Re: Firewalling Oracle
- From: jo_holvoet@xxxxxxxx
- To: Jared Still <jkstill@xxxxxxxxx>
- Date: Thu, 12 Jan 2006 17:32:47 +0100
We're running a Sun Cluster and SAP uses os authentication at startup; to
be able to use both nodes of the cluster as application servers we couldn't
turn remote_os_authent off.
mvg/regards
Jo
Jared Still
<jkstill@xxxxxxx To: "jo_holvoet@xxxxxxxx"
<jo_holvoet@xxxxxxxx>
om> cc: Oracle-L Freelists
<oracle-l@xxxxxxxxxxxxx>, oracle-l-bounce@xxxxxxxxxxxxx
Subject: Re: Firewalling Oracle
01/12/2006 16:07
comments inline:
On 1/12/06, jo_holvoet@xxxxxxxx <jo_holvoet@xxxxxxxx > wrote:
Jared,
we had to implement this for our auditors on our SAP production
instance
(because we couldn't turn remote_os_authent off). We are using
invited
nodes, BTW.
Can you say why remote_os_authent must remain enabled?
A couple of caveats spring to mind :
1) The first time we implemented it was on 8.1.7. The listener takes
the
list of nodes and looks up the IP. If any of the nodes were not
resolvable,
it basically let EVERY node connect again. Not exactly what you would
expect.
2) We're now on 9.2.0.6 and the behaviour is now the opposite : if
any of
the node names are not resolvable, NOBODY connects. Better that 1),
but
..
Anyway, since this seems to change quite a bit between versions, you
may
want to do a teeny bit of testing :)
Thanks for the warning. There's always something to watch out for.
--
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
--
//www.freelists.org/webpage/oracle-l
Other related posts:
