RE: Encrypting a password
Title: RE: Encrypting a password Ron - my answer obviously doesn't do anything to address the REAL issue. I was trying to give a solution to the immediate problem of "how could I store in an Oracle database an encrypted version of a password, such that the encrypted version would match the encrypted version that a Sun Solaris unix system would create in /etc/passwd". However, once you have the password in a database table (a user table created to hold that password, not a SYS table), I don't know if you could really accomplish anything useful with the encrypted version of the password, except look at it and say "ooh, how pretty." But then, isn't art for art's sake a laudable goal? > -Original Message- > From: Ron Rogers [mailto:[EMAIL PROTECTED]] > > When you say" store the encripted password in a table.." > which table were you refering to? dba_users? I don't think > that the encripted password such as 'EccNRiptIONB' for the > password "quessit1" will encript to the same string in > Oracle. You could update the dba_users table set the password > to values "EccNRiptIONB" and attempt to log in. If you take > the encripted Oracle password (16 characters) and place it in > the /etc/shadow file it will not work. Unless things have > changed the UNIX password encripted is longer that 16 characters. > ROR mª¿ªm > > >>> [EMAIL PROTECTED] 07/31/01 02:53PM >>> > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > > > The problem is that I need one to encrypt a password in the > > same manner as > > the Sun OS. This is because we use the database to populate > > /etc/passwd. > > So if the OS can't compare passwords with what is stored in > > the database, > > then nobody will be able to log into the Unix box. > > > Could you write an external procedure on the Sun box that > a) changes the password for the user with the passwd command; > b) retrieves the new password from the /etc/shadow file; > c) returns the encrypted password to the database for storing > in an Oracle > table?
RE: Encrypting a password
>From my understanding, the OS takes the unencrypted password, and encrypts it. It then compares that encrypted password with the password stored in the /etc/passwd file to validate the user logging in. After further review, it appears that I will have to use external procedures to accomplish this. Is there a good place or book to get more information on creating libraries and external procedures in Oracle? Thanks for your help, Rick Stephenson Oracle/Sybase Database Administrator [EMAIL PROTECTED] Ovid Technologies, Inc. 9350 South 150 East, Suite 300 Sandy, UT 84070 (801) 304-3000 ext. 2593 "Deshpande, Kirti" cc: Subject: RE: Encrypting a password 07/31/2001 12:24 PM >So if the OS can't compare passwords with what is stored in the database, >then nobody will be able to log into the Unix box. I am sorry, but I can't understand this. How would this work? When I type my password at the OS prompt, the password is not encrypted as it goes on the wire. When the OS receives it, it will compare it with the decrypted password for my userid from /etc/passwd (/etc/shadow etc) to check if it is valid or not. How and where Oracle DB be accessed and by what type of process? Are you writing some customized routines to intercept the OS login process to something 'special' ? Sounds very interesting if it is so.. Thanks, Regards. - Kirti Deshpande Verizon Information Services http://www.superpages.com > -Original Message- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, July 31, 2001 10:29 AM > To: Multiple recipients of list ORACLE-L > Subject: RE: Encrypting a password > > The problem is that I need one to encrypt a password in the same manner as > the Sun OS. This is because we use the database to populate /etc/passwd. > So if the OS can't compare passwords with what is stored in the database, > then nobody will be able to log into the Unix box. > > Thanks for you help, > > Rick Stephenson > > > -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Encrypting a password
When you say" store the encripted password in a table.." which table were you refering to? dba_users? I don't think that the encripted password such as 'EccNRiptIONB' for the password "quessit1" will encript to the same string in Oracle. You could update the dba_users table set the password to values "EccNRiptIONB" and attempt to log in. If you take the encripted Oracle password (16 characters) and place it in the /etc/shadow file it will not work. Unless things have changed the UNIX password encripted is longer that 16 characters. ROR mª¿ªm >>> [EMAIL PROTECTED] 07/31/01 02:53PM >>> > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > The problem is that I need one to encrypt a password in the > same manner as > the Sun OS. This is because we use the database to populate > /etc/passwd. > So if the OS can't compare passwords with what is stored in > the database, > then nobody will be able to log into the Unix box. Could you write an external procedure on the Sun box that a) changes the password for the user with the passwd command; b) retrieves the new password from the /etc/shadow file; c) returns the encrypted password to the database for storing in an Oracle table? -- Jacques R. Kilchoer (949) 754-8816 Quest Software, Inc. 8001 Irvine Center Drive Irvine, California 92618 U.S.A. http://www.quest.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Ron Rogers INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Encrypting a password
>So if the OS can't compare passwords with what is stored in the database, >then nobody will be able to log into the Unix box. I am sorry, but I can't understand this. How would this work? When I type my password at the OS prompt, the password is not encrypted as it goes on the wire. When the OS receives it, it will compare it with the decrypted password for my userid from /etc/passwd (/etc/shadow etc) to check if it is valid or not. How and where Oracle DB be accessed and by what type of process? Are you writing some customized routines to intercept the OS login process to something 'special' ? Sounds very interesting if it is so.. Thanks, Regards. - Kirti Deshpande Verizon Information Services http://www.superpages.com > -Original Message- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, July 31, 2001 10:29 AM > To: Multiple recipients of list ORACLE-L > Subject: RE: Encrypting a password > > The problem is that I need one to encrypt a password in the same manner as > the Sun OS. This is because we use the database to populate /etc/passwd. > So if the OS can't compare passwords with what is stored in the database, > then nobody will be able to log into the Unix box. > > Thanks for you help, > > Rick Stephenson > > > -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Deshpande, Kirti INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Encrypting a password
Title: RE: Encrypting a password > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > The problem is that I need one to encrypt a password in the > same manner as > the Sun OS. This is because we use the database to populate > /etc/passwd. > So if the OS can't compare passwords with what is stored in > the database, > then nobody will be able to log into the Unix box. Could you write an external procedure on the Sun box that a) changes the password for the user with the passwd command; b) retrieves the new password from the /etc/shadow file; c) returns the encrypted password to the database for storing in an Oracle table? -- Jacques R. Kilchoer (949) 754-8816 Quest Software, Inc. 8001 Irvine Center Drive Irvine, California 92618 U.S.A. http://www.quest.com
RE: Encrypting a password
I don't think that you are going to be able to get a password encryption package that will work exactly the same for each OS and DB. they all have their own "seed" and algorithm that is proprietary to them. I once saw a professional hacker decrypt our passwords on a training server that had a flavor of Unix. He knew the "seed" for the version and it took 24 hrs to decrypt them. He did not know the "seed" or the algorithm for the DB and was unable to decrypt it. If they all worked the same it would be a simpler task to decrypt and break into any system you had access to. I would suggest that you use another method of verification for the OS and DB. Is it that the users do not want to have to change their own passwords for the OS and DB. Isn't it a security violation to have all of the users passwords the same? Just a thought. $.02 ROR mª¿ªm >>> [EMAIL PROTECTED] 07/31/01 11:28AM >>> The problem is that I need one to encrypt a password in the same manner as the Sun OS. This is because we use the database to populate /etc/passwd. So if the OS can't compare passwords with what is stored in the database, then nobody will be able to log into the Unix box. Thanks for you help, Rick Stephenson Date: Mon, 30 Jul 2001 14:57:34 -0400 Subject: RE: Encrypting a password DBMS_OBFUSCATION package is exactly what you want. I have build something like this with DBMS_OBFUSCATION although I did not compare against /etc/passwd. I simply provided a "login" procedure, createKey, savePassword, retrievePassword. I used a createKey function to create keys that were basically RAW(128) if I remember correctly, then I had password stored encrypted in the database, then another table with a FK to the user table which stored the key in encrypted form. You would need to join the key table with the encrypted password to decrypt or cross exam. "Walking on water and developing software from a specification are easy if both are frozen." Christopher R. Spence Oracle DBA Fuelspot -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Ron Rogers INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Encrypting a password
Try looking into "PAM" under Unix. That should help. Also, contact Collective Technologies. They are a consulting firm I interviewed for, but I know they were able to do single login to Windows 2000, Oracle, and Unix. I am sure they will be able to help out in such a task. There solution was using Kerbeos and Pam. "Walking on water and developing software from a specification are easy if both are frozen." Christopher R. Spence Oracle DBA Fuelspot -Original Message- Sent: Tuesday, July 31, 2001 10:22 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] The problem is that I need one to encrypt a password in the same manner as the Sun OS. This is because we use the database to populate /etc/passwd. So if the OS can't compare passwords with what is stored in the database, then nobody will be able to log into the Unix box. Thanks for you help, Rick Stephenson Date: Mon, 30 Jul 2001 14:57:34 -0400 Subject: RE: Encrypting a password DBMS_OBFUSCATION package is exactly what you want. I have build something like this with DBMS_OBFUSCATION although I did not compare against /etc/passwd. I simply provided a "login" procedure, createKey, savePassword, retrievePassword. I used a createKey function to create keys that were basically RAW(128) if I remember correctly, then I had password stored encrypted in the database, then another table with a FK to the user table which stored the key in encrypted form. You would need to join the key table with the encrypted password to decrypt or cross exam. "Walking on water and developing software from a specification are easy if both are frozen." Christopher R. Spence Oracle DBA Fuelspot -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Christopher Spence INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Encrypting a password
The problem is that I need one to encrypt a password in the same manner as the Sun OS. This is because we use the database to populate /etc/passwd. So if the OS can't compare passwords with what is stored in the database, then nobody will be able to log into the Unix box. Thanks for you help, Rick Stephenson Date: Mon, 30 Jul 2001 14:57:34 -0400 Subject: RE: Encrypting a password DBMS_OBFUSCATION package is exactly what you want. I have build something like this with DBMS_OBFUSCATION although I did not compare against /etc/passwd. I simply provided a "login" procedure, createKey, savePassword, retrievePassword. I used a createKey function to create keys that were basically RAW(128) if I remember correctly, then I had password stored encrypted in the database, then another table with a FK to the user table which stored the key in encrypted form. You would need to join the key table with the encrypted password to decrypt or cross exam. "Walking on water and developing software from a specification are easy if both are frozen." Christopher R. Spence Oracle DBA Fuelspot -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Encrypting a password
DBMS_OBFUSCATION package is exactly what you want. I have build something like this with DBMS_OBFUSCATION although I did not compare against /etc/passwd. I simply provided a "login" procedure, createKey, savePassword, retrievePassword. I used a createKey function to create keys that were basically RAW(128) if I remember correctly, then I had password stored encrypted in the database, then another table with a FK to the user table which stored the key in encrypted form. You would need to join the key table with the encrypted password to decrypt or cross exam. "Walking on water and developing software from a specification are easy if both are frozen." Christopher R. Spence Oracle DBA Fuelspot -Original Message- Sent: Friday, July 27, 2001 2:51 PM To: Multiple recipients of list ORACLE-L How can I encrypt a password in Oracle that I could use to compare with an encrypted password in /etc/passwd on a Sun Unix box? I am on Solaris 2.8 running Oracle 8.1.7. I have read about encrypting and decrypting using the dbms_obfuscation package, but this does not seem to get me what I am looking for. Any information would be greatly appreciated. Thanks, Rick Stephenson -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Christopher Spence INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Encrypting a password
How can I encrypt a password in Oracle that I could use to compare with an encrypted password in /etc/passwd on a Sun Unix box? I am on Solaris 2.8 running Oracle 8.1.7. I have read about encrypting and decrypting using the dbms_obfuscation package, but this does not seem to get me what I am looking for. Any information would be greatly appreciated. Thanks, Rick Stephenson -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
