When a user logs into an oracle component, the component may need to obtain information from the directory on the end user's behalf such as password verifier. To do this, the component typically logs into the directory as a proxy user, a feature that enables it to switch its identity to that of the end user.
A problem is that the greater the number of components logging into the directory as proxy users, the greater the risk of malicious user accessing the directory as a proxy user. To prevent this security problem, DAS centralizes proxy user access.
In Oracle DAS environment, each component instead of logging into the directory as a proxy user, logs into the central DAS. DAS then logs into the directory as a proxy user, switches its identity to the end user and performs operations on the user's behalf.
No comments:
Post a Comment