Im going to post this in both unix and win2003. I thoought there was a way to do this. I want an application to be able to login as a certain user. What im sayingis no one or nothing besides this application can log in as this account name. Is there a way i thought there was. Sort of like for some security so no one or nothing beside the application can log into to this account. Mainly for FTP and not having to change the password every 90 days. My theory is that nothing beside's an admin or the application can utilize this account name or setting or "username" Learning in progress..........

Well, if the application is a service or you make it a service, you can set it up to use an account that you designate as a server account. Now this account will just be like all other accounts but you will enter the account credentials into the service properties and presumably not share this password with anyone else. Thank you, Leto the just

Thank you for the response........ Yes we would not want to share this password with any other person nor would we want a password........... we want to use certificates. Im kinda confused how this all would work can you explain to me How I can this up Im gonna explain my scenario and just point me in the right direction or tell me if this is feasible. We got a SOA suite installed on a box. This SOA suite connects to our production server and grabs files off of it. It connects to the production box as a certain username and then it authenticates with a publi/private key. So somehow we would have to let the production server know that there is a "soa service" connecting to it and it would have to have a profile that accepts this "soa service" and only the "soa service" is allowed to utilize this account meaning no one besides the soa service can log into the account. Hence we want to convince security that password expiration can be turned off on the "username" or in our case the service connecting to it. Hence im repeating myself. No one would be able to figure out the password to the service name our soa application uses to connect. It would notice that the Service is not trying to connect and blah blah blah i ran this on too long let me know if i sound confusing Learning in progress..........

Well, any password can be cracked and just because a service is using it does not mean that it is secure. You can check the box "password never expires in account properties". I am confused, is the Oracle SOA using a windows service or windows account or not? Is this a domain or workgroup infratructure? If this is a windows or service account simply follow the steps I presented earlier. If there is something you need a better explanation on, let me know. Thank you, Leto the just

Well, any password can be cracked and just because a service is using it does not mean that it is secure. You can check the box "password never expires in account properties". I am confused, is the Oracle SOA using a windows service or windows account or not? Is this a domain or workgroup infratructure? If this is a windows or service account simply follow the steps I presented earlier. If there is something you need a better explanation on, let me know. Ryan: Well its actuallay a service running on a unix box. I just am more familiar with windows so i thought i could find out how to implement this idea in windows and move forward from there. But maybe i got a little confused or confused you. This program has FTP capability in it and it connects to FTP services running on 2 boxes box 1 = the source box 2 = or SOA application running this ftp service to log into the other two boxes box 3 = destination server. I was just wondering instead of logging in as a user name which we define in the SOA application so that it can connect to source and destination. Maybe the source and destination server can see that "FTP service" is trying to connect to it and maybe there is a group associated with "FTP service" that has public key. Sort of like the source sensing that our SOA application is trying to access it and defaults to a group/user name that is associated with it. The only catch here is that only this "ftp service" can log into the source and destination cause the OS would see that this "service" is trying to access the file system, somehow it could distinguish that the app is trying to access it as opposed to a user from a keyboard. May be far fetched but can the os see that an app is trying to access it as opposed to a user from a keyboard Learning in progress..........