Symantec Privileged Access Management

  • Private Community

  • 1.  Can I do an autologin with sqlplus?

    Posted Dec 06, 2017 01:52 AM

    Can I do an autologin with sqlplus?

     

    Good day:

     

    My client wants to make an autologin to the databases using sqlplus the options that occur to me are:

     

    1. Make an autologin to a linux server and then run the sqlplus command.
    2. From the end-user machine run the sqlplus.

     

    What is the easiest way to do it?
    How do I do it?



  • 2.  Re: Can I do an autologin with sqlplus?
    Best Answer

    Broadcom Employee
    Posted Dec 06, 2017 06:42 PM

    Hello Juan, You should be able to do this by configuring transparent login using the Command String method, see e.g. https://docops.ca.com/ca-privileged-access-manager/3-0-2/EN/implementing/provision-your-server/provisioning-devices/device-setup . The command string option needs to be enabled in the security configuration as discussed on the page. Otherwise you won't see the option when you edit a device. Once you have it enabled, you can define transparent login on the device page and an account to use in the user/device policy. I added a few pictures on how this would look like in 3.0. This assumes that you use a command syntax like the following, taken from http://blog.oracle48.nl/wordpress/sqlplus-and-easy-connect-without-password-on-the-command-line/, which should prompt for the password:

    $> sqlplus system@\"db_machine:1521/db_servicename\" Enter password: Connected to: (...) SQL>

     

     

     

     

     



  • 3.  Re: Can I do an autologin with sqlplus?

    Posted Dec 11, 2017 01:25 PM

    Good day:

     

    I already have the following configurations:

     

    1.- Command String - Enabled.

    2. Modify the device with sqlplus DEVICE

    3. Activate the credencial to enter with sqlplus on POLICY

    4. Test the sqlplus

     


    However, the credentials are not sent automatically. They could tell me if I'm missing something.



  • 4.  Re: Can I do an autologin with sqlplus?

    Broadcom Employee
    Posted Dec 11, 2017 04:27 PM

    Hi Juan, Yes, I missed to check on the arguments. You actually have to configure the full command string, not just sqlplus. Given that you have to configure a specific target account for TL, it should not be a restriction to use a specific user name in the argument. The following works for me with a mock sqlplus executable. I added a second command string to cover the case where there could be different access policies with different target accounts defined for transparent login. Also make sure that you use the correct authentication prompt string, there appears to be a case mismatch between what you configured and what the application uses.



  • 5.  Re: Can I do an autologin with sqlplus?

    Posted Dec 11, 2017 05:07 PM

    Thanks for the tips, the transparent login works correctly.

    Greetings.