Re: Firewalling Oracle

We're running a Sun Cluster and SAP uses os authentication at startup; to
be able to use both nodes of the cluster as application servers we couldn't
turn remote_os_authent off.

mvg/regards

Jo




                                                                                
                                                       
                      Jared Still                                               
                                                       
                      <jkstill@xxxxxxx         To:      "jo_holvoet@xxxxxxxx" 
<jo_holvoet@xxxxxxxx>                                    
                      om>                      cc:      Oracle-L Freelists 
<oracle-l@xxxxxxxxxxxxx>, oracle-l-bounce@xxxxxxxxxxxxx     
                                               Subject: Re: Firewalling Oracle  
                                                       
                      01/12/2006 16:07                                          
                                                       
                                                                                
                                                       




comments inline:

On 1/12/06, jo_holvoet@xxxxxxxx <jo_holvoet@xxxxxxxx > wrote:

      Jared,

      we had to implement this for our auditors on our SAP production
      instance
      (because we couldn't turn remote_os_authent off). We are using
      invited
      nodes, BTW.

Can you say why remote_os_authent must remain enabled?


      A couple of caveats spring to mind :

      1) The first time we implemented it was on 8.1.7. The listener takes
      the
      list of nodes and looks up the IP. If any of the nodes were not
      resolvable,
      it basically let EVERY node connect again. Not exactly what you would

      expect.

      2) We're now on 9.2.0.6 and the behaviour is now the opposite : if
      any of
      the node names are not resolvable, NOBODY connects. Better that 1),
      but
      ..
      Anyway, since this seems to change quite a bit between versions, you
      may
      want to do a teeny bit of testing :)


Thanks for the warning.  There's always something to watch out for.

--
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

--
http://www.freelists.org/webpage/oracle-l


Other related posts: