Advanced
- Application Server
|
|
|
|
‘Whenever I see an
erring man, I say to myself I have also erred; when I see a
lustful man I say to myself, so was I once; and in this way I
feel kinship with everyone in the world and feel that I cannot
be happy without the humblest of us being happy.’ Gandhi |
How
to manage OID Credentials (Managing OID Credentials)
LESSON17
Keep
this in mind that “UserPassword” is the attribute of a user entry
that stores user password and “orclCryptoSchema” is the attribute
that stores the user password-hasshing schema in the root DSE entry.
Let
see how password verification works.
As
we mentioned that Oracle components store the password of the user in
the OID server. The following are steps involved in password
verification:
-
The user
tries to log in to an application by entering a username and a clear
text password.
-
The
application sends the clear text password to the directory server. If
the application stores password verifiers in the directory, then the
application requests the directory server to compare this password
value with the corresponding one in the directory.
-
The directory
server generates a password verifier by using the hashing algorithm
specified for that particular application. It compares this password
verifier with the corresponding password verifiers in the directory.
It then notifies the application of the results of the compare
operation. For the compare operation to be successful, the application
must provide its appID as the subtype of the verifier attribute.
-
Depending on
the message from the directory server, the application either
authenticates the user or not.
It
is a good practice to modify the default password policy that the
attribute Password Maximum Failure (pwdmaxfailure) value be not
greater than 3.
To
modify the attribute Password maximum Failure (pwdmaxfailure), start
the ODM if not already started, and then connect as orcladmin. Expand
the Password Policy Management node and select the Password Policy for
Realm for example the dc=iselfschooling,dc=com node.
Click
the Account Lockout tab, when the password policy properties are
displayed in the right pane. Then change the value and click the Apply
button to save the changes.
|