diff --git a/heartbeat/oracle b/heartbeat/oracle

index 5ecc2f3..c629eb6 100755

--- a/heartbeat/oracle

+++ b/heartbeat/oracle

@@ -27,6 +27,9 @@

 #	OCF_RESKEY_ipcrm (optional; defaults to "instance")

 #	OCF_RESKEY_clear_backupmode (optional; default to "false")

 #	OCF_RESKEY_shutdown_method (optional; default to "checkpoint/abort")

+#	OCF_RESKEY_monuser (optional; defaults to "OCFMON")

+#	OCF_RESKEY_monpassword (optional; defaults to "OCFMON")

+#	OCF_RESKEY_monprofile (optional; defaults to "OCFMONPROFILE")

 #

 # Initialization:

@@ -56,6 +59,11 @@ oracle_usage() {

 	!

 }

+# Defaults

+OCF_RESKEY_monuser_default="OCFMON"

+OCF_RESKEY_monpassword_default="OCFMON"

+OCF_RESKEY_monprofile_default="OCFMONPROFILE"

+

 oracle_meta_data() {

 	cat <

@@ -100,6 +108,39 @@ If this does not work for you, just set it explicitely.

 <content type="string" default="" />

 </parameter>

+<parameter name="monuser" unique="0">

+<longdesc lang="en">

+Monitoring user name. Every connection as

+sysdba is logged in an audit log. This can

+result in a large number of new files created.

+A new user is created (if it doesn't exist) in

+the start action and subsequently used in monitor.

+It should have very limited rights. Make sure

+that the password for this user does not expire.

+</longdesc>

+<shortdesc lang="en">monuser</shortdesc>

+<content type="string" default="$OCF_RESKEY_monuser_default" />

+</parameter>

+

+<parameter name="monpassword" unique="0">

+<longdesc lang="en">

+Password for the monitoring user. Make sure

+that the password for this user does not expire.

+</longdesc>

+<shortdesc lang="en">monpassword</shortdesc>

+<content type="string" default="$OCF_RESKEY_monpassword_default" />

+</parameter>

+

+<parameter name="monprofile" unique="0">

+<longdesc lang="en">

+Profile used by the monitoring user. If the

+profile does not exist, it will be created

+with a non-expiring password.

+</longdesc>

+<shortdesc lang="en">monprofile</shortdesc>

+<content type="string" default="$OCF_RESKEY_monprofile_default" />

+</parameter>

+

 <parameter name="ipcrm" unique="0">

 <longdesc lang="en">

 Sometimes IPC objects (shared memory segments and semaphores)

@@ -216,7 +257,7 @@ execsql() {

 	if [ "$US" = "$ORACLE_OWNER" ]; then

 		sqlplus -S /nolog

 	else

-		su - $ORACLE_OWNER -c ". $ORA_ENVF; sqlplus -S /nolog"

+		su - $ORACLE_OWNER -s /bin/sh -c ". $ORA_ENVF; sqlplus -S /nolog"

 	fi

 }

@@ -250,7 +291,7 @@ dbasql() {

 	runsql "connect / as sysdba" $*

 }

 monsql() {

-	runsql "connect $MONUSR/$MONUSR" $*

+	runsql "connect $MONUSR/\"$MONPWD\"" $*

 }

 # use dbasql_one if the query should result in a single line output

 # at times people stuff commands in oracle .profile

@@ -325,22 +366,73 @@ getipc() {

 	echo "oradebug tracefile_name"

 	echo "oradebug ipc"

 }

+show_mon_profile() {

+	echo "select PROFILE from dba_profiles where PROFILE='$MONPROFILE';"

+}

+mk_mon_profile() {

+	cat<

+create profile $MONPROFILE limit FAILED_LOGIN_ATTEMPTS UNLIMITED PASSWORD_LIFE_TIME UNLIMITED;

+EOF

+}

 show_mon_user() {

 	echo "select USERNAME, ACCOUNT_STATUS from dba_users where USERNAME='$MONUSR';"

 }

 mk_mon_user() {

 	cat<

-create user $MONUSR identified by $MONUSR;

+create user $MONUSR identified by "$MONPWD" profile $MONPROFILE;

 grant create session to $MONUSR;

 grant select on v_\$instance to $MONUSR;

 EOF

 }

-check_mon_user() {

+show_mon_user_profile() {

+	echo "select PROFILE from dba_users where USERNAME='$MONUSR';"

+}

+set_mon_user_profile() {

+	echo "alter user $MONUSR profile $MONPROFILE;"

+}

+reset_mon_user_password() {

+	echo "alter user $MONUSR identified by $MONPWD;"

+}

+check_mon_profile() {

 	local output

-	dbasql show_mon_user | grep -w "^$MONUSR" >/dev/null &&

+	output=`dbasql show_mon_profile`

+	if echo "$output" | grep -iw "^$MONPROFILE" >/dev/null; then

 		return 0

+	fi

+	output=`dbasql mk_mon_profile show_mon_profile`

+	if echo "$output" | grep -iw "^$MONPROFILE" >/dev/null; then

+		return 0

+	else

+		ocf_log err "could not create $MONPROFILE oracle profile"

+		ocf_log err "sqlplus output: $output"

+		return 1

+	fi

+}

+check_mon_user() {

+	local output

+	local output2

+

+	output=`dbasql show_mon_user`

+	if echo "$output" | grep -iw "^$MONUSR" >/dev/null; then

+		if echo "$output" | grep -w "EXPIRED" >/dev/null; then

+			dbasql reset_mon_user_password

+		fi

+		output=`dbasql show_mon_user_profile`

+		if echo "$output" | grep -iw "^$MONPROFILE" >/dev/null; then

+			return 0

+		else

+			output=`dbasql set_mon_user_profile`

+			output2=`dbasql show_mon_user_profile`

+			if echo "$output2" | grep -iw "^$MONPROFILE" >/dev/null; then

+				return 0

+			fi

+			ocf_log err "could not set profile for $MONUSR oracle user"

+			ocf_log err "sqlplus output: $output( $output2 )"

+			return 1

+		fi

+	fi

 	output=`dbasql mk_mon_user show_mon_user`

-	if echo "$output" | grep -w "^$MONUSR" >/dev/null; then

+	if echo "$output" | grep -iw "^$MONUSR" >/dev/null; then

 		return 0

 	else

 		ocf_log err "could not create $MONUSR oracle user"

@@ -417,7 +509,7 @@ ipcdesc() {

 }

 rmipc() {

 	local what=$1 id=$2

-	ipcs -$what | filteroraipc | grep -w $id >/dev/null 2>&1 ||

+	ipcs -$what | filteroraipc | grep -iw $id >/dev/null 2>&1 ||

 		return

 	ocf_log info "Removing `ipcdesc $what` $id."

 	ipcrm -$what $id

@@ -447,6 +539,8 @@ is_proc_running() {

 # instance in OPEN state?

 instance_live() {

 	local status=`monsql_one dbstat`

+	[ "$status" = OPEN ] && return 0

+	status=`dbasql_one dbstat`

 	if [ "$status" = OPEN ]; then

 		return 0

 	else

@@ -473,7 +567,7 @@ ora_cleanup() {

 }

 oracle_getconfig() {

-	ora_common_getconfig "$OCF_RESKEY_sid" "$OCF_RESKEY_home" "$OCF_RESKEY_user" "$OCF_RESKEY_tns_admin"

+	ora_common_getconfig "$OCF_RESKEY_sid" "$OCF_RESKEY_home" "$OCF_RESKEY_user"

 	clear_backupmode=${OCF_RESKEY_clear_backupmode:-"false"}

 	shutdown_method=${OCF_RESKEY_shutdown_method:-"checkpoint/abort"}

@@ -493,7 +587,7 @@ oracle_getconfig() {

 oracle_start() {

 	local status output

 	if is_proc_running; then

-		status="`monsql_one dbstat`"

+		status="`dbasql_one dbstat`"

 		case "$status" in

 		"OPEN")

 			: nothing to be done, we can leave right now

@@ -541,6 +635,11 @@ oracle_start() {

 	fi

 	output=`dbasql dbopen`

+	# check/create the monitor profile

+	if ! check_mon_profile; then

+		return $OCF_ERR_GENERIC

+	fi

+

 	# check/create the monitor user

 	if ! check_mon_user; then

 		return $OCF_ERR_GENERIC

@@ -650,7 +749,12 @@ show_procs() {

 proc_pids() { show_procs | awk '{print $1}'; }

 PROCS_CLEANUP_TIME="30"

-MONUSR="OCFMON"

+MONUSR=${OCF_RESKEY_monuser:-$OCF_RESKEY_monuser_default}

+MONPWD=${OCF_RESKEY_monpassword:-$OCF_RESKEY_monpassword_default}

+MONPROFILE=${OCF_RESKEY_monprofile_default:-$OCF_RESKEY_monprofile_default}

+

+MONUSR=$(echo $MONUSR | awk '{print toupper($0)}')

+MONPROFILE=$(echo $MONPROFILE | awk '{print toupper($0)}')

 OCF_REQUIRED_PARAMS="sid"

 OCF_REQUIRED_BINARIES="sqlplus"

 ocf_rarun $*

diff --git a/heartbeat/oralsnr b/heartbeat/oralsnr

index 2409017..a91eeab 100755

--- a/heartbeat/oralsnr

+++ b/heartbeat/oralsnr

@@ -158,7 +158,7 @@ runasdba() {

 		(

 		echo ". $ORA_ENVF"

 		cat

-		) | su - $ORACLE_OWNER

+		) | su -s $SH - $ORACLE_OWNER

 	fi

 }

@@ -268,7 +268,7 @@ oralsnr_validate_all() {

 # used in ora-common.sh

 show_procs() {

 	ps -e -o pid,user,args |

-		grep '[t]nslsnr' | grep -w "$listener" | grep -w "$ORACLE_OWNER"

+		grep '[t]nslsnr' | grep -i -w "$listener" | grep -w "$ORACLE_OWNER"

 }

 proc_pids() { show_procs | awk '{print $1}'; }

 PROCS_CLEANUP_TIME="10"