Wednesday, 1 October 2008

Single Sign On ?

You may ask is the previous entry Single Sign On between an OS and Oracle database. The answer is: "no". This is single account usage. Single Sign On between the OS and the database can be achieved using Kerberos authentication. We will discuss that in a later blog entry.
The advantage of this solution is that in one place the account with which a user enters the database or the OS is maintained.
This can make the solution more secure, because the user only has to remember one userid and password. The alternative would be userid's and passwords in all the machines used and in all the databases used. These would have password expiry policies. But these would only be enforced when a user would enter a machine or database. With different moments of accessing machines and database the risk would be that different passwords with then different expiry dates would be used. The maintaince of userdid and password would be made more complex and users would choose easier passwords or other kinds of workarounds.
With the single password for all the databases and all the machines it would be very simple to change the password for all those resources. This would make it easier for the user to accept that a password has to be more complex and changed in a regular interval.

No comments: