Could this be changed (to requiring a password to get into the database) without any problems as a result?
This is an SAP/Oracle installation, but what we are concerned about is if an operating system user can connect to the DB as this DB user "OPS$ORAsid" without requiring a password.
In order to use OS Authentication, you must have the initialization parameter REMOTE_OS_AUTHENT set to TRUE. If you do not want to allow OS Authentication, set this parameter to FALSE. Additionally, the OS_AUTHENT_PREFIX parameter defaults to 'OPS$.' You can change this parameter if you desire. The next step in allowing a user to use OS Authentication is to create the user in the database with the OS_AUTHENT_PREFIX prefix. For example, if the OS user is called 'bobsmith,' then you must create the database user as follows:
CREATE USER OPS$bobsmith IDENTIFIED EXTERNALLY;
In order for OS Authentication to succeed, the following must be true:
- The REMOTE_OS_AUTHENT parameter must be set to TRUE.
- The user must be created with the OS_AUTHENT_PREFIX and with the IDENTIFIED EXTERNALLY clause.
If you want to stop any users from using OS Authentication, then simply set REMOTE_OS_AUTHENT to FALSE. If you do not want the OS user 'jimmyolson' to be able to connect with OS Authentication, then ensure that there is no OPS$jimmyolson user in the database.