For a secure database, use OS authentication sparingly

The reduced management costs you get with OS authentication are admittedly appealing, but not particularly secure. Windows client names can easily be spoofed, so there's no real client authentication. It's more secure when the connection to the database is local or from a UNIX client. However, this is of limited usefulness, since the only accounts you should have set up on the host are administrative ones, such as root and user accounts for DBAs.