Re: Two factor authentication for Oracle Database?

I've got everything working as I wanted.

Qiuck summary:
1.) Tiny Linux server, runnnig RHEL 7.2. (t2.micro in AWS, 1 vcpu and 1 GB RAM is more than enough.)
2.) FreeRADIUS, Google Authenticator PAM module on Linux server, Google Authenticator App on my SGS Note 4.
3.) sqlnet.ora magic points to FreeRADIUS. 4.) create Oracle user in DB, that is identified externally. Grant appropriate privileges to user.
5.) Create corresponding user in Linux on the radius server, login and run google-authenticator. Set user's shell to '/bin/passwd'. 6.) When you login to Oracle, user will authenticate against Linux password and Google Authenticator one-time password. (Just concatenate when entering password, i.e. password123456.) 7.) When user wants to change password, ssh to radius server, user will immediately get 'passwd' program, change password and be forced to logout.  (This way, the user can still change his password, but has no business logging into the radius server.)

Overall, I like it, and I think it's working well. I'll give it a week or so, with just me and maybe one other guy playing with it, and then look at wider rollout.

Blog with complete installation and configuration details will be forthcoming in the next week or two.

Special thanks to Ilmar Kerm, Jeff Chirco, Craig Hagan, and especially Andy Wattenhofer for putting up with my cluelessness and questions! Thanks for the help! (I think just knowing that someone else had done it before and actually got it to work, helps when you're running into brick walls!)

Thanks,

-Mark

On Mon, Nov 30, 2015 at 10:32 AM, Mark J. Bobak <mark_at_bobak.net> wrote:

> Hi all,
>
> Has anyone ever configured two-factor authentication for Oracle DB
> login? Is it even possible? Part of Advanced Security or maybe Identity
> Managrment?
>
> I've just started Google searching, but there doesn't seem to be much out
> there.
>
> -Mark
>

--
http://www.freelists.org/webpage/oracle-l