Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: NT/BMC/ORACLE Question

Re: NT/BMC/ORACLE Question

From: Niall Litchfield <niall.litchfield_at_doial.pipex.com>
Date: 2000/07/10
Message-ID: <8kc71a$aaj$1@soap.pipex.net>#1/1 






This is not going to be the most positive of messages...



I believe that the answer to your question is that you can't. do what you
want.



os authentication, which is what you want to use for no password for
internal operations, by definition assumes that you trust the security setup
of your os. If you don't trust the nework os setup then you will have to use
Oracle authentication which requires a password. You can of course setup
scripts which contain or are passed the password in clear text, but the your
sys admins could read the password anyway. The suggestion to try starting
and stopping the relevant services I have found is not always reliable, I
haven't checked under exactly what circumstances this can fail but I have
seen it too many times to entirely trust this approach.



Personally I would never select a backup product that was ignorant of the
databases security features, it just doesn't inspire confidence does it.



HTH a bit anyway

--
Niall Litchfield
Oracle DBA
Audit Commission UK
"Cece Russell" <cecerussell_at_prodigy.net> wrote in message
news:8k5i12$2u9e$1_at_newssvr05-en0.news.prodigy.com...


>

> Please reply to my email address of jamesrussell_at_prodigy.net  .

> I used my wife's email account to post this.  Thanks.

>

> "Cece Russell" <cecerussell_at_prodigy.net> wrote in message

> news:8k5h7i$2gfa$1_at_newssvr05-en0.news.prodigy.com...

> >

> > I need the help of someone, anyone who is familiar with Oracle8 on NT.

 In


> > particular, I set up the environment on NT so that I could log onto

 svrmgr30


> > as internal without a password.  This was done so that a BMC product

> > (SQLBACKTRACK, used to backup Oracle) could use svrmgr30 to shutdown and

> > startup the database without having to supply a password for internal.

 This


> > was a requirement of the product.

> >

> > Now I am faced with a problem.  To do this I had to do three things:

 set
 a


> > parameter in the sqlnet.ora file, set a parameter in the init.ora file,

> > create an NT group called ora_dba and grant membership to the account

 that


> > owns the database to this group.  Now anyone with administrative

 privileges


> > on NT can place any NT account into this group.  Anyone who is a member

 of


> > this group (they do not need explicit privileges on the Oracle directory

 or


> > files) can execute svrmgr30 and log on as internal without a password.

 They


> > can do the same thing with sqlplus.

> >

> > How can I secure things on NT so that only the NT account that installed

 the


> > software can log on as internal without a password?  Any ideas?

> >

> > Please reply to my email account if at all possible.

> >

> > Thank you very much.

> >

> > Jim Russell

> >

> >

>

>



Received on Mon Jul 10 2000 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US