Bookshelf Home | Contents | Index | PDF |
Siebel Security Guide > Security Adapter Authentication > Security Adapter Deployment Options > Configuring the Shared Database AccountYou can configure your authentication system so that a designated directory entry contains a database account that is shared by many users; this is the shared database account. The shared database account option can be implemented in the following authentication strategies:
By default, the shared database account option is not implemented, and each user's database account exists in an attribute of that user's record in the directory. Because all externally authenticated users share one or a few database accounts, the same credentials are duplicated many times. If those credentials must be changed, then you must edit them for every user. By implementing a shared credential, you can reduce directory administration. The shared database account option can be specified for the LDAP and ADSI security adapters as follows:
When storing database credentials in a directory attribute, both the user name and password are stored as plain text, even if you implement database credentials password hashing (in this case the hashed password is maintained in the database, while an unhashed version of the password is stored in the directory). Specifying database credentials as profile parameters avoids having to store database credentials as plain text in the directory. Shared Database Accounts and Administrative UsersEven if you implement a shared database account with external directory authentication, the shared database account cannot be used for any user who requires administrator access to Siebel Business Applications functionality, for example, any user who has to perform Siebel Server management and configuration tasks. For these users, you must either:
The following topics describe in more detail how the LDAP and Active Directory servers use the shared database account option. Storing Shared Database Account Credentials as Directory AttributesThis topic describes how to implement a shared database account and store the database credentials as attributes of the directory entry you create for the shared database account. This option is available to you when you use either the LDAP or ADSI security adapters. To store shared database credentials in an attribute of the directory entry
Storing Shared Database Account Credentials as Profile ParametersThis topic describes how to configure a shared database account for an LDAP directory or Active Directory and how to store the database credentials for the account as parameters of either the LDAP or the ADSI Security Adapter profile. It is recommended that you store shared database account credentials as profile parameters unless you have to store more than one set of database credentials, as only one set of database credentials can be stored as profile parameters. To store shared database credentials as profile parameters
|
Siebel Security Guide | Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |