Educause Security Discussion mailing list archives
Service Account Security and Handling
From: "Wade, Russ" <Russ.Wade () WICHITA EDU>
Date: Wed, 8 Aug 2007 14:18:19 -0500
Dear Colleagues, I am interested in accepted practices for maintaining passwords and access to service accounts. We have several Oracle accounts with broad access to the database that are used by automated processes. The passwords for these are known by the DBA and a small number of lead programmers who developed and provide technical support for these processes. We presently are using a profile which requires the passwords for these accounts to change every 90 days. Most of the time, the DBA and involved developer successfully coordinate the password change in Oracle and in the application process before the 90 day limit. However, this sometimes is missed and the automated processes fail. We have also experienced issues with automated processes which must have embedded passwords being missed when the change is made. This can result in getting the service account locked after they retry with the old password beyond our 6 try limit. Then, the other processes fail as well until someone notices and fixes it. Does anyone have a better idea for how to achieve proper security for these privileged access service accounts and operational reliability as well? Also, please describe the roles of the individuals involved with this function. Thank you, Russ Russ Wade, Banner Security Specialist Wichita State University University Computing and Telecommunications Services 1845 Fairmount Wichita, KS 67260-0098 Email: Russ.Wade () Wichita edu<mailto:Russ.Wade () wichita edu> Office: (316) 978-3859 Mobile: (316) 312-0185 Fax: (316) 978-3894
Current thread:
- Service Account Security and Handling Wade, Russ (Aug 08)
- <Possible follow-ups>
- Re: Service Account Security and Handling Larry Brennan (Aug 08)