Re: OPS$accounts

In article <1993Dec8.185606.15293_at_oracle.us.oracle.com>, spuryear_at_us.oracle.com (Scott D. Puryear) writes:
> Do you have any experience using OPS$accounts on a VAX VMS
> platform and using the OPS$accounts across the network?
> The Network is an internal tcp/ip & DECnet net.
> We want to use IBM PCs under DOS to connect to the VAXes and
> we want to use OPS$accounts on the VAXes.
>
> Any Pros or Cons would be appreciated.
>
> Thanks.

When you say you want to use OPS$ accounts from a PC, do you mean that you want to allow default logins, or you just want to use the OPS$ ID?

We use OPS$ accounts so that a VAX user can log in to ORACLE with just a slash. If that same user attempts to access ORACLE in a client/server mode, they must specify their OPS$ ID and password. They do not need to specify a VMS userid or password.

I would strongly suggest against allowing proxy logins from a client. SQL*Net is not secure enough to allow it, particularly using TCP/IP. You can limit people by node, or by ID, but not by the combination. Since the user has control over their PC, they can become whoever they want (i.e. SYS..).

You might be able to use DECnet proxies, which are based on the combination of node name and username. We deal mostly with TCP/IP, so I haven't tried it.

-- 
Bob Swisshelm                | swisshelm_at_Lilly.com     | 317 276 5472
Eli Lilly and Company        | Lilly Corporate Center  | Indianapolis, IN 46285