In an HP-UX/Oracle 7 configuration, where an authenticated userid is passed from the operating system to Oracle as a valid authorized user, is there a way to configure the handling of the password to prohibit going around the UNIX password mechanism and going right into the database using a commonly known userid? Is a second password (used by Oracle) better stored as an environment variable or a global variable? Thanks