cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

52
Views
0
Helpful
4
Replies
Highlighted
Cisco Employee

ISE and Oracle DB with Hash Passwords

Hi, 

 

I have an Oracle DB with Usernames and Password Hashes stored.

I would like to configure ISE using ODBC to authenticate users using Oracle DB.

 

- Is ISE able to check credentials if Oracle has password hashes only ? 

- ISE would calculate the password hash and will compare with Oracle DB ?

 

Thanks in Advance.

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE and Oracle DB with Hash Passwords

It can be hashed in the table, but stored procedure for retrieving the password has to be able to reverse it to plain text password. IOW, ISE will not do the calculation, rather you have to make the stored procedure call in the DB to do that for ISE.

4 REPLIES
Cisco Employee

Re: ISE and Oracle DB with Hash Passwords

It can be hashed in the table, but stored procedure for retrieving the password has to be able to reverse it to plain text password. IOW, ISE will not do the calculation, rather you have to make the stored procedure call in the DB to do that for ISE.

Cisco Employee

Re: ISE and Oracle DB with Hash Passwords

Thx,  but it´s not easy revert hash to plain text.   

 

Checking the ISE documentation I found;  

"Plain Text Password fetching from ODBC database Credential Check:  If the username is found, its password and relevant user information is returned by the stored procedure. Cisco ISE calculates the password hash based on the authentication method and compares it with the one received from the client."

 

Any comment ?

Cisco Employee

Re: ISE and Oracle DB with Hash Passwords

Yes, exactly. ISE needs to see the password for it to process the authentication. ISE can't simply compare hash from the client to the DB directly ATM. So the answer is still no it can't be done unless password is presented to ISE in clear text.

Cisco Employee

Re: ISE and Oracle DB with Hash Passwords

Ok, Thanks for the clarification.
CreatePlease to create content
Blog-New Labels