There are three approaches commonly used to enable a user to connect to a database without explicitly typing a password. All of the approaches take advantage of the OPS$ account.

With the first approach, the account is created with the actual prefix “OPS$” used in the account name, and a password is assigned to the user. The user can connect from the operating system level to a database by using just a “/” in place of the username/password string. The user does not have to type his username or password to gain access to the database. If, however, the user wants to connect to the database from a remote client, he can use his username and password and connect successfully. The advantage of this approach is that the user can hide both his username and password when using a command-line connection and still retain the ability to use SQL*Net to connect to the database from a client machine.

With the second approach, you set the INIT.ORA parameter OS_AUTHENT_PREFIX="”, and the actual username without the “OPS$” prefix is used in creating the user account. No password is assigned to the account. Instead, the account is created with the IDENTIFIED EXTERNALLY option, as described later in this chapter. The user can connect to the database from the operating system level but has no password to enable remote connection from a client machine.

The only difference between the second and third approach is the use of the INIT.ORA parameter REMOTE_OS_AUTHENT ...