Forum Discussion

Thorsten_Jens's avatar
Thorsten_Jens
Level 4
7 years ago
Solved

Oracle Intelligent Policy - OS Credentials

Hi,

we are currently evaluating the use of OIP for our Oracle backups. Reading the documentation, I am under the impression that I absolutely need OS credentials, while database credentials are optional. The problem with that is that the OS oracle users (Solaris/Linux) do not have passwords and can only be used by being root first and using su.

Will we still be able to use OIP somewhow?

8
OIP
Oracle
Solaris
UNIX
  • Thorsten_Jens's avatar
    Thorsten_Jens
    7 years ago

    Thanks for your suggestions. We ended up adding another "simple" account with local authentication, without Kerberos.

  • Thorsten_Jens's avatar
    Thorsten_Jens
    Level 4
    7 years ago

    Thanks for your suggestions. We ended up adding another "simple" account with local authentication, without Kerberos.

  • Mouse's avatar
    Mouse
    Moderator
    7 years ago

    I am pretty sure that OIP configuration in this scenario is not much different from using scripts.

    You can use either OS or Oracle authentication like normal scripts do, but the fact DBAs use passwordless login through Kerberized SSH is not that relevant as this authentication is handled by a PAM module to obtain a forwardable ticket from the source machine where the SSH session is initiated from.

    Now when you start a new backup process and need to authenticate you will need to have a user with credentials, they may be even Windows domain credentials stored in AD to create a new Kerberos ticket, if you still want to use Kerberos of course. In this case, DBAs can key in the password through nboraadm without involving NBU admins

  • Tousif's avatar
    Tousif
    Level 6
    7 years ago

    Hello 

    Have you tried to use the root user and password to add that instance?

     

    Regards,

    • Thorsten_Jens's avatar
      Thorsten_Jens
      Level 4
      7 years ago
      Tousif wrote:

      Have you tried to use the root user and password to add that instance?

      The problem is that no user can access these servers directly or has a local password. Only SSH Single Sign On via Kerberos, and it's sudo/su from there on.

      • Tousif's avatar
        Tousif
        Level 6
        7 years ago

        Hello,

        All Linux/Unix box maintain the local root user for disaster situation to manage the server.

        We need User and password  root/oracle to add the instance. Without this information I don't think you can able to add instance.

        The NetBackup need credential to authenticate and connect to instance.

         If you using single sing in user & password. The password get change as per company policy, then even if you add that instance successfully,  You have to referesh the authentication each every time in NBU whenever password get change.

        I would recommend to create oracle local user to connect the instance.

        Regards,