Educause Security Discussion
mailing list archives
Service Account Security and Handling
From: "Wade, Russ" <Russ.Wade () WICHITA EDU>
Date: Wed, 8 Aug 2007 14:18:19 -0500
I am interested in accepted practices for maintaining passwords and access to service accounts.
We have several Oracle accounts with broad access to the database that are used by automated processes. The passwords
for these are known by the DBA and a small number of lead programmers who developed and provide technical support for
We presently are using a profile which requires the passwords for these accounts to change every 90 days. Most of the
time, the DBA and involved developer successfully coordinate the password change in Oracle and in the application
process before the 90 day limit.
However, this sometimes is missed and the automated processes fail. We have also experienced issues with automated
processes which must have embedded passwords being missed when the change is made. This can result in getting the
service account locked after they retry with the old password beyond our 6 try limit. Then, the other processes fail
as well until someone notices and fixes it.
Does anyone have a better idea for how to achieve proper security for these privileged access service accounts and
operational reliability as well? Also, please describe the roles of the individuals involved with this function.
Banner Security Specialist
Wichita State University
University Computing and Telecommunications Services
Wichita, KS 67260-0098
Russ.Wade () Wichita edu<mailto:Russ.Wade () wichita edu>
- Service Account Security and Handling Wade, Russ (Aug 08)