How can I get a passwordless remote connection (OS authentication) to Oracle DB?

Question

I'm considering using remote OS authentication to connect to an Oracle database (version 11g). What are the guidelines for using [remote_os_authent]

Here's what I want to do: We set up a catalog DB to used by RMAN to store metadata about Oracle databases. I want to connect to the catalog DB via the local machine and execute this command for resync catalog db:

rman target sys/pass@localdb; connect catalog catuser/password@catdb; RESYNC CATALOG;

Is it possible for me to do this through oracle Enterprise Manager job? (I did this process by calling the execute file, but the problem is that the passwords are clear in the executable file.) I need it because I do not want user passwords to be available and visible. I can't use oracle valet for passwordless connection.

Answer 1

Using remote os authentication is considered a bad habit because it is insecure.

If you want to have scripting without having to store passwords in a readable format to prevent leaking passwords, easiest is to use the oracle wallet for this. This still keeps you busy maintaining passwords in the database and in the wallet but it is pretty safe. Your connection would be something line sqlplus /@tns_alias where the tns_alias is the key into the wallet that fetches the username and the password. An example of setup can be found here: http://ronr.blogspot.com/2017/01/cleartext-userid-and-passwords-in.html

An other option could be to enable Central Managed Users (CMU) and kerberos. This does need quite a bit of setup and is less suitable for scripting. For interactive use it works very nice, assuming you have kerberos correctly setup. An example of CMU setup can be found here: https://blog.pythian.com/part-1-creating-an-oracle-18c-centrally-managed-users-testbed-using-oracle-cloud-infrastructure/

Please change back remote_os_authentication to false. It is not safe because users can easily be spoofed.