How to manage OID Credentials (Managing OID Credentials)

LESSON17

Keep this in mind that “UserPassword” is the attribute of a user entry that stores user password and “orclCryptoSchema” is the attribute that stores the user password-hasshing schema in the root DSE entry.

Let see how password verification works.

As we mentioned that Oracle components store the password of the user in the OID server. The following are steps involved in password verification:

-         The user tries to log in to an application by entering a username and a clear text password.

-         The application sends the clear text password to the directory server. If the application stores password verifiers in the directory, then the application requests the directory server to compare this password value with the corresponding one in the directory.

-         The directory server generates a password verifier by using the hashing algorithm specified for that particular application. It compares this password verifier with the corresponding password verifiers in the directory. It then notifies the application of the results of the compare operation. For the compare operation to be successful, the application must provide its appID as the subtype of the verifier attribute.

-         Depending on the message from the directory server, the application either authenticates the user or not.

It is a good practice to modify the default password policy that the attribute Password Maximum Failure (pwdmaxfailure) value be not greater than 3.

To modify the attribute Password maximum Failure (pwdmaxfailure), start the ODM if not already started, and then connect as orcladmin. Expand the Password Policy Management node and select the Password Policy for Realm for example the dc=iselfschooling,dc=com node.

Click the Account Lockout tab, when the password policy properties are displayed in the right pane. Then change the value and click the Apply button to save the changes.