Service Account Security and Handling

["Wade, Russ" <Russ.Wade () WICHITA EDU>]

Dear Colleagues,

I am interested in accepted practices for maintaining passwords and access to service accounts.

We have several Oracle accounts with broad access to the database that are used by automated processes.  The passwords 
for these are known by the DBA and a small number of lead programmers who developed and provide technical support for 
these processes.

We presently are using a profile which requires the passwords for these accounts to change every 90 days.  Most of the 
time, the DBA and involved developer successfully coordinate the password change in Oracle and in the application 
process before the 90 day limit.

However, this sometimes is missed and the automated processes fail.  We have also experienced issues with automated 
processes which must have embedded passwords being missed when the change is made.  This can result in getting the 
service account locked after they retry with the old password beyond our 6 try limit.  Then, the other processes fail 
as well until someone notices and fixes it.

Does anyone have a better idea for how to achieve proper security for these privileged access service accounts and 
operational reliability as well? Also, please describe the roles of the individuals involved with this function.

Thank you,

Russ

Russ Wade,

Banner Security Specialist

Wichita State University

University Computing and Telecommunications Services

1845 Fairmount

Wichita, KS  67260-0098

Email:

Russ.Wade () Wichita edu<mailto:Russ.Wade () wichita edu>

Office:

(316) 978-3859

Mobile:

(316) 312-0185

Fax:

(316) 978-3894