Re: MFA With Oracle Accounts
Date: Fri, 31 Aug 2018 16:52:48 -0300
Message-ID: <CAEX1xDUOT3J2FYek4TCGTjKaXtPaQtNUNUiTCZsWzA_phuShRQ_at_mail.gmail.com>
Hello,
Could it work with LDAP (or active directory) ? I´ve never used Oracle 12c yet, so this curiousity
rgs,
angelo
On Fri, 31 Aug 2018 at 14:44, Mark J. Bobak <mark_at_bobak.net> wrote:
> Hi,
>
> I agree with Andy, but I did it was/ FreeRadius and Google Authenticator.
>
> Build Radius server, integrate with Google Auth, then configure sqlnet.ora
> w/ your radius server details.
>
> Starting with 12.1.0.2, you can do it without Advanced Security option,
> and will even work with SE2.
>
> Hope that helps,
>
> -Mark
>
> PS. Once I tested, we abandoned it and built a VPN and firewall with same
> Radius server.
>
> On Fri, Aug 31, 2018, 13:03 Andy Wattenhofer <watt0012_at_umn.edu> wrote:
>
>> You can use Duo for Oracle auth. It is easy to set up on Linux servers,
>> but I cannot speak for others. In Linux, there is a Duo RADIUS
>> authentication PAM that is loading at the OS level, then you configure
>> RADIUS authentication parameters in sqlnet.ora, and you alter the database
>> accounts "identified externally." I can go into more detail if you're
>> interested.
>>
>> Andy
>>
>> On Fri, Aug 31, 2018 at 10:16 AM, Scott Canaan <srcdco_at_rit.edu> wrote:
>>
>>> My boss just asked the following question:
>>>
>>>
>>>
>>> Can we use Multi-Factor Authentication, in particular Duo, with Oracle
>>> database accounts?
>>>
>>>
>>>
>>> I don’t know of anyone doing this, but that doesn’t mean it isn’t
>>> happening. Is anyone doing it? If so, how difficult is it to configure?
>>>
>>>
>>>
>>> Thank you,
>>>
>>>
>>>
>>> *Scott Canaan ‘88*
>>>
>>> *Sr Database Administrator *Information & Technology Services
>>> Finance & Administration
>>>
>>>
>>> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585)
>>> 475-7520
>>>
>>> srcdco_at_rit.edu | c: (585) 339-8659
>>>
>>> *CONFIDENTIALITY NOTE*: The information transmitted, including
>>> attachments, is intended only for the person(s) or entity to which it is
>>> addressed and may contain confidential and/or privileged material. Any
>>> review, retransmission, dissemination or other use of, or taking of any
>>> action in reliance upon this information by persons or entities other than
>>> the intended recipient is prohibited. If you received this in error, please
>>> contact the sender and destroy any copies of this information.
>>>
>>>
>>>
>>
>>
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Aug 31 2018 - 21:52:48 CEST