Re: Hiding ORACLE passwords

Wilfred,

     Sounds scary ! But you omitted to mention that remote OS authentication is controlled - can be switched on or off, and is off by default - by setting the init.ora parameter 'REMOTE_OS_AUTHENT=true|false' on the server.

     So you can have local unix users authenticated by their unix login - aka. OPS$ - whilst disallowing remote users the same liberty.

     In a client-server environment you certainly would no want to rely on weak authentication from systems such as as MS-Windows, but could rather use Oracle's Secure Network Services to perform strong authentication using smartcards etc.

In article <Dn3JKp.KrM_at_solair1.inter.NL.net>, W.van.der.Deijl_at_inter.nl.net wrote:

> Steve Preisach <steve_at_mailhost.gate.net> wrote:
>
> >Another good alternative is to use the OPS$ logon. By creating an Oracle
> >account called OPS$unixuser (where unixuser is the unix account name)
> >that user connects to Oracle using '/' as the userid/password.
>
> But here's the trick: What when I'm using MS-Windows to connect to a
> UNIX-server. The UNIX server cannot ask MS-Windows what user I am as I
> do not have to logon or identify myself to MS-Windows. For this reason
> you can put a line in ORACLE.INI which defines your user-id.
>
> Be warned that if your UNIX-name is steve, your Oracle-name would be
> OPS$STEVE. But what if I defined my name as "STEVE" in ORACLE.INI:
> You're right I just logon to Oracle without any problems as user
> OPS$STEVE.
>
> So be very carefull with using this OS-User option with Oracle when
> you're also using machines that do not require loging on (like
> MS-Windows).
>
>
>
> Bye,
> Wilfred
> The Netherlands
>
> =======================================================
> E-mail : W.van.der.Deijl_at_inter.nl.net
> Homepage: http://www.inter.nl.net/users/W.van.der.Deijl
> (including the MicroProse Grand Prix II FAQ!)
Received on Wed Feb 21 1996 - 00:00:00 CET