� is the
attribute that stores the user password-hashing schema in the root
DSE entry.
Let see how password verification works.
As we mentioned that Oracle components store the password of the
user in the OID server. The following are steps involved in password
verification:
- The user tries to log in to an application by entering a username
and a clear text password.
- The application sends the clear text password to the directory
server. If the application stores password verifiers in the
directory, then the application requests the directory server to
compare this password value with the corresponding one in the
directory.
- The directory server generates a password verifier by using the
hashing algorithm specified for that particular application. It
compares this password verifier with the corresponding password
verifiers in the directory. It then notifies the application of the
results of the compare operation. For the compare operation to be
successful, the application must provide its appID as the subtype of
the verifier attribute.
- Depending on the message from the directory server, the
application either authenticates the user or not.
It is a good practice to modify the default password policy that the
attribute Password Maximum Failure (pwdmaxfailure) value be not
greater than 3.
To modify the attribute Password maximum Failure (pwdmaxfailure),
start the ODM if not already started, and then connect as orcladmin.
Expand the Password Policy Management node and select the Password
Policy for Realm for example the dc=myhost,dc=com node.
Click the Account Lockout tab, when the password policy properties
are displayed in the right pane. Then change the value and click the
Apply button to save the changes. |
|
