Informix

Hi,

I have been trying to figure out methods to cover off a couple of security requirements but cant seem to come up wioth anything workable. So I was wondering if anyone else had resolved these types of issues without emptying their wallet or chewing of their arm.

Apart from 3 tier appserver stuff I have:
users who only access databases via odbc who have an account on the underlying server which is Solaris.
users external to the organisation who also connect via odbc and have accounts for password.

The reason I make a distinction between the two is that internal users exist in our Active Directory and resolve to everything else including linux with AD credentials. If I could make this work on Solaris then I would probably only talking about the second case

External users will never be in our AD so they would have to have a seperate system for managing expiring passwords etc. Because they cant log into the Solaris server they have no way to change their password even if we wanted them to.

So I wondered if anyone had any ideas or methods they have used in the past.

Hi,

I have been trying to figure out methods to cover off a couple of security requirements but cant seem to come up wioth anything workable. So I was wondering if anyone else had resolved these types of issues without emptying their wallet or chewing of their arm.

Apart from 3 tier appserver stuff I have:
users who only access databases via odbc who have an account on the underlying server which is Solaris.
users external to the organisation who also connect via odbc and have accounts for password.

The reason I make a distinction between the two is that internal users exist in our Active Directory and resolve to everything else including linux with AD credentials. If I could make this work on Solaris then I would probably only talking about the second case

External users will never be in our AD so they would have to have a seperate system for managing expiring passwords etc. Because they cant log into the Solaris server they have no way to change their password even if we wanted them to.

So I wondered if anyone had any ideas or methods they have used in the past.

Thanks Doug.

I guess what I am really after is the ability to move the authentication for our solaris based instances to AD. Even after logging calls with Oracle and multiple rounds of testing and failure it seems that you would have to sell your soul to someone elses angel to make it work. (Or install some kind of bridge between the two). Their answer ultimately was to use LDAP which is a whole other kettle of fish.

We have 70+ instances and most of our apps are 2 tier client/server spatial systems using odbc. We have approximately 70 instances each of which have different users. One in particular has 300 external users. In other cases we have users that work across multiple instances and hence need to have the same password and expiry etc.. 

I had read articles here and there about Informix having the ability to authenticate using pam. In my mind this would allow us to abstract the Informix db authentication and the authentication provider. eg Solaris is setup to authenticate to AD and Informix is setup to authenticate through pam on the OS.

I had wondered if Informix on Linux would authenticate via pam however getting off solaris and onto Linux is major exercise in itself.

Our Informix version is 12.10.FC5

Hi,

I have been trying to figure out methods to cover off a couple of security requirements but cant seem to come up wioth anything workable. So I was wondering if anyone else had resolved these types of issues without emptying their wallet or chewing of their arm.

Apart from 3 tier appserver stuff I have:
users who only access databases via odbc who have an account on the underlying server which is Solaris.
users external to the organisation who also connect via odbc and have accounts for password.

The reason I make a distinction between the two is that internal users exist in our Active Directory and resolve to everything else including linux with AD credentials. If I could make this work on Solaris then I would probably only talking about the second case

External users will never be in our AD so they would have to have a seperate system for managing expiring passwords etc. Because they cant log into the Solaris server they have no way to change their password even if we wanted them to.

So I wondered if anyone had any ideas or methods they have used in the past.

Thanks Doug.

I guess what I am really after is the ability to move the authentication for our solaris based instances to AD. Even after logging calls with Oracle and multiple rounds of testing and failure it seems that you would have to sell your soul to someone elses angel to make it work. (Or install some kind of bridge between the two). Their answer ultimately was to use LDAP which is a whole other kettle of fish.

We have 70+ instances and most of our apps are 2 tier client/server spatial systems using odbc. We have approximately 70 instances each of which have different users. One in particular has 300 external users. In other cases we have users that work across multiple instances and hence need to have the same password and expiry etc.. 

I had read articles here and there about Informix having the ability to authenticate using pam. In my mind this would allow us to abstract the Informix db authentication and the authentication provider. eg Solaris is setup to authenticate to AD and Informix is setup to authenticate through pam on the OS.

I had wondered if Informix on Linux would authenticate via pam however getting off solaris and onto Linux is major exercise in itself.

Our Informix version is 12.10.FC5

Hi,

I have been trying to figure out methods to cover off a couple of security requirements but cant seem to come up wioth anything workable. So I was wondering if anyone else had resolved these types of issues without emptying their wallet or chewing of their arm.

Apart from 3 tier appserver stuff I have:
users who only access databases via odbc who have an account on the underlying server which is Solaris.
users external to the organisation who also connect via odbc and have accounts for password.

The reason I make a distinction between the two is that internal users exist in our Active Directory and resolve to everything else including linux with AD credentials. If I could make this work on Solaris then I would probably only talking about the second case

External users will never be in our AD so they would have to have a seperate system for managing expiring passwords etc. Because they cant log into the Solaris server they have no way to change their password even if we wanted them to.

So I wondered if anyone had any ideas or methods they have used in the past.

Thanks Doug.

I guess what I am really after is the ability to move the authentication for our solaris based instances to AD. Even after logging calls with Oracle and multiple rounds of testing and failure it seems that you would have to sell your soul to someone elses angel to make it work. (Or install some kind of bridge between the two). Their answer ultimately was to use LDAP which is a whole other kettle of fish.

We have 70+ instances and most of our apps are 2 tier client/server spatial systems using odbc. We have approximately 70 instances each of which have different users. One in particular has 300 external users. In other cases we have users that work across multiple instances and hence need to have the same password and expiry etc.. 

I had read articles here and there about Informix having the ability to authenticate using pam. In my mind this would allow us to abstract the Informix db authentication and the authentication provider. eg Solaris is setup to authenticate to AD and Informix is setup to authenticate through pam on the OS.

I had wondered if Informix on Linux would authenticate via pam however getting off solaris and onto Linux is major exercise in itself.

Our Informix version is 12.10.FC5

Hi,

I have been trying to figure out methods to cover off a couple of security requirements but cant seem to come up wioth anything workable. So I was wondering if anyone else had resolved these types of issues without emptying their wallet or chewing of their arm.

Apart from 3 tier appserver stuff I have:
users who only access databases via odbc who have an account on the underlying server which is Solaris.
users external to the organisation who also connect via odbc and have accounts for password.

The reason I make a distinction between the two is that internal users exist in our Active Directory and resolve to everything else including linux with AD credentials. If I could make this work on Solaris then I would probably only talking about the second case

External users will never be in our AD so they would have to have a seperate system for managing expiring passwords etc. Because they cant log into the Solaris server they have no way to change their password even if we wanted them to.

So I wondered if anyone had any ideas or methods they have used in the past.