Responding To Jackson Shaw on OAS4OS.
By Mark Wilcox - CTO - Oracle Consulting Security-Oracle on May 07, 2008
Jackson Shaw responded to my post on OS security.
I have not yet updated any of test AD servers to R2 and thus wasn't aware that AD automatically was updating the schema to support NIS. I am familiar with the RFC but this is a repeated concern I do hear from customers - "we can't extend our AD schema". I literally hear this on a daily basis but this could be because we are one of the few options out there that can help customers who can't extend their AD schema.
I also learned something new - that others are supporting SUDO policies too. :) I didn't mean for my post to be obvious FUD on this feature. I'm still coming up to speed on the competitive landscape for OAS4OS myself (other members of the PM team primarily running that show while I have been concentrating on other areas that I can't yet publicly discuss - but since I am the more outbound focused PM on directory services team - I am talking more about it now).
In short - let me just say where I think organizations may get the most out of OAS4OS:
1 - Simplified installation of secure (e.g. SSL/TLS setup which apparently is pretty nasty manually) PAM and related configuration
2 - Migration tools from local/NIS to LDAP
3 - Support for managing user UNIX footprint outside of AD but keep password in AD (for those who can't or don't want to extend AD schema)
4 - Increase utilization of an existing OID deployment (for example if you have Oracle Portal - you have to have OID - thus could potentially get an increased ROI by using OAS4OS)
5 - The OAS4OS is currently provided as a feature of the Oracle Directory Services or Oracle Identity & Access Management license(s)