Re: Oracle / AD Questions

From: Niklas Iveslatt <"Niklas>
Date: Wed, 2 Oct 2024 13:24:43 -0600
Message-ID: <CAHLzPNch6EJ14wW797eG572uK1J0+3THA+--efwm3ucpaLfcYw_at_mail.gmail.com>

Here are my thoughts on this topic (these videos were made by Russ Lowenthal, the authority on Database Security for many, many years - and he is also the last of the escalation points within Oracle for these matters and a very good presenter and mentor):

For AD User Management - CMU is usually the easiest option (over say EUS):

https://www.youtube.com/watch?v=FU8UGLs8QGU

For AD Auth/Authz - the easiest is typically to use Kerberos:

https://www.youtube.com/watch?v=fu7ISpUDfK4

When I say easiest, I speak in general terms here as there are things to consider such as the type of clients, etc...schema management, etc.... when making the implementation decisions.

We have also been seeing and implementing MFA and PIV card requirements in the last year as it relates to Database Authentication and the above can support that as well as an extension, and with the appropriate architectural choices depending on the requirements.

Thanks!

Niklas Iveslatt
Senior Partner

Arisant LLC ~ http://www.arisant.com
44 Inverness Dr. E Bldg. C Suite 2 ~ Englewood, CO 80112 mobile: 303.882.4461 ~ main: 303.330.4065 ~ fax: 888.889.0155

Need to send me something securely? *Click here* <https://arisant.sendsafely.com/u/niklas.iveslatt>

On Wed, Oct 2, 2024 at 12:24 PM Scott Canaan <dmarc-noreply_at_freelists.org> wrote:

> We are looking at connecting our Oracle databases to AD so we can
> centralize user creation and administration. All of our Oracle databases
> run on Linux. Our Linux sys admins say that they don’t support AD on
> Linux. Is it still possible to connect to AD without having AD installed
> in the Linux environment?
>
>
>
> Oracle 19c
>
> Red Hat 8
>
>
>
> *Scott Canaan ‘88*
>
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Oct 02 2024 - 21:24:43 CEST

This message: [ Message body ]
Next message: dimensional.dba: "RE: Oracle / AD Questions"
In reply to: Scott Canaan: "Oracle / AD Questions"
In reply to Scott Canaan: "RE: Oracle / AD Questions"
Next in thread: dimensional.dba: "RE: Oracle / AD Questions"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message