Oracle Privileged Account Manager (OPAM) is a secure password
management solution designed to generate, provision, and manage access to
passwords for privileged accounts like Linux/Unix “root” or Oracle database
“sys” accounts. It enables auditing and establishes accountability for users
including those who share privileged account credentials. Additionally OPAM
provides Session Management and Recording. OPAM is an integral service
of the Oracle Identity Governance Suite and provides central governance for
both, regular and privileged users. It further enables complete auditing,
reporting and certification of a user’s regular or shared accounts, and account
lifecycle management from request, approval, to certification and usage
tracking. OPAM greatly enhances security and significantly improves
compliance.
Source:Oracle
Highlevel Steps:
1)Run RCU for OPAM
2)Extending the Weblogic Domain to Configure OPAM Managed Server:
3)Prepare the Database for Transparent Data Encryption.
Run RCU 11g Release 1 (11.1.1.9.0).
Configuration of OPAM from the MiddlewareHome/opam/bin location
Prepare the Database for TDE(Transparent Data Encryption )
steps:
Restart the OPAM Managed server for changes to take place.
To access OPAM Console:
http://localhost:18101/oinav/opam
and login with weblogic username and password.
Source:Oracle
Highlevel Steps:
1)Run RCU for OPAM
2)Extending the Weblogic Domain to Configure OPAM Managed Server:
3)Prepare the Database for Transparent Data Encryption.
Run RCU 11g Release 1 (11.1.1.9.0).
Extending the existing weblogic domain for Oracle Previleaged Account Manager
Start your Managed OPAM Server ,after login to the OPAM Console,if you see the below error,
run the sql command in DEV_OPAM schema
Prepare the Database for TDE(Transparent Data Encryption )
steps:
1. Specify an Oracle Wallet Location in the sqlnet.ora File
Open the sqlnet.ora file located in $ORACLE_HOME/network/admin. Enter the following line at the end of the file:
ENCRYPTION_WALLET_LOCATION=
(SOURCE=(METHOD=FILE)(METHOD_DATA=
(DIRECTORY=/u01/oracle/admin/orcl/wallet)))
Save the Changes and Close the file.
2.Create the Master Key Encryption
sql>ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Password";
after running the command:
ewallet.p12 file has been created with encryption.
3.To make autologin
Run the command owm (Oracle Wallet manager) and check autologin check box and save.
after saving cwallet.sso file has been created in the wallet location Directory.
If you want to disable TDE(Non-TDE),run the following command in the OPAM schema
Restart the OPAM Managed server for changes to take place.
To access OPAM Console:
http://localhost:18101/oinav/opam
and login with weblogic username and password.
