Re: How to implment single sign-on?

Bob Yeh <ryeh_at_juno.com> wrote:

>Hi,
>
>We are developing an application and one of the requirement is single
>sign-on. Once the user login the unix box, he/she should not be
>requirement to enter user name and password again to use the database.
>Is using ops$ still a secured method? I don't like to use just one
>userid to access the database(no way to do auditing) and I have to hide
>the password somewhere. Any suggestion?
>
>Bob

OPS$ still works and is secure.

Set up an OPS$ user for each unix user and a .profile that logs them in automatically.

There's also an init parameter OS_AUTHENT_PREFIX that will change the default OPS$ prefix. I use OS_AUTHENT_PREFIX="".

One other advantage of using OS authenticated database users is that nobody can see someone else's password with a "ps" command. Sure you can tell people to not supply the password on the command line but how can you enforce it? And it only takes once to cause a security breech.

--
Chuck Hamilton
chuckh_at_dvol.com

This message delivered by electronic sled dogs. WOOF!