How to check if the username/password can login?
Can I check if a username/password can login a db in pl/sql?
e.g. I have a sid @server1 and username/password as user1/password1.
Is there any function in pl/sql to check if user1/password1 can login server1?
I am using Oracle 8.1.6.
thx
if you are looking for a customized validation, you could use triggers. You can write triggers against database events such as
DATABASE LOGON event.
CREATE OR REPLACE TRIGGER <trigger name>
AFTER LOGON on DATABASE
BEGIN
. /* your customized validation goes here */
END;
Similar Messages
-
How to get the username/password of the current owner of the running code
Dear friends,
Our product is running on the App Server(weblogic/websphere...) and we also use security provider(OpenLDAP) and kerberos to support SSO. Before, when a user tyies to login in the first time, the way we use to authenticate the user is:
1) Accept the username/password
2) Query the security provider(OpenLDAP) to get the principles.
3) verity if the username/password is corrent or not.
As we know, to query the principles, we need to provide a search user(both username and password) if we configured the access control of the ldap server:
I have configured my envirioment as follows
1) In the LDAP server, configured the Middle Tire user(The Operating System user running the App Server) to have the permission to query principles.
2) The server is configured to runing on SSO envirioment.
My question is could I get the username/password of the OS user running the App Server at runtime so that I can query the ldap server without explicitly providing the search user?
Thanks,
RR
Edited by: Ricky Ru on Oct 9, 2011 1:50 AMThanks EJP.
I have made some progress on this. But I have met another issue.
*1) Using JAAS to login.*
loginContext.login();
Subject subject = loginContext.getSubject();
ldapContext = (LdapContext) Subject.doAs(subject, this);
*2) Init the ldapContext to use the GSSAPI authentication*
// this is called automatically by login()
public Object run() {
Hashtable ldapEnv = new Hashtable();
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://9.30.215.197");
ldapEnv.put(Context.SECURITY_AUTHENTICATION,"GSSAPI");
ldapEnv.put(Context.SECURITY_PRINCIPAL,"");
ldapEnv.put(Context.SECURITY_CREDENTIALS,"");
//System.setProperty("sun.security.krb5.debug", "false");
// This tells the GSS-API to use the cached ticket as
// credentials, if it is available
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
try {
InitialLdapContext ctx = new InitialLdapContext(ldapEnv,null);
But I got the following exception when excuting new InitialLdapContext(ldapEnv,null);
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is [email protected]
Commit Succeeded
javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Integrity check on decrypted field failed (31))]]
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:150)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at LDAPKerbService.run(LDAPKerbService.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at LDAPKerbService.login(LDAPKerbService.java:40)
at LDAPKerbService.main(LDAPKerbService.java:82)
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Integrity check on decrypted field failed (31))]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
... 16 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Integrity check on decrypted field failed (31))
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:663)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175)
... 17 more
Caused by: KrbException: Integrity check on decrypted field failed (31)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:61)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:185)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:294)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:106)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:562)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:594)
... 20 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.TGSRep.init(TGSRep.java:58)
at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:53)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:46)
... 25 more
Do you have any clue on this? Thanks. -
How do i send the username and password to yahoo web page through url
how do i send the username and password to yahoo web page through url i.e as Query string so that my account in yahoo will open...
If you don't mind using a library, then download and use the Apache HttpClient library. It takes care of all these details for you.
-
Hi…I am trying to email photos from iPhoto and I keep getting a flag that says "the server does not recognize the username/password combination. Can you help me to reset it?
Thank you very much for the quick reply and it was so easy. Make my life much easier now
Thanks so much -
HT4628 How do I find the WPA password, so I can connect NETFLIX?
How do I locate the WPA password to connect to NETFLIX from a SONY Blue Ray DVD Player?
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Keychain Access in the page that opens.
Select the login keychain from the list on the left side of the Keychain Access window.
If the lock icon in the top left corner of the window shows that the keychain is locked, click to unlock it. You'll be prompted for the keychain password, which is the same as your login password, unless you've changed it.
Click the column headed Kind in the list of keychain items to arrange the list by kind. Look for an item of type "AirPort network password" that has the same name as your network. Double-click that item and check the box labeled Show password. Enter your keychain password (same as your login password) when prompted. -
How do I find the autofill password that is stored on my mac?
how do I find the autofill password that is stored on my mac?
Found it. It is under keychain. Then you click the "i" button at the bottom of the page. It will pull up a box where you can check another box that states "show password". Then you will have to put in your keychain master password, and then .....boom! there it is.
-
How should my clients supply username + password ?
Hi,
I need to write a webService with authentication.
Namely: client applications must supply username + password ( which will be checked against our LDAP server ).
I'm new to this, so I'd appreciated it if someone could tell: how should my clients supply the password ?
- Is it customary to supply the username+password through standard HTTP headers (say, 'basic authentication') ?
- Or, is it handled by the webServices/security spec ? Does the < soap:Envelope > message structure keep a dedicated tag for user/password info ? Something like:
<soap:Envelope...>
< ! -- dummy tag! -- >
<login user='jelly' password='secret' />
</soap:Envelope...>
Thanks very much.I have the same question. Have you figured this out yet?
-
Form-based authentication stores the username/password pair in the session
Hello,
I am following the SR Demo and the authentication method followed is
Form-based authentication stores the username/password pair in the session
In the URl, the username and password is in clear text format.
What is the best way of doing the authentication. How can I eliminate the username and password being shown in the URL?
Any help is highly appreciable.
ThanksHi,
this is how form based authentication works according the specs. You can use SSL to protect the communication, use BASIC authentication (though not much better), certificate based auhentication or SSO
Frank -
How do you apply the same password policy to every PDF document you create with inDesign?
All,
Adobe peeps!,
I don't know if this is really supported with inDesign 5.5, but here is my my use case:
I constantly create more than 10 PDFs a day using inDesign
On all PDF's I create, i want to apply password security to protect them
But in order to do so, within inDesign, I am always forced to go to the "security dialogue" pane to set up the same permission and passwords over and over again
This gets tiring :/
So what I am hoping to do is the following:
Like acrobat, I want to create a password policy within inDesign
I want all PDFs created to have such a password policy be automatically applied
I know acrobat supports something like this (http://help.adobe.com/en_US/acrobat/pro/using/WS58a04a822e3e50102bd615109794195ff-7d68.w.h tml), but, unless I may have missed something, the Acrobat feature is limited. That is, the help link does not tell me how to automatically do this with Acrobat either (the link does not explain to me how to "automatically apply the same password security policy to every PDF document I save within the application). I think the only way to do so is via "Adobe LiveCycle Rights Management ES", but for non server users, I am hoping there is another way.
So my questions are:
Is it possible to create password security policies in inDesign?
Is it possible to apply the same password security policy to every PDF i create in inDesign?
If not, can I change default settings within Acrobat ProX to automatically apply a password security policy everytime I save a PDF?
If all fails, do you guys know of any extensions that can support this?
Any help would be great. Thanks!Steve,
Thanks for your notes. To follow up on your response.
Bummer. I kinda had a hunch at this inDesign limitation.
I have been aware of the method for setting up of a security policy within Acrobat. While this feature does cut down some of the work involved in creating and applying password policies to pdfs, what I am looking for with Acrobat is to apply the same password policy to every document I save from the app. Automatically. Without having to manualy select a policy.
I think my solution will have to lie in me creating some sort of script to help support this need. I don't think Acrobat Pro X has the capabilities to allow me to tinker with, say, creating a save PDF preset that will allow me to automatically apply a password policy.
PS. I am using acrobat pro x. -
R12.1.1 staging complete! How to check whether the stage is Good
Hi Gurusl,
I have completed staging R12.1.1 for Hp unix B.11.31. I want to know how to check whether the stage is good for installation or whether it is corrupted. Is there any metalink note or script from where we can check it. Ur help will be highly appreciated. Thanks in advance
regards,Hi,
Please refer to (Note: 802195.1 - MD5 Checksums for R12.1.1 Rapid Install Media).
Regards,
Hussein -
How do I set the firmware password on 10.7
Hi
How do I set the firmware password in Mac OS 10.7.2 (MacBook Pro) ?
The Apple instructions only seem to go up to 10.5.x
ThanksFirmware password is not much use as any thief can reset it by pulling out the memory chips and putting them back in again.
The only real way to secure your data 99% is to use FileVault 2. -
How to check if the retro period is from 01 or earlier in PCR
Dear All,
How to check in the PCR if the retro for the employee is starting from the previous year or from the period 01 of this year. The PCR in the system is as below:
I wanted to execute some PCR only if the retro period is from 01 of current year or from the previous year. How do i check this condition in PCR.. Can you please send some sample code of PCR..
Regards,
Vidya..Hi Vidya,
Please check us out to get answers to all your SAP knowledge needs. We are launching shortly.
http://www.linkedin.com/e/gis/889747
http://www.twitter.com/spinact
Best,
Monty -
How to check if the user has only the display authority of a message
hi,
How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
Best regards,hi blake
though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
Basically Authorization Management
Use
You can use the following authorization objects to control the authorizations for maintaining business partner data:
Authorization objects for the Business Partner:
 B_BUPA_GRP
 B_BUPA_ATT
 B_BUPA_FDG
 B_BUPA_RLT
Authorization objects for relationships:
 B_BUPR_BZT
 B_BUPR_FDG
In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developers Handbook for the BDT under Authorizations.
IntegrationAuthorization management for the Business Partner forms part of the SAP authorization concept.
Prerequisites
You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
Moving over
AS ABAP Authorization Concept
The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
Authorization Checks
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
Starting SAP transactions (authorization object S_TCODE)
Starting reports (authorization object S_PROGRAM)
Calling RFC function modules (authorization object S_RFC)
Table maintenance with generic tools (S_TABU_DIS)
Checking at Program Level with AUTHORITY-CHECK
Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
Starting SAP Transactions
When a user starts a transaction, the system performs the following checks:
The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
The system then checks whether the user has authorization to start the transaction.
The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
 The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
 If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
The check is not performed in the following cases:
You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
 You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
 So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to Y (using transaction RZ10).
All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
Starting Report Classes
You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
You must consider the following:
After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
There are certain system reports that you cannot assign to any authorization class. These include:
RSRZLLG0
STARTMEN (as of SAP R/3 4.0)
Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
Calling RFC Function Modules
When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
Checking Assignment of Authorization Groups to Tables
You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
please See also:
SAP Notes 7642, 20534, 23342, 33154, and 67766
guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
but if u sit with ur BASIS guy then u can learn lot of things in PFCG
i guess u r a basis guy,then its not a problem
best regards
ashish -
How to check, when the Maintenance Order was deleted
Hello Experts,
Can you please tell me of how to check for the maintenance order that when it was deleted and who has deleted that.
If any T-Code is there or at the Table level also to check the requirement.
Regards,
Yawar KhanIf you want to track when you have put deletion flag, you can track it using above mentioned techniques.
If you archived (deleted) permanently, then using archival history only, you can check I guess.
Check these links. While deleting maintenance order, we can hisorical order with same number. Using that creation date, you can track.
http://help.sap.com/saphelp_nw04/helpdata/en/8d/3e6552462a11d189000000e8323d3a/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/8d/3e4d2f462a11d189000000e8323d3a/frameset.htm -
How to check Whether the File is in Progress or used by some other resource
Hi All,
I am retrieving a file from the FTP server using Apache commons FTP.
I need to check whether the file is fully retrieved or in progress.
for now i can able to use the file which is partially retrieved. it is not throwing any file sharing exception or i am unable to find whether it is in progress.
How to check whether the file is in progress ? or The file is accessed by some other resource ?
Pls Help me.
Thanks,
J.KathirHi Vamsi,
Explicitly such kind of requirement has not been catered and i dont think you would face a problem because any application that is writing to a file will open the file in the read only mode to any other simultaneous applications so i think your concerns although valid are already taken care off .
In the remote case you still face a problem then as a work around. Tell the FTP administrator to set the property to maximum connections that can be made to ftp as one. I wonder if you have heard of the concept of FTP handle , basically the above workaround is based on that concept itself. This way only one application will be able to write.
The file adapter will wait for its turn and then write the files.
Regards
joel
Edited by: joel trinidade on Jun 26, 2009 11:06 AM
Maybe you are looking for
-
I tried to manually update the iPhoto by downloading the iPhoto 9.2.2 dmg file but I am getting this message,"The version of iPhoto installed on this Mac must be updated through the Mac App Store. Check the Mac App Store to see if an update is availa
-
So anyone know why the iPod software update server connot connect to my PC when I know that I'm on the internet?
-
'Mail' and 'Address Book' not communicating
I have recently started using 'Mail' and 'Address Book'. There is a problem: These programs don't seem to communicate. When I address an e-mail, the addressee is not auto-filled from 'Address Book'. Likewise, I can't select a name in 'Address Book' a
-
Need help with a java loop and word program
do you know any way to get a Scanner object to select a random string in a text file? ok pretty much I have a text file that isa list of 5 letter words. I need to select one at random. the only way I could think was to scan the file, get the entire n
-
NIReport_Print LabWindows 2009 vs 2010
I have code complied under LabWindows 2009 that is working, but when I complie it under LabWindows 2010 it stops working. I am trying to create pdfs using Adobe Distiller, functions like PrintPanel and PrintTextBuffer work in both 2009 and 2010. How