Discussion:
MFA With Oracle Accounts
Scott Canaan
2018-08-31 15:16:01 UTC
Permalink
My boss just asked the following question:

Can we use Multi-Factor Authentication, in particular Duo, with Oracle database accounts?

I don't know of anyone doing this, but that doesn't mean it isn't happening. Is anyone doing it? If so, how difficult is it to configure?

Thank you,

Scott Canaan '88
Sr Database Administrator
Information & Technology Services
Finance & Administration
Rochester Institute of Technology
o: (585) 475-7886 | f: (585) 475-7520
***@rit.edu<mailto:***@rit.edu> | c: (585) 339-8659

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.
Matt Adams
2018-08-31 15:35:54 UTC
Permalink
I've heard of it being done in conjunction with Oracle Access Manager, but have not implemented myself.

Matt

From: oracle-l-***@freelists.org [mailto:oracle-l-***@freelists.org] On Behalf Of Scott Canaan
Sent: Friday, August 31, 2018 11:16 AM
To: oracle-***@freelists.org
Subject: MFA With Oracle Accounts

My boss just asked the following question:

Can we use Multi-Factor Authentication, in particular Duo, with Oracle database accounts?

I don't know of anyone doing this, but that doesn't mean it isn't happening. Is anyone doing it? If so, how difficult is it to configure?

Thank you,

Scott Canaan '88
Sr Database Administrator
Information & Technology Services
Finance & Administration
Rochester Institute of Technology
o: (585) 475-7886 | f: (585) 475-7520
***@rit.edu<mailto:***@rit.edu> | c: (585) 339-8659
CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

**** This communication may contain privileged and/or confidential information. If you are not the intended recipient, you are hereby notified that disclosing, copying, or distributing of the contents is strictly prohibited. If you have received this message in error, please contact the sender immediately and destroy any copies of this document. ****
Andy Wattenhofer
2018-08-31 17:01:37 UTC
Permalink
You can use Duo for Oracle auth. It is easy to set up on Linux servers, but
I cannot speak for others. In Linux, there is a Duo RADIUS authentication
PAM that is loading at the OS level, then you configure RADIUS
authentication parameters in sqlnet.ora, and you alter the database
accounts "identified externally." I can go into more detail if you're
interested.

Andy
Post by Scott Canaan
Can we use Multi-Factor Authentication, in particular Duo, with Oracle database accounts?
I don’t know of anyone doing this, but that doesn’t mean it isn’t
happening. Is anyone doing it? If so, how difficult is it to configure?
Thank you,
*Scott Canaan ‘88*
*Sr Database Administrator *Information & Technology Services
Finance & Administration
*Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
*CONFIDENTIALITY NOTE*: The information transmitted, including
attachments, is intended only for the person(s) or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and destroy any copies of this information.
Mark J. Bobak
2018-08-31 17:43:50 UTC
Permalink
Hi,

I agree with Andy, but I did it was/ FreeRadius and Google Authenticator.

Build Radius server, integrate with Google Auth, then configure sqlnet.ora
w/ your radius server details.

Starting with 12.1.0.2, you can do it without Advanced Security option, and
will even work with SE2.

Hope that helps,

-Mark

PS. Once I tested, we abandoned it and built a VPN and firewall with same
Radius server.
Post by Andy Wattenhofer
You can use Duo for Oracle auth. It is easy to set up on Linux servers,
but I cannot speak for others. In Linux, there is a Duo RADIUS
authentication PAM that is loading at the OS level, then you configure
RADIUS authentication parameters in sqlnet.ora, and you alter the database
accounts "identified externally." I can go into more detail if you're
interested.
Andy
Post by Scott Canaan
Can we use Multi-Factor Authentication, in particular Duo, with Oracle database accounts?
I don’t know of anyone doing this, but that doesn’t mean it isn’t
happening. Is anyone doing it? If so, how difficult is it to configure?
Thank you,
*Scott Canaan ‘88*
*Sr Database Administrator *Information & Technology Services
Finance & Administration
*Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
*CONFIDENTIALITY NOTE*: The information transmitted, including
attachments, is intended only for the person(s) or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and destroy any copies of this information.
angelo
2018-08-31 19:52:48 UTC
Permalink
Hello,

Could it work with LDAP (or active directory) ?
IÂŽve never used Oracle 12c yet, so this curiousity

rgs,

angelo
Post by Mark J. Bobak
Hi,
I agree with Andy, but I did it was/ FreeRadius and Google Authenticator.
Build Radius server, integrate with Google Auth, then configure sqlnet.ora
w/ your radius server details.
Starting with 12.1.0.2, you can do it without Advanced Security option,
and will even work with SE2.
Hope that helps,
-Mark
PS. Once I tested, we abandoned it and built a VPN and firewall with same
Radius server.
Post by Andy Wattenhofer
You can use Duo for Oracle auth. It is easy to set up on Linux servers,
but I cannot speak for others. In Linux, there is a Duo RADIUS
authentication PAM that is loading at the OS level, then you configure
RADIUS authentication parameters in sqlnet.ora, and you alter the database
accounts "identified externally." I can go into more detail if you're
interested.
Andy
Post by Scott Canaan
Can we use Multi-Factor Authentication, in particular Duo, with Oracle
database accounts?
I don’t know of anyone doing this, but that doesn’t mean it isn’t
happening. Is anyone doing it? If so, how difficult is it to configure?
Thank you,
*Scott Canaan ‘88*
*Sr Database Administrator *Information & Technology Services
Finance & Administration
*Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
*CONFIDENTIALITY NOTE*: The information transmitted, including
attachments, is intended only for the person(s) or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and destroy any copies of this information.
Loading...