Re: Question about OPS$LOGIN and Oracle Passwords
Date: Wed, 16 Dec 1992 17:04:32 GMT
Message-ID: <1992Dec16.170432.14172_at_cs.odu.edu>
In article <1992Dec14.200952.22697_at_netcom.com> sjs_at_netcom.com (Stephen Schow) writes:
>We routinely use the OPS$LOGIN feature of Oracle for all of our users. This
>way they don't have to worry about anything once they are logged onto the
>UNIX machine. They just type program / to run it with their UNIX login info.
>
>Question:
>
>When we create a new user as follows:
>
> grant connect to ops$user identified by bogus;
>
>and we actually use the word 'bogus' as the oracle password.
>
>Does this mean that user ops$user could login to Oracle with either
>the /, which would use his UNIX login info, or with 'bogus' as the
>password?
I believe what oracle does with the autologin feature is just use the current user's operating system userid to come up with the ops$user account, then automatically log into that account using whatever password you gave it, i.e. - bogus. It does not have anything to do with the operating system account password. You can't keep the two passwords the same, since your oracle passwords probably never change but your operating system passwords do change. You would have to keep the two in synch every time one changes. It's not really necessary anyway.
Oracle *does* use the password you assigned in the grant, it just provides it automatically. You can log into someone else's oracle account by just giving that password if you know it. So, yes, someone could do this:
connect ops$dbauser/bogus
if the dba account is set up for autologin with a 'bogus' password. Probably not such a good idea.
john
--
---{john hayes} OLDOMINISITY; Norfolk, Virginia USA
internet: aiko_at_cs.odu.edu
Received on Wed Dec 16 1992 - 18:04:32 CET