Re: Firewalling Oracle

  • From: jo_holvoet@xxxxxxxx
  • To: Jared Still <jkstill@xxxxxxxxx>
  • Date: Thu, 12 Jan 2006 17:32:47 +0100

We're running a Sun Cluster and SAP uses os authentication at startup; to
be able to use both nodes of the cluster as application servers we couldn't
turn remote_os_authent off.



                      Jared Still                                               
                      <jkstill@xxxxxxx         To:      "jo_holvoet@xxxxxxxx" 
                      om>                      cc:      Oracle-L Freelists 
<oracle-l@xxxxxxxxxxxxx>, oracle-l-bounce@xxxxxxxxxxxxx     
                                               Subject: Re: Firewalling Oracle  
                      01/12/2006 16:07                                          

comments inline:

On 1/12/06, jo_holvoet@xxxxxxxx <jo_holvoet@xxxxxxxx > wrote:


      we had to implement this for our auditors on our SAP production
      (because we couldn't turn remote_os_authent off). We are using
      nodes, BTW.

Can you say why remote_os_authent must remain enabled?

      A couple of caveats spring to mind :

      1) The first time we implemented it was on 8.1.7. The listener takes
      list of nodes and looks up the IP. If any of the nodes were not
      it basically let EVERY node connect again. Not exactly what you would


      2) We're now on and the behaviour is now the opposite : if
      any of
      the node names are not resolvable, NOBODY connects. Better that 1),
      Anyway, since this seems to change quite a bit between versions, you
      want to do a teeny bit of testing :)

Thanks for the warning.  There's always something to watch out for.

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist


Other related posts: