We're running a Sun Cluster and SAP uses os authentication at startup; to be able to use both nodes of the cluster as application servers we couldn't turn remote_os_authent off. mvg/regards Jo Jared Still <jkstill@xxxxxxx To: "jo_holvoet@xxxxxxxx" <jo_holvoet@xxxxxxxx> om> cc: Oracle-L Freelists <oracle-l@xxxxxxxxxxxxx>, oracle-l-bounce@xxxxxxxxxxxxx Subject: Re: Firewalling Oracle 01/12/2006 16:07 comments inline: On 1/12/06, jo_holvoet@xxxxxxxx <jo_holvoet@xxxxxxxx > wrote: Jared, we had to implement this for our auditors on our SAP production instance (because we couldn't turn remote_os_authent off). We are using invited nodes, BTW. Can you say why remote_os_authent must remain enabled? A couple of caveats spring to mind : 1) The first time we implemented it was on 8.1.7. The listener takes the list of nodes and looks up the IP. If any of the nodes were not resolvable, it basically let EVERY node connect again. Not exactly what you would expect. 2) We're now on 9.2.0.6 and the behaviour is now the opposite : if any of the node names are not resolvable, NOBODY connects. Better that 1), but .. Anyway, since this seems to change quite a bit between versions, you may want to do a teeny bit of testing :) Thanks for the warning. There's always something to watch out for. -- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- //www.freelists.org/webpage/oracle-l