Forum Discussion

Thorsten_Jens's avatar
7 years ago

Oracle Intelligent Policy - OS Credentials

Hi,

we are currently evaluating the use of OIP for our Oracle backups. Reading the documentation, I am under the impression that I absolutely need OS credentials, while database credentials are optional. The problem with that is that the OS oracle users (Solaris/Linux) do not have passwords and can only be used by being root first and using su.

Will we still be able to use OIP somewhow?

  • Thanks for your suggestions. We ended up adding another "simple" account with local authentication, without Kerberos.

  • I am pretty sure that OIP configuration in this scenario is not much different from using scripts.

    You can use either OS or Oracle authentication like normal scripts do, but the fact DBAs use passwordless login through Kerberized SSH is not that relevant as this authentication is handled by a PAM module to obtain a forwardable ticket from the source machine where the SSH session is initiated from.

    Now when you start a new backup process and need to authenticate you will need to have a user with credentials, they may be even Windows domain credentials stored in AD to create a new Kerberos ticket, if you still want to use Kerberos of course. In this case, DBAs can key in the password through nboraadm without involving NBU admins

  • Hello 

    Have you tried to use the root user and password to add that instance?

     

    Regards,

    • Thorsten_Jens's avatar
      Thorsten_Jens
      Level 4

      Tousif wrote:

      Have you tried to use the root user and password to add that instance?


      The problem is that no user can access these servers directly or has a local password. Only SSH Single Sign On via Kerberos, and it's sudo/su from there on.

      • Marianne's avatar
        Marianne
        Level 6

        IMHO, OS credentials would mean OS-level username and password for the oracle user. 
        My assumpsion is based on this extract from the manual:

        Enter the OS Credentials. You may have to contact the Oracle DBA for the correct credentials.

        In another section of the manual (logging on and using BAR on the client), we see this wrt OS credentials:

        ■ OS authentication for Oracle:
        Log on to NetBackup as an Oracle DBA UNIX account that includes sysdba privileges.

  • Thanks for your suggestions. We ended up adding another "simple" account with local authentication, without Kerberos.