- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Kerberos
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-13-2001 09:36 AM
тАО03-13-2001 09:36 AM
Kerberos
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2001 12:29 AM
тАО03-14-2001 12:29 AM
Re: Kerberos
You can go for external authentication of users in the database. If you do a create user identified externally your user will be able to connect directly to the database. Please check this possibility in the Oracle documentation. Then the user administration will be on the NT side. But you have to be sure, that there are no violations like handing userid's and passwords to other users.
Rgds
Alexander M. Ermes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2001 12:55 AM
тАО03-14-2001 12:55 AM
Re: Kerberos
http://www.kashpureff.org/nic/krb/admin.htm
Kerberos Products on HP-UX
HP-UX supports Kerberos clients with a set of three software packages for HP-UX
11.0 and 11i. These products are: PAM Kerberos, KRB5 Client Software, and the
Generic Security Service Application Programming Interface (GSS-API).
All HP-UX Kerberos products conform to the IETF specification for Kerberos Version
5 and are compliant with IETF RFC 1510.
Application programmers can create "Kerberized" applications using either the
GSS-APIs or Kerberos APIs. However, HP recommends that GSS-APIs be used for
application development. HP provides the following Kerberized applications through
Secure Internet Services (SIS): ftp, rcp, remsh, rlogin, and telnet.
PAM Kerberos Product
Product
Intro.
Date
Description
J5849AA
12/06/00
GSS-API, Kerberos Client are in 11i
core. PAM Kerberos is at 11i
Application CD
J5849AA
12/01/00
GSS-API, Kerberos Client and PAM
Kerberos in AP1200 Dart CD for 11.0
J5849AA
03/01/00
PAM Kerberos in AP0300 Dart CD for
11.0
l
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2001 03:56 AM
тАО03-14-2001 03:56 AM
Re: Kerberos
Remember that this will effect Oracle performance greatly, and may not work at all.
Why will it effect performance? The Oracle server will have to move data from the local host, to a remote host for AUTH. Kerberos is very secure, but not the fastest AUTH their is. Kerberos requires key exchange and token exchange prior to performing ANY task.
As it is set up now, oracle AUTH happens locally, so there is absolutely no wait for AUTH (well a couple of system calls wait as opposed to lots of network traffic and system calls).
The other logistics problem that I see is that Oracle will rely now on an external machine as opposed to being self sufficient. Pretty scary!
There are a few web server utilities that can authenticate client's off of NT and using a bit of CGI this could get your users AUTH'ed before hitting your web front ends to oracle.
NOTE: HP says it uses NT for it's global auth, but their the only one I have ever heard of. NT is pretty slow even for AUTH, and not very secure at all. Go to href="http://packetstorm.securify.com" and look at all the nice publicly available security hacks for NT as opposed to HP and SunOS.
Look also at how MS implemented Sun's Kerberos. It is not very different from NT4's mechs...
Regards,
Shannon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-14-2001 08:44 AM
тАО03-14-2001 08:44 AM
Re: Kerberos
Thanks Alex, but I currently have hp 10.20. I must first set it up on that, then after we upgrade in a few months set it up on hp 11.0. I've heard kerberos v5 is for hp 11.0 not for hp 10.20.
Shannon, thanks for you input on the oracle side. I had not realized that external authentication would affect performance that much.
Let me try to add to what I need to know now. I am looking into setting up external authentication, using nt authentication. Oracle documentation is vague on what needs to be done on the unix side. It mentions briefly kerberos or other security services like it must be installed and configured. I have hp 10.20 at the moment. There is no kerberos installed on our box. What security services would be installed that Oracle would use? Is PAM the same thing as kerberos, just an earlier version? The reason why I was asking about kerberos was because the document I downloaded from Oracle said to install kerberos, but never said where to get it from or what it is. If there is something else that I could use instead that is already on the box, I would prefer to do that. So please help with the following questions:
1. What security services would be installed that Oracle would use other than Kerberos?
2. Is PAM the same thing as kerberos, just an earlier version?
3. Has anyone else set up external authentication using NT Authentication on HP-Unix 10.20? If so what all should I be concerned with and what documentation did you use?