SlideShare a Scribd company logo

TechEvent EUS, Kerberos, SSL and OUD

Trivadis
Trivadis

EUS, Kerberos, SSL and OUD - a Guideline

Technology
1 of 39
Download to read offline
BASEL BERN BRUGG DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. GENF HAMBURG KOPENHAGEN LAUSANNE MÜNCHEN STUTTGART WIEN ZÜRICH EUS, Kerberos, SSL and OUD A Guideline Stefan Oehrli
Trivadis – Our mission. TechEvent - EUS, Kerberos, SSL and OUD2 14.09.2018 Trivadis makes IT easier: We provide significant support for our customers in the smart use of data in the digital age. We reduce complexity for our customers through outstanding technological expertise. We take over key tasks in the existing and future IT of our customers.
Trivadis – What sets us apart. TechEvent - EUS, Kerberos, SSL and OUD3 14.09.2018 We understand the business processes and economic challenges of our customers and support them through IT consulting and in the development of comprehensive IT solutions. Our proven products, developed by Trivadis, are based on in-depth expertise in the key technologies offered by Microsoft, Oracle and Open Source. That sets us apart from the competition. A selection of awards we have received OPEN SOURCE
Trivadis – Our key figures TechEvent - EUS, Kerberos, SSL and OUD4 14.09.2018 Founded in 1994 15 Trivadis locations with more than 650 employees Sales of CHF 111 million (EUR 96 million) Over 250 Service Level Agreements More than 4000 training participants Research and development budget: CHF 5.0 million More than 1900 projects each year with over 800 customers Financially independent and sustainably profitable
Stefan Oehrli Solution Manager BDS SEC / Trivadis Partner Working since 1997 in IT Since 2008 with Trivadis AG Since 2010 Discipline Manager SEC INFR Since 2014 Solution Manager BDS Security Skills Backup & Recovery Oracle Advanced Security Oracle AVDF and DB Vault Oracle Directory Services Team / Project Management Trainer O-SEC, O-BR,… IT Experience Database administration and database security solutions Administration complex, heterogeneous systems IT / Database Team leader Specialization DB security and operation Security concepts and their implementation Security assessments Oracle Backup & Recovery Enterprise User Security and Oracle Unified Directory 5 TechEvent - EUS, Kerberos, SSL and OUD14.09.2018
Agenda TechEvent - EUS, Kerberos, SSL and OUD6 14.09.2018 1. Initial situation 2. Enhance Authentication 3. Oracle Directory Services 4. Oracle Enterprise User Security 5. Troubleshooting and challenges 6. Conclusion
TechEvent - EUS, Kerberos, SSL and OUD7 14.09.2018 Initial situation
The Example Inc. TechEvent - EUS, Kerberos, SSL and OUD8 14.09.2018 Scott DBA Bob User Alice User Larry Security Admin username / password Weak password verifier e.g. 10g, 11g, 12c Risk of weak or shared passwords Decentralized administration Poor usability (Admin, User,..) Overvisibility
The Example Inc. TechEvent - EUS, Kerberos, SSL and OUD10 14.09.2018 ... as usual it just depends! Different approaches for improving authentication and authorization are possible…
The Example Inc. TechEvent - EUS, Kerberos, SSL and OUD11 14.09.2018 Scott DBA Bob User Alice User Larry Security Admin Single Logon / Single Sign On Single logon / Single Sign On Centralized user management Nice guy from HR Oracle Directory MS AD IAM / IdM
Distinguishing characteristics TechEvent - EUS, Kerberos, SSL and OUD12 14.09.2018 Authentication methods – Password base authentication providing different authentication protocol versions – OS authentication – Strong authentication using Kerberos or Radius – Certificate based authentication using SSL and TCPS – Special authentication like administrators (SYSxxx) or proxy Just authentication or also authorization e.g. who versus what Centralized versus decentralized account management – Manual distribution and maintenance of user and roles – IdM based distribution and maintenance of user and roles – Centralized management of user and roles
TechEvent - EUS, Kerberos, SSL and OUD13 14.09.2018 Enhance Authentication
Password authentication TechEvent - EUS, Kerberos, SSL and OUD14 14.09.2018 Password authentication requires a verifier / hash stored in USER$ – USER$.PASSWORD for 10g hash (DES based) – USER$.SPARE4 for 11g and 12c hashes (sha1 respectively sha2 based) Old authentication protocols have serious security vulnerabilities – CVE-2012-3137, MOS Note 1492721.1 and 1493990.1 Specifying the Version of the Logon Process – SQLNET.ALLOWED_LOGON_VERSION (deprecated) – SQLNET. ALLOWED_LOGON_VERSION_SERVER|CLIENT Strong password verifiers by default as of 12.2.0.1 – Default value changed to 12 use to be 8 – Earlier releases require critical patch updates CPUOct2012 to use 12
Authentication protocols version TechEvent - EUS, Kerberos, SSL and OUD15 14.09.2018 Logon Version Password Version Ability Client Meaning for Clients Server Exclusive Mode 12a 12c O7L_MR Only Oracle DB 12c R1 (12.1.0.2 or later) clients can connect to the server Yes because it excludes 10G and 11G password versions 12 11g, 12c O5L_NP Oracle DB 11g R2 (11.2.0.3 or later) clients can connect to the server Older clients need the critical patch update CPUOct2012 or later, to gain the O5L_NP ability Yes because it excludes 10G password version 11 10g, 11g, 12c O5L Oracle 10g DB or newer clients can connect. Clients using releases earlier than 11.2.0.3 that have not applied critical patch update CPUOct2012 or later patches must use the 10G password version No 10 10g, 11g, 12c O5L Oracle 10g DB or newer clients can connect No 9 10g, 11g, 12c O4L Oracle 9i DB or newer clients can connect No 8 10g, 11g, 12c O3L Oracle 8i DB or newer clients can connect No
Authentication protocols version TechEvent - EUS, Kerberos, SSL and OUD16 14.09.2018 SQL> conn USER_10G/manager ERROR: ORA-01017: invalid username/password; logon denied Logon using a wrong password verifier (Error ORA-28040 or ORA-01017) SELECT username,password_versions FROM dba_users WHERE username LIKE 'USER_%' ORDER BY 1; USERNAME PASSWORD_VERSIONS ------------------------------ ----------------- USER_10G 10G USER_11G 11G USER_12C 12C USER_ALL 10G 11G 12C Available password version in DBA_USERS
Kerberos in a Nutshell TechEvent - EUS, Kerberos, SSL and OUD17 14.09.2018 Network Authentication Protocol developed by MIT Uses a trusted third-party Authentication System KDC (not KGB…) – “strong” Authentication Basis for a couple of Services and Tools Windows Servers Requires three parties – KDC with Authentication Service and Ticket Granting Service – Service or Service Principle who provide a Service – Client who request access Has been around for some time now
Kerberos Authentication Workflow TechEvent - EUS, Kerberos, SSL and OUD18 14.09.2018 Keytab file Service Ticket Send Ticket Granting Ticket logon / okinit / kinit Request Ticket Granting Ticket Request a Service Ticket Send Service Ticket Acknowledge session
Kerberos Configuration (Demo) TechEvent - EUS, Kerberos, SSL and OUD19 14.09.2018 Configuration a proper server name resolution (DNS and revers lookup) Configure SQL Net e.g. sqlnet.ora, krb5.conf on server and clients Create a service principle in MS Active Directory Create a keytab file for the service principle Make sure that… – ... the times on the server, client and directory server are in sync – … don’t mix up domain name, realm, user principle name, service principle name – … avoid using 12.1.0.x due to incompatibility with KERBEROS5PRE
TechEvent - EUS, Kerberos, SSL and OUD20 14.09.2018 Oracle Directory Services
Oracle Directory Services TechEvent - EUS, Kerberos, SSL and OUD21 14.09.2018 Oracle does provide a couple of directory servers the Oracle Directory Service Plus – OID Oracle Internet Directory a Oracle Database based LDAP server – OUD Oracle Unified Directory a small lightweight LDAP server – ODSEE Oracle Directory Server Enterprise Edition deprecated product (formerly Sun Directory Server Enterprise Edition) – OVD Oracle Virtual Directory deprecated product OUD and OID used two different approaches – Horizontal scaling for OUD versus monolithic scalability for OID OID does require a full Oracle Database and WebLogic stack – Although it can be used without any additional license for Oracle Names resolution No other Directory Server is supported for direct integration with Oracle DatabasesCentrally Managed Users CMU
Oracle Unified Directory TechEvent - EUS, Kerberos, SSL and OUD22 14.09.2018 The other Oracle Directory …J – Yes my favorite… OUD is the latest of three Oracle LDAP directories and based on OpenDS Standard – Full LDAPv3 compliant directory Server – Proxy server e.g. Integrate OUD and MS Active Directory – Replication Server Java Based Directory – Written in Java for multiple platform support High performance and space effective data storage – Embedded Berkley DB
Oracle Unified Directory (Demo) TechEvent - EUS, Kerberos, SSL and OUD23 14.09.2018 Setup an OUD Active Directory Proxy for Enterprise User Security Prepare OUD configuration scripts The classical setup… – Install Oracle Java – Install Oracle Unified Directory and the latest bundle patch's – Create the OUD proxy instance using the configuration scripts The modern way… – Initiate a new OUD Docker container J
OUD Docker startup TechEvent - EUS, Kerberos, SSL and OUD24 14.09.2018
TechEvent - EUS, Kerberos, SSL and OUD25 14.09.2018 Oracle Enterprise User Security
Integration of MS Active Directory Services using EUS TechEvent - EUS, Kerberos, SSL and OUD26 14.09.2018 Until now, integration with Active Directory also meant to… – …maintain an Oracle Directory – …setup OID or OUD – …configure OUD AD Proxy, DIP etc. – …configure Enterprise User Security – …purchase Directory Server Plus Oracle Enterprise User Security has a number of advantages for medium and large environments To manage only a few users centrally with EUS means “to crack a nut with a sledgehammer”
OUD EUS Proxy Workflow TechEvent - EUS, Kerberos, SSL and OUD27 14.09.2018
Integration of MS Active Directory Services using CMU TechEvent - EUS, Kerberos, SSL and OUD28 14.09.2018 Centrally Managed User CMU… – …does not require an Oracle Directory – …does not require a license – …allows to manage user via AD Supports usual authentication methods – Password – Kerberos – Public key infrastructure (PKI) Requires a password filter and AD schema extension Requires a AD service account Ideal for small environments
Configuration – Database TechEvent - EUS, Kerberos, SSL and OUD29 14.09.2018 ldap_directory_access string PASSWORD ldap_directory_sysauth string NO Register Database with LDAP Directory using dbca (CLI or GUI) – could cause issues with none default Listener Ports Initialization parameter change by dbca DIRECTORY_SERVERS= (oudad.postgasse.org:1389:1636) DEFAULT_ADMIN_CONTEXT = "dc=postgasse,dc=org" DIRECTORY_SERVER_TYPE = OID Define the LDAP Directory using netca or directly in ldap.ora
Configuration – Database TechEvent - EUS, Kerberos, SSL and OUD30 14.09.2018 ALTER USER clark IDENTIFIED GLOBALLY AS 'cn=clark, cn=Users,dc=trivadistraining,dc=com'; CREATE USER employee IDENTIFIED GLOBALLY; Create global Database Users with IDENTIFIED GLOBALLY WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY =/u00/app/oracle/admin/$ORACLE_SID/wallet))) Oracle Wallet used to store LDAP credentials – dbca does create a new Oracle Wallet at the WALLET_LOCATION – WALLET_LOCATION is not supported for Container Database
Configuration – EUS TechEvent - EUS, Kerberos, SSL and OUD31 14.09.2018 eusm createMapping database_name="TDB12A" realm_dn="dc=trivadistraining,dc=com" map_type="SUBTREE" map_dn="cn=Users,dc=trivadistraining,dc=com" schema="employee" ldap_host="localhost" ldap_port=1389 ldap_user_dn="cn=orcladmin" ldap_user_password="TVD04manager" Define Schema / Role mapping for EUS – Enterprise Manager Cloud Control – eusm command line utility MOS Note 1085065.1 – eusm officially documented in Oracle Database 18c Create Mapping to a global shared schema
Oracle Enterprise User Security (Demo) TechEvent - EUS, Kerberos, SSL and OUD32 14.09.2018 Configure SQL Net e.g. sqlnet.ora and ldap.conf on server and clients Register database using dbca Create global user and roles Define EUS mapping using eusm
TechEvent - EUS, Kerberos, SSL and OUD33 14.09.2018 Troubleshooting and challenges
Challenges TechEvent - EUS, Kerberos, SSL and OUD34 14.09.2018 Use of OUD, EUS and Active Directory for the central manage of users and roles, requires the consideration of high availability and backup & recovery solutions – Multiple OUD installation with LDAP replication The technical aspects of EUS is one part of the problem A corresponding user and role concept is another aspect that must be solved seriously and comprehensively. More complex infrastructures increase the probability to hit a bug – Issues on the LDAP stack are not handled by the core DB dev team
Challenges TechEvent - EUS, Kerberos, SSL and OUD35 14.09.2018 Some Oracle products are not always on the leading edge of certain technologies – EUS and Databases require legacy unsecure SSL ciphers – EUS still requires sha1 password store – PBKDF2 SHA-512 is possible but requires some patch’s Kerberos is not Kerberos – Not all implementation work as excepted OS stack, DB stack, KDC etc. Not all clients and/or applications can handle EUS, SSO and Kerberos – theoretically and technically yes, but what to do when the app requires a username RADIUS is not an option for EUS
Troubleshooting TechEvent - EUS, Kerberos, SSL and OUD36 14.09.2018 The error messages are clearly arranged J a few common errors – ORA-01017 : invalid username/password; logon denied – ORA-28030 : Unable to access LDAP directory service – ORA-12638: Credential retrieval failed – ORA-12631: Username retrieval failed Check your network and DNS configuration User KRB5_TRACE environment variable available as of Oracle 12c Get familiar with SQL Net trace Use Wireshark to trace your network traffic Double check if you do not hit one of the well known bug e.g. 19285025 And again, check your network and DNS configuration
Troubleshooting using MOS Notes TechEvent - EUS, Kerberos, SSL and OUD37 14.09.2018 MOS Note 1375853.1 Master Note For Kerberos Authentication https://support.oracle.com/epmos/faces/DocumentDisplay?id=1375853.1 MOS Note 185897.1 Kerberos Troubleshooting Guide https://support.oracle.com/epmos/faces/DocumentDisplay?id=185897.1 MOS Note 1376365.1 Master Note For Enterprise User Security https://support.oracle.com/epmos/faces/DocumentDisplay?id=1376365.1 MOS Note 453853.1 Step by Step Guide To Troubleshooting Enterprise User Security (EUS) - Password Authentication https://support.oracle.com/epmos/faces/DocumentDisplay?id=453853.1 And much more, but make sure to check Oracle Version and MOS Note release date!
Resources TechEvent - EUS, Kerberos, SSL and OUD38 14.09.2018 DOAG RedStack Magazine Sept 2018 “Oracle Unified Directory in Docker” Oracle Docker GitHub repository https://github.com/oracle/docker-images Stefan Oehrli GitHub Docker repository https://github.com/oehrlis/docker OUD Base environment scripts https://github.com/oehrlis/oudbase O5Logon https://marcel.vandewaters.nl/oracle/security/cryptographic-flaws-in-oracle- database-authentication-protocol
TechEvent - EUS, Kerberos, SSL and OUD39 14.09.2018 Conclusion Strong password verifier and strong authentication e.g. Kerberos is state of the art today Setup OUD and EUS isn't as hard as it looks at first glance – Main challenge is a proper user and role concept Centrally Managed User CMU is a promising solution for small / medium IT environments Despite bug's, Kerberos, EUS and OUD provides reliable methods to centrally manage users and roles and increase database security
Question & Answers Stefan Oehrli Solution Manager / Trivadis Partner Tel.: +41 58 459 55 55 stefan.oehrli@trivadis.com @stefanoehrli http://www.oradba.ch 14.09.2018 TechEvent - EUS, Kerberos, SSL and OUD40

Recommended

TechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTrivadis
 
Oracle and Docker
Oracle and DockerOracle and Docker
Oracle and DockerStefan Oehrli
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...Trivadis
 
SOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cSOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cStefan Oehrli
 
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - Trivadis
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - TrivadisTechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - Trivadis
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - TrivadisTrivadis
 
UKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityUKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityStefan Oehrli
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesStefan Oehrli
 

Recommended

TechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTrivadis
 
Oracle and Docker
Oracle and DockerOracle and Docker
Oracle and DockerStefan Oehrli
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...Trivadis
 
SOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cSOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cStefan Oehrli
 
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - Trivadis
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - TrivadisTechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - Trivadis
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - TrivadisTrivadis
 
UKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityUKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityStefan Oehrli
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesStefan Oehrli
 
UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesStefan Oehrli
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABStefan Oehrli
 
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis
 
Postgre sql best_practices
Postgre sql best_practicesPostgre sql best_practices
Postgre sql best_practicesEmiliano Fusaglia
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsStefan Oehrli
 
MythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionMythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionChristian Gohmann
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityStefan Oehrli
 
REST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using RESTREST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using RESTChristian Gohmann
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformStefan Oehrli
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
SOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesSOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesStefan Oehrli
 
12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12c12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12cGuatemala User Group
 
Obia with odi
Obia with odiObia with odi
Obia with odinaveennagineni
 
Create non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsCreate non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsBiju Thomas
 
RMAN best practices for RAC
RMAN best practices for RACRMAN best practices for RAC
RMAN best practices for RACSyed Hussain
 
Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Biju Thomas
 
Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Performance Tuning Corporation
 
Oracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesOracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesEmre Baransel
 
Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...
Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...
Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...Andrejs Karpovs
 
RAC Attack 12c Installation Instruction
RAC Attack 12c Installation InstructionRAC Attack 12c Installation Instruction
RAC Attack 12c Installation InstructionYury Velikanov
 
Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan Oehrli
Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan OehrliTrivadis TechEvent 2017 Kerberos and Databases a Success by Stefan Oehrli
Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan OehrliTrivadis
 
Trivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael SchwarzgornTrivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael SchwarzgornTrivadis
 

More Related Content

What's hot

UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesStefan Oehrli
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABStefan Oehrli
 
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsStefan Oehrli
 
MythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionMythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionChristian Gohmann
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityStefan Oehrli
 
REST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using RESTREST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using RESTChristian Gohmann
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformStefan Oehrli
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
SOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesSOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesStefan Oehrli
 
12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12c12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12cGuatemala User Group
 
Create non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsCreate non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsBiju Thomas
 
RMAN best practices for RAC
RMAN best practices for RACRMAN best practices for RAC
RMAN best practices for RACSyed Hussain
 
Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Biju Thomas
 
Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Performance Tuning Corporation
 
Oracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesOracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesEmre Baransel
 
Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...
Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...
Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...Andrejs Karpovs
 
RAC Attack 12c Installation Instruction
RAC Attack 12c Installation InstructionRAC Attack 12c Installation Instruction
RAC Attack 12c Installation InstructionYury Velikanov
 

What's hot (20)

UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle Databases
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LAB
 
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
 
Postgre sql best_practices
Postgre sql best_practicesPostgre sql best_practices
Postgre sql best_practices
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant Environments
 
MythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionMythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data Corruption
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password Security
 
REST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using RESTREST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using REST
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with Terraform
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
 
SOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesSOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant Databases
 
12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12c12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12c
 
Obia with odi
Obia with odiObia with odi
Obia with odi
 
Create non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsCreate non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windows
 
RMAN best practices for RAC
RMAN best practices for RACRMAN best practices for RAC
RMAN best practices for RAC
 
Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12
 
Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?
 
Oracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesOracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New Features
 
Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...
Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...
Lessons Learnt from Oracle Unified Directory implementation with Oracle E-Bus...
 
RAC Attack 12c Installation Instruction
RAC Attack 12c Installation InstructionRAC Attack 12c Installation Instruction
RAC Attack 12c Installation Instruction
 

Similar to TechEvent EUS, Kerberos, SSL and OUD

Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan Oehrli
Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan OehrliTrivadis TechEvent 2017 Kerberos and Databases a Success by Stefan Oehrli
Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan OehrliTrivadis
 
Trivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael SchwarzgornTrivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael SchwarzgornTrivadis
 
sonal sharma 16.09.2015
sonal sharma 16.09.2015sonal sharma 16.09.2015
sonal sharma 16.09.2015sonal sharma
 
Oracle DBA Trainer
Oracle DBA TrainerOracle DBA Trainer
Oracle DBA TrainerP S Rani
 
Modern Database Development Oow2008 Lucas Jellema
Modern Database Development Oow2008 Lucas JellemaModern Database Development Oow2008 Lucas Jellema
Modern Database Development Oow2008 Lucas JellemaLucas Jellema
 
Powering the Cloud with Oracle WebLogic
Powering the Cloud with Oracle WebLogicPowering the Cloud with Oracle WebLogic
Powering the Cloud with Oracle WebLogicLucas Jellema
 
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...Trivadis
 
AWS Solution Architect Professional
AWS Solution Architect ProfessionalAWS Solution Architect Professional
AWS Solution Architect ProfessionalSuman Jha
 
YASEEN EDA VALAPPIL
YASEEN EDA VALAPPILYASEEN EDA VALAPPIL
YASEEN EDA VALAPPILYASEEN EV
 
Engineer Suman Chandra Jha Resume
Engineer Suman Chandra Jha ResumeEngineer Suman Chandra Jha Resume
Engineer Suman Chandra Jha ResumeSuman Jha
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldC4Media
 
Oracle Database: Checklist Connection Issues
Oracle Database: Checklist Connection IssuesOracle Database: Checklist Connection Issues
Oracle Database: Checklist Connection IssuesMarkus Flechtner
 
Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"
Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"
Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"Fwdays
 
Enterprise manager 13c -let's connect to the Oracle Cloud
Enterprise manager 13c -let's connect to the Oracle CloudEnterprise manager 13c -let's connect to the Oracle Cloud
Enterprise manager 13c -let's connect to the Oracle CloudTrivadis
 
What is expected from Chief Cloud Officers?
What is expected from Chief Cloud Officers?What is expected from Chief Cloud Officers?
What is expected from Chief Cloud Officers?Bernard Paques
 
JowilGallenito (UPDATED)
JowilGallenito (UPDATED)JowilGallenito (UPDATED)
JowilGallenito (UPDATED)jowil gallenito
 
Discover the all new Mesosphere DC/OS 1.10
Discover the all new Mesosphere DC/OS 1.10Discover the all new Mesosphere DC/OS 1.10
Discover the all new Mesosphere DC/OS 1.10Mesosphere Inc.
 
Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Ethos Technologies
 

Similar to TechEvent EUS, Kerberos, SSL and OUD (20)

Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan Oehrli
Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan OehrliTrivadis TechEvent 2017 Kerberos and Databases a Success by Stefan Oehrli
Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan Oehrli
 
Trivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael SchwarzgornTrivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
Trivadis TechEvent 2017 Oracle on azure by Michael Schwarzgorn
 
sonal sharma 16.09.2015
sonal sharma 16.09.2015sonal sharma 16.09.2015
sonal sharma 16.09.2015
 
Oracle DBA Trainer
Oracle DBA TrainerOracle DBA Trainer
Oracle DBA Trainer
 
Modern Database Development Oow2008 Lucas Jellema
Modern Database Development Oow2008 Lucas JellemaModern Database Development Oow2008 Lucas Jellema
Modern Database Development Oow2008 Lucas Jellema
 
Powering the Cloud with Oracle WebLogic
Powering the Cloud with Oracle WebLogicPowering the Cloud with Oracle WebLogic
Powering the Cloud with Oracle WebLogic
 
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
 
AWS Solution Architect Professional
AWS Solution Architect ProfessionalAWS Solution Architect Professional
AWS Solution Architect Professional
 
YASEEN EDA VALAPPIL
YASEEN EDA VALAPPILYASEEN EDA VALAPPIL
YASEEN EDA VALAPPIL
 
Engineer Suman Chandra Jha Resume
Engineer Suman Chandra Jha ResumeEngineer Suman Chandra Jha Resume
Engineer Suman Chandra Jha Resume
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New World
 
Oracle Database: Checklist Connection Issues
Oracle Database: Checklist Connection IssuesOracle Database: Checklist Connection Issues
Oracle Database: Checklist Connection Issues
 
Allan_John_R_Salgado-MCSD.NET, MCTS,MCPD-Resume(LinkedIn)
Allan_John_R_Salgado-MCSD.NET, MCTS,MCPD-Resume(LinkedIn)Allan_John_R_Salgado-MCSD.NET, MCTS,MCPD-Resume(LinkedIn)
Allan_John_R_Salgado-MCSD.NET, MCTS,MCPD-Resume(LinkedIn)
 
Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"
Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"
Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"
 
Enterprise manager 13c -let's connect to the Oracle Cloud
Enterprise manager 13c -let's connect to the Oracle CloudEnterprise manager 13c -let's connect to the Oracle Cloud
Enterprise manager 13c -let's connect to the Oracle Cloud
 
What is expected from Chief Cloud Officers?
What is expected from Chief Cloud Officers?What is expected from Chief Cloud Officers?
What is expected from Chief Cloud Officers?
 
Understanding AWS security
Understanding AWS securityUnderstanding AWS security
Understanding AWS security
 
JowilGallenito (UPDATED)
JowilGallenito (UPDATED)JowilGallenito (UPDATED)
JowilGallenito (UPDATED)
 
Discover the all new Mesosphere DC/OS 1.10
Discover the all new Mesosphere DC/OS 1.10Discover the all new Mesosphere DC/OS 1.10
Discover the all new Mesosphere DC/OS 1.10
 
Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Azure presentation nnug dec 2010
Azure presentation nnug dec 2010
 

More from Trivadis

Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...Trivadis
 
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Trivadis
 
Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)
Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)
Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)Trivadis
 
Azure Days 2019: Master the Move to Azure (Konrad Brunner)
Azure Days 2019: Master the Move to Azure (Konrad Brunner)Azure Days 2019: Master the Move to Azure (Konrad Brunner)
Azure Days 2019: Master the Move to Azure (Konrad Brunner)Trivadis
 
Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...
Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...
Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...Trivadis
 
Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)
Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)
Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)Trivadis
 
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...Trivadis
 
Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...
Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...
Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...Trivadis
 
Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...
Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...
Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...Trivadis
 
Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...
Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...
Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...Trivadis
 
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...Trivadis
 
TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...
TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...
TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...Trivadis
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTrivadis
 
TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...
TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...
TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...Trivadis
 
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...Trivadis
 
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...Trivadis
 
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...Trivadis
 
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...Trivadis
 
TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...
TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...
TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...Trivadis
 
TechEvent 2019: The sleeping Power of Data; Eberhard Lösch - Trivadis
TechEvent 2019: The sleeping Power of Data; Eberhard Lösch - TrivadisTechEvent 2019: The sleeping Power of Data; Eberhard Lösch - Trivadis
TechEvent 2019: The sleeping Power of Data; Eberhard Lösch - TrivadisTrivadis
 

More from Trivadis (20)

Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...
 
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
 
Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)
Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)
Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)
 
Azure Days 2019: Master the Move to Azure (Konrad Brunner)
Azure Days 2019: Master the Move to Azure (Konrad Brunner)Azure Days 2019: Master the Move to Azure (Konrad Brunner)
Azure Days 2019: Master the Move to Azure (Konrad Brunner)
 
Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...
Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...
Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...
 
Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)
Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)
Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)
 
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...
 
Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...
Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...
Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...
 
Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...
Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...
Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...
 
Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...
Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...
Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...
 
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...
 
TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...
TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...
TechEvent 2019: Oracle Database Appliance M/L - Erfahrungen und Erfolgsmethod...
 
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - TrivadisTechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
TechEvent 2019: Security 101 für Web Entwickler; Roland Krüger - Trivadis
 
TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...
TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...
TechEvent 2019: Trivadis & Swisscom Partner Angebote; Konrad Häfeli, Markus O...
 
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
TechEvent 2019: DBaaS from Swisscom Cloud powered by Trivadis; Konrad Häfeli ...
 
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...
 
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
 
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...
 
TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...
TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...
TechEvent 2019: Vom Rechenzentrum in die Oracle Cloud - Übertragungsmethoden;...
 
TechEvent 2019: The sleeping Power of Data; Eberhard Lösch - Trivadis
TechEvent 2019: The sleeping Power of Data; Eberhard Lösch - TrivadisTechEvent 2019: The sleeping Power of Data; Eberhard Lösch - Trivadis
TechEvent 2019: The sleeping Power of Data; Eberhard Lösch - Trivadis
 

Recently uploaded

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Recently uploaded (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

TechEvent EUS, Kerberos, SSL and OUD

  • 1. BASEL BERN BRUGG DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. GENF HAMBURG KOPENHAGEN LAUSANNE MÜNCHEN STUTTGART WIEN ZÜRICH EUS, Kerberos, SSL and OUD A Guideline Stefan Oehrli
  • 2. Trivadis – Our mission. TechEvent - EUS, Kerberos, SSL and OUD2 14.09.2018 Trivadis makes IT easier: We provide significant support for our customers in the smart use of data in the digital age. We reduce complexity for our customers through outstanding technological expertise. We take over key tasks in the existing and future IT of our customers.
  • 3. Trivadis – What sets us apart. TechEvent - EUS, Kerberos, SSL and OUD3 14.09.2018 We understand the business processes and economic challenges of our customers and support them through IT consulting and in the development of comprehensive IT solutions. Our proven products, developed by Trivadis, are based on in-depth expertise in the key technologies offered by Microsoft, Oracle and Open Source. That sets us apart from the competition. A selection of awards we have received OPEN SOURCE
  • 4. Trivadis – Our key figures TechEvent - EUS, Kerberos, SSL and OUD4 14.09.2018 Founded in 1994 15 Trivadis locations with more than 650 employees Sales of CHF 111 million (EUR 96 million) Over 250 Service Level Agreements More than 4000 training participants Research and development budget: CHF 5.0 million More than 1900 projects each year with over 800 customers Financially independent and sustainably profitable
  • 5. Stefan Oehrli Solution Manager BDS SEC / Trivadis Partner Working since 1997 in IT Since 2008 with Trivadis AG Since 2010 Discipline Manager SEC INFR Since 2014 Solution Manager BDS Security Skills Backup & Recovery Oracle Advanced Security Oracle AVDF and DB Vault Oracle Directory Services Team / Project Management Trainer O-SEC, O-BR,… IT Experience Database administration and database security solutions Administration complex, heterogeneous systems IT / Database Team leader Specialization DB security and operation Security concepts and their implementation Security assessments Oracle Backup & Recovery Enterprise User Security and Oracle Unified Directory 5 TechEvent - EUS, Kerberos, SSL and OUD14.09.2018
  • 6. Agenda TechEvent - EUS, Kerberos, SSL and OUD6 14.09.2018 1. Initial situation 2. Enhance Authentication 3. Oracle Directory Services 4. Oracle Enterprise User Security 5. Troubleshooting and challenges 6. Conclusion
  • 7. TechEvent - EUS, Kerberos, SSL and OUD7 14.09.2018 Initial situation
  • 8. The Example Inc. TechEvent - EUS, Kerberos, SSL and OUD8 14.09.2018 Scott DBA Bob User Alice User Larry Security Admin username / password Weak password verifier e.g. 10g, 11g, 12c Risk of weak or shared passwords Decentralized administration Poor usability (Admin, User,..) Overvisibility
  • 9. The Example Inc. TechEvent - EUS, Kerberos, SSL and OUD10 14.09.2018 ... as usual it just depends! Different approaches for improving authentication and authorization are possible…
  • 10. The Example Inc. TechEvent - EUS, Kerberos, SSL and OUD11 14.09.2018 Scott DBA Bob User Alice User Larry Security Admin Single Logon / Single Sign On Single logon / Single Sign On Centralized user management Nice guy from HR Oracle Directory MS AD IAM / IdM
  • 11. Distinguishing characteristics TechEvent - EUS, Kerberos, SSL and OUD12 14.09.2018 Authentication methods – Password base authentication providing different authentication protocol versions – OS authentication – Strong authentication using Kerberos or Radius – Certificate based authentication using SSL and TCPS – Special authentication like administrators (SYSxxx) or proxy Just authentication or also authorization e.g. who versus what Centralized versus decentralized account management – Manual distribution and maintenance of user and roles – IdM based distribution and maintenance of user and roles – Centralized management of user and roles
  • 12. TechEvent - EUS, Kerberos, SSL and OUD13 14.09.2018 Enhance Authentication
  • 13. Password authentication TechEvent - EUS, Kerberos, SSL and OUD14 14.09.2018 Password authentication requires a verifier / hash stored in USER$ – USER$.PASSWORD for 10g hash (DES based) – USER$.SPARE4 for 11g and 12c hashes (sha1 respectively sha2 based) Old authentication protocols have serious security vulnerabilities – CVE-2012-3137, MOS Note 1492721.1 and 1493990.1 Specifying the Version of the Logon Process – SQLNET.ALLOWED_LOGON_VERSION (deprecated) – SQLNET. ALLOWED_LOGON_VERSION_SERVER|CLIENT Strong password verifiers by default as of 12.2.0.1 – Default value changed to 12 use to be 8 – Earlier releases require critical patch updates CPUOct2012 to use 12
  • 14. Authentication protocols version TechEvent - EUS, Kerberos, SSL and OUD15 14.09.2018 Logon Version Password Version Ability Client Meaning for Clients Server Exclusive Mode 12a 12c O7L_MR Only Oracle DB 12c R1 (12.1.0.2 or later) clients can connect to the server Yes because it excludes 10G and 11G password versions 12 11g, 12c O5L_NP Oracle DB 11g R2 (11.2.0.3 or later) clients can connect to the server Older clients need the critical patch update CPUOct2012 or later, to gain the O5L_NP ability Yes because it excludes 10G password version 11 10g, 11g, 12c O5L Oracle 10g DB or newer clients can connect. Clients using releases earlier than 11.2.0.3 that have not applied critical patch update CPUOct2012 or later patches must use the 10G password version No 10 10g, 11g, 12c O5L Oracle 10g DB or newer clients can connect No 9 10g, 11g, 12c O4L Oracle 9i DB or newer clients can connect No 8 10g, 11g, 12c O3L Oracle 8i DB or newer clients can connect No
  • 15. Authentication protocols version TechEvent - EUS, Kerberos, SSL and OUD16 14.09.2018 SQL> conn USER_10G/manager ERROR: ORA-01017: invalid username/password; logon denied Logon using a wrong password verifier (Error ORA-28040 or ORA-01017) SELECT username,password_versions FROM dba_users WHERE username LIKE 'USER_%' ORDER BY 1; USERNAME PASSWORD_VERSIONS ------------------------------ ----------------- USER_10G 10G USER_11G 11G USER_12C 12C USER_ALL 10G 11G 12C Available password version in DBA_USERS
  • 16. Kerberos in a Nutshell TechEvent - EUS, Kerberos, SSL and OUD17 14.09.2018 Network Authentication Protocol developed by MIT Uses a trusted third-party Authentication System KDC (not KGB…) – “strong” Authentication Basis for a couple of Services and Tools Windows Servers Requires three parties – KDC with Authentication Service and Ticket Granting Service – Service or Service Principle who provide a Service – Client who request access Has been around for some time now
  • 17. Kerberos Authentication Workflow TechEvent - EUS, Kerberos, SSL and OUD18 14.09.2018 Keytab file Service Ticket Send Ticket Granting Ticket logon / okinit / kinit Request Ticket Granting Ticket Request a Service Ticket Send Service Ticket Acknowledge session
  • 18. Kerberos Configuration (Demo) TechEvent - EUS, Kerberos, SSL and OUD19 14.09.2018 Configuration a proper server name resolution (DNS and revers lookup) Configure SQL Net e.g. sqlnet.ora, krb5.conf on server and clients Create a service principle in MS Active Directory Create a keytab file for the service principle Make sure that… – ... the times on the server, client and directory server are in sync – … don’t mix up domain name, realm, user principle name, service principle name – … avoid using 12.1.0.x due to incompatibility with KERBEROS5PRE
  • 19. TechEvent - EUS, Kerberos, SSL and OUD20 14.09.2018 Oracle Directory Services
  • 20. Oracle Directory Services TechEvent - EUS, Kerberos, SSL and OUD21 14.09.2018 Oracle does provide a couple of directory servers the Oracle Directory Service Plus – OID Oracle Internet Directory a Oracle Database based LDAP server – OUD Oracle Unified Directory a small lightweight LDAP server – ODSEE Oracle Directory Server Enterprise Edition deprecated product (formerly Sun Directory Server Enterprise Edition) – OVD Oracle Virtual Directory deprecated product OUD and OID used two different approaches – Horizontal scaling for OUD versus monolithic scalability for OID OID does require a full Oracle Database and WebLogic stack – Although it can be used without any additional license for Oracle Names resolution No other Directory Server is supported for direct integration with Oracle DatabasesCentrally Managed Users CMU
  • 21. Oracle Unified Directory TechEvent - EUS, Kerberos, SSL and OUD22 14.09.2018 The other Oracle Directory …J – Yes my favorite… OUD is the latest of three Oracle LDAP directories and based on OpenDS Standard – Full LDAPv3 compliant directory Server – Proxy server e.g. Integrate OUD and MS Active Directory – Replication Server Java Based Directory – Written in Java for multiple platform support High performance and space effective data storage – Embedded Berkley DB
  • 22. Oracle Unified Directory (Demo) TechEvent - EUS, Kerberos, SSL and OUD23 14.09.2018 Setup an OUD Active Directory Proxy for Enterprise User Security Prepare OUD configuration scripts The classical setup… – Install Oracle Java – Install Oracle Unified Directory and the latest bundle patch's – Create the OUD proxy instance using the configuration scripts The modern way… – Initiate a new OUD Docker container J
  • 23. OUD Docker startup TechEvent - EUS, Kerberos, SSL and OUD24 14.09.2018
  • 24. TechEvent - EUS, Kerberos, SSL and OUD25 14.09.2018 Oracle Enterprise User Security
  • 25. Integration of MS Active Directory Services using EUS TechEvent - EUS, Kerberos, SSL and OUD26 14.09.2018 Until now, integration with Active Directory also meant to… – …maintain an Oracle Directory – …setup OID or OUD – …configure OUD AD Proxy, DIP etc. – …configure Enterprise User Security – …purchase Directory Server Plus Oracle Enterprise User Security has a number of advantages for medium and large environments To manage only a few users centrally with EUS means “to crack a nut with a sledgehammer”
  • 26. OUD EUS Proxy Workflow TechEvent - EUS, Kerberos, SSL and OUD27 14.09.2018
  • 27. Integration of MS Active Directory Services using CMU TechEvent - EUS, Kerberos, SSL and OUD28 14.09.2018 Centrally Managed User CMU… – …does not require an Oracle Directory – …does not require a license – …allows to manage user via AD Supports usual authentication methods – Password – Kerberos – Public key infrastructure (PKI) Requires a password filter and AD schema extension Requires a AD service account Ideal for small environments
  • 28. Configuration – Database TechEvent - EUS, Kerberos, SSL and OUD29 14.09.2018 ldap_directory_access string PASSWORD ldap_directory_sysauth string NO Register Database with LDAP Directory using dbca (CLI or GUI) – could cause issues with none default Listener Ports Initialization parameter change by dbca DIRECTORY_SERVERS= (oudad.postgasse.org:1389:1636) DEFAULT_ADMIN_CONTEXT = "dc=postgasse,dc=org" DIRECTORY_SERVER_TYPE = OID Define the LDAP Directory using netca or directly in ldap.ora
  • 29. Configuration – Database TechEvent - EUS, Kerberos, SSL and OUD30 14.09.2018 ALTER USER clark IDENTIFIED GLOBALLY AS 'cn=clark, cn=Users,dc=trivadistraining,dc=com'; CREATE USER employee IDENTIFIED GLOBALLY; Create global Database Users with IDENTIFIED GLOBALLY WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY =/u00/app/oracle/admin/$ORACLE_SID/wallet))) Oracle Wallet used to store LDAP credentials – dbca does create a new Oracle Wallet at the WALLET_LOCATION – WALLET_LOCATION is not supported for Container Database
  • 30. Configuration – EUS TechEvent - EUS, Kerberos, SSL and OUD31 14.09.2018 eusm createMapping database_name="TDB12A" realm_dn="dc=trivadistraining,dc=com" map_type="SUBTREE" map_dn="cn=Users,dc=trivadistraining,dc=com" schema="employee" ldap_host="localhost" ldap_port=1389 ldap_user_dn="cn=orcladmin" ldap_user_password="TVD04manager" Define Schema / Role mapping for EUS – Enterprise Manager Cloud Control – eusm command line utility MOS Note 1085065.1 – eusm officially documented in Oracle Database 18c Create Mapping to a global shared schema
  • 31. Oracle Enterprise User Security (Demo) TechEvent - EUS, Kerberos, SSL and OUD32 14.09.2018 Configure SQL Net e.g. sqlnet.ora and ldap.conf on server and clients Register database using dbca Create global user and roles Define EUS mapping using eusm
  • 32. TechEvent - EUS, Kerberos, SSL and OUD33 14.09.2018 Troubleshooting and challenges
  • 33. Challenges TechEvent - EUS, Kerberos, SSL and OUD34 14.09.2018 Use of OUD, EUS and Active Directory for the central manage of users and roles, requires the consideration of high availability and backup & recovery solutions – Multiple OUD installation with LDAP replication The technical aspects of EUS is one part of the problem A corresponding user and role concept is another aspect that must be solved seriously and comprehensively. More complex infrastructures increase the probability to hit a bug – Issues on the LDAP stack are not handled by the core DB dev team
  • 34. Challenges TechEvent - EUS, Kerberos, SSL and OUD35 14.09.2018 Some Oracle products are not always on the leading edge of certain technologies – EUS and Databases require legacy unsecure SSL ciphers – EUS still requires sha1 password store – PBKDF2 SHA-512 is possible but requires some patch’s Kerberos is not Kerberos – Not all implementation work as excepted OS stack, DB stack, KDC etc. Not all clients and/or applications can handle EUS, SSO and Kerberos – theoretically and technically yes, but what to do when the app requires a username RADIUS is not an option for EUS
  • 35. Troubleshooting TechEvent - EUS, Kerberos, SSL and OUD36 14.09.2018 The error messages are clearly arranged J a few common errors – ORA-01017 : invalid username/password; logon denied – ORA-28030 : Unable to access LDAP directory service – ORA-12638: Credential retrieval failed – ORA-12631: Username retrieval failed Check your network and DNS configuration User KRB5_TRACE environment variable available as of Oracle 12c Get familiar with SQL Net trace Use Wireshark to trace your network traffic Double check if you do not hit one of the well known bug e.g. 19285025 And again, check your network and DNS configuration
  • 36. Troubleshooting using MOS Notes TechEvent - EUS, Kerberos, SSL and OUD37 14.09.2018 MOS Note 1375853.1 Master Note For Kerberos Authentication https://support.oracle.com/epmos/faces/DocumentDisplay?id=1375853.1 MOS Note 185897.1 Kerberos Troubleshooting Guide https://support.oracle.com/epmos/faces/DocumentDisplay?id=185897.1 MOS Note 1376365.1 Master Note For Enterprise User Security https://support.oracle.com/epmos/faces/DocumentDisplay?id=1376365.1 MOS Note 453853.1 Step by Step Guide To Troubleshooting Enterprise User Security (EUS) - Password Authentication https://support.oracle.com/epmos/faces/DocumentDisplay?id=453853.1 And much more, but make sure to check Oracle Version and MOS Note release date!
  • 37. Resources TechEvent - EUS, Kerberos, SSL and OUD38 14.09.2018 DOAG RedStack Magazine Sept 2018 “Oracle Unified Directory in Docker” Oracle Docker GitHub repository https://github.com/oracle/docker-images Stefan Oehrli GitHub Docker repository https://github.com/oehrlis/docker OUD Base environment scripts https://github.com/oehrlis/oudbase O5Logon https://marcel.vandewaters.nl/oracle/security/cryptographic-flaws-in-oracle- database-authentication-protocol
  • 38. TechEvent - EUS, Kerberos, SSL and OUD39 14.09.2018 Conclusion Strong password verifier and strong authentication e.g. Kerberos is state of the art today Setup OUD and EUS isn't as hard as it looks at first glance – Main challenge is a proper user and role concept Centrally Managed User CMU is a promising solution for small / medium IT environments Despite bug's, Kerberos, EUS and OUD provides reliable methods to centrally manage users and roles and increase database security
  • 39. Question & Answers Stefan Oehrli Solution Manager / Trivadis Partner Tel.: +41 58 459 55 55 stefan.oehrli@trivadis.com @stefanoehrli http://www.oradba.ch 14.09.2018 TechEvent - EUS, Kerberos, SSL and OUD40