Anyway, trying to find a nexus of different point of view (Sysadmin and DBA), I'd configure a pattern selective passwordless ssh for the oracle users of those specific hosts. In detail, in sshd_config file it's possible to put some directives like: # Disable Public Key auth PubkeyAuthentication no At the end of file, the last directive # Enable Public Key auth only from specific users/host(s) Match User oracle@racnode PubkeyAuthentication yes More details: http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5?query=sshd_config https://raymii.org/s/tutorials/Limit_access_to_openssh_features_with_the_Match_keyword.html Alessandro ---- On Tue, 23 Sep 2014 10:09:52 +0200 Dimitre Radoulov <cichomitiko@xxxxxxxxx> wrote ---- > > On 23/09/2014 09:27, Niall Litchfield wrote: > > P3TwYHrce531zzXK7WX1LGBvbPuxFw@xxxxxxxxxxxxxx" type="cite"> I > guess I'm struggling to understand what the issue is here. User > equivalence or passwordless ssh is required for a supported > installation. Arguing about what may or may not break is surely > beside the point. > > > I completely agree with Niall. In my opinion, if the software vendor > is asking you to do something and the security team disagrees, > they should ask the vendor (Oracle), not you, to fix it. > > P3TwYHrce531zzXK7WX1LGBvbPuxFw@xxxxxxxxxxxxxx" type="cite"> On 22 > Sep 2014 20:29, "Herring, David" <HerringD@xxxxxxx> wrote: > Does anyone know all areas where user equivalency for the > account "oracle" is necessary in a RAC system, let's say 11g and > above on Linux RH? > > The reason I ask is that our security team is now refusing to > have this set up and even though I passed snipets from Oracle > doc which states "it must be set", they're balking and sending > snipets from RedHat doc saying that's unwise. > > > > > > > -- //www.freelists.org/webpage/oracle-l