Question about OPS$LOGIN and Oracle Passwords

We routinely use the OPS$LOGIN feature of Oracle for all of our users. This way they don't have to worry about anything once they are logged onto the UNIX machine. They just type program / to run it with their UNIX login info.

Question:

When we create a new user as follows:

        grant connect to ops$user identified by bogus;

and we actually use the word 'bogus' as the oracle password.

Does this mean that user ops$user could login to Oracle with either the /, which would use his UNIX login info, or with 'bogus' as the password?

Could a user go into sql*plus with any convienient name and type

        connect ops$user/bogus

to get into that user's oracle accoun

We routinely use bogus to define new oracle users, but I am concerned about security loop holes. We also use a number of macintosh client products that use the ops$user with the UNIX password to login. I am beginning to think that we should make sure that the Oracle password is the same as the UNIX password and NOT use bogus for everyone?!_at_#$%^

help!

-- 


------------------------------------------------------------------

Steve Schow    | But you don't have to use the claw, if you
sjs_at_netcom.com | pick the pear with the big paw paw......
(415) 354-4908 | Have I given you a clue......?
               |                       - Baloo the Bear


------------------------------------------------------------------