02-04-2019 03:36 AM
Hi,
I have an Oracle DB with Usernames and Password Hashes stored.
I would like to configure ISE using ODBC to authenticate users using Oracle DB.
- Is ISE able to check credentials if Oracle has password hashes only ?
- ISE would calculate the password hash and will compare with Oracle DB ?
Thanks in Advance.
Solved! Go to Solution.
02-04-2019 05:11 AM
It can be hashed in the table, but stored procedure for retrieving the password has to be able to reverse it to plain text password. IOW, ISE will not do the calculation, rather you have to make the stored procedure call in the DB to do that for ISE.
02-04-2019 05:11 AM
It can be hashed in the table, but stored procedure for retrieving the password has to be able to reverse it to plain text password. IOW, ISE will not do the calculation, rather you have to make the stored procedure call in the DB to do that for ISE.
02-04-2019 05:40 AM
Thx, but it´s not easy revert hash to plain text.
Checking the ISE documentation I found;
"Plain Text Password fetching from ODBC database Credential Check: If the username is found, its password and relevant user information is returned by the stored procedure. Cisco ISE calculates the password hash based on the authentication method and compares it with the one received from the client."
Any comment ?
02-04-2019 05:51 AM
Yes, exactly. ISE needs to see the password for it to process the authentication. ISE can't simply compare hash from the client to the DB directly ATM. So the answer is still no it can't be done unless password is presented to ISE in clear text.
02-04-2019 06:00 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide