密码文件

密码文件作用:

密码文件用于dba用户的登录认证。

dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户。

本地登录:

1)操作系统认证:

[oracle@localhost ~]$ sqlplus "/as sysdba"

[oracle@localhost ~]$ sqlplus / as sysdba

[oracle@localhost ~]$ sqlplus sys/tiger as sysdba

2)密码文件认证:

[oracle@localhost ~]$ sqlplus sys/tiger@rezin as sysdba

远程密码文件登录:

[oracle@localhost ~]$ sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

密码文件位置:

linux/unix:[oracle@localhost ~]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID

/u01/oracle/10g/dbs/orapworcl

/u01/oracle/10g/dbs/orapwrezin

windows:$ORACLE_HOME/oradate/orapw$ORACLE_SID

密码文件查找顺序:

         1)opapw<sid>

2)orapw

以上两个都查找不到,验证失败。

密码文件认证还是OS认证:

1)参数文件:remote_login_passwordfile=none|exclusive|shared

none:不使用密码文件认证

exclusive:使用密码文件认证,自己独占使用(默认)

shared:使用密码文件认证,不同实例dba用户可以共享密码文件(asm下必须使用)

2)$ORACLE_HOME/network/admin/sqlnet.ora文件下:

SQLNET.AUTHENTICATION_SERVICES =none|all|nts(linux下默认没有设置)

none:关闭OS认证,只能密码文件认证

all:linux平台关闭本机密码文件认证,采用操作系统认证,但是远程(异机)可以密码文件认证

nts:windows下使用(桶linux下all)

练习:

1)配置:remote_login_passwordfile=exclusive

SQLNET.AUTHENTICATION_SERVICES =none

结果:可以密码文件认证(本地/远超),不可以操作系统认证

[oracle@localhost ~]$ sqlplus sys/tiger as sysdba(本地密码文件登录)

[oracle@localhost ~]$ sqlplus sys/tiger@rezin as sysdba(本地密码文件登录)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:39 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

???:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL> exit

? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options ??

[oracle@localhost ~]$ sqlplus / as sysdba(OS认证)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:51 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Enter user-name:

[oracle@localhost ~]$ sqlplus "/as sysdba"(OS认证)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:01:04 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Enter user-name:

2)配置:remote_login_passwordfile=exclusive

SQLNET.AUTHENTICATION_SERVICES =all

结果:本机密码文件认证不可用,但是远程密码文件认证可用,本机OS认证可用

[oracle@localhost ~]$ sqlplus "/as sysdba"(本机OS认证登录成功)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:45:35 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

[oracle@localhost ~]$ sqlplus sys/tiger@orcl as sysdba(本机密码文件认证失败)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:46:52 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-12641: Authentication service failed to initialize

Enter user-name:

C: >sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba(远程密码文件登录成功)

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 11:58:38 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

连接到:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

[oracle@localhost ~]$ sqlplus scott/tiger(普通用户本地OS登录成功)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:01:57 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

[oracle@localhost ~]$ sqlplus scott/tiger@orcl(登录失败)

[oracle@localhost ~]$ sqlplus scott/t (登录失败)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:02:52 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-12641: Authentication service failed to initialize

Enter user-name:

密码文件管理:

密码文件建立:orapwd命令用法(不建议使用)

[oracle@localhost ~]$ orapwd

Usage: orapwd file=<fname> password=<password> entries=<users> force=<y/n>

where

file - name of password file (mand),  -->创建密码文件名字:orapw<sid>

password - password for SYS (mand), -->sys用户密码

entries - maximum number of distinct DBA and  -->可以有多少个sysdba和sysoper用户可以放到密码文件里边去(采用二进制方式,即输入1表示最少存放4个,去除重复的)

force - whether to overwrite existing file (opt), -->oracle 10g后新加的参数,用法:force=n或force=y,表示密码文件存在是否覆盖,10g之前只能删除原有的密码文件,再创建。

OPERs (opt),

There are no spaces around the equal-to (=) character.

例如:[oracle@localhost ~]$orapwd file=orapworcl password=rezin entries=1 force=y

密码文件修改:例如 修改sys用户密码或授予sysdba、sysoper权限

         orapwd重建密码文件:不建议使用,可能会让其他sys用户不能登录

alter user sys identified by <new password>

grant sysdba|sysoper to <user>;

revoke sysdba|sysoper from <user>

查看密码文件内容:strings指令查看二进制文件内容。

[oracle@localhost dbs]$ strings orapworcl

]\[Z

ORACLE Remote Password file

INTERNAL

9D9FF9FDAFB17385

E6BAA2164C375C09

sysdba和sysoper具体区别:查看官方文档

通过system_privilege_map视图查看系统权限:

SQL> select * from system_privilege_map

2  where name like '%SYS%';

PRIVILEGE NAME                                       PROPERTY

---------- ---------------------------------------- ----------------------------------------------------------

-3 ALTER SYSTEM                                      0

-4 AUDIT SYSTEM                                      0

-83 SYSDBA                                            0

-84 SYSOPER                                           0

查看用户系统权限通过密码文件视图v$pwfile_user查看:

SQL> select * from v$pwfile_users;

USERNAME                       SYSDB SYSOP

------------------------------ ----- -----

SYS                            TRUE  TRUE

通过以上查询可以知道,sys用户登录方式既可以通过as sysdba登录schema显示‘SYS’,也可以通过as sysoper登录schema显示‘PUBLIC’。

LAST验证:需要配合参数文件知识练习

1、按照组合:

1)remote_login_passwordfile=none                       sqlnet.authentication_services=none

2)remote_login_passwordfile=exclusive      sqlnet.authentication_services=none

3)remote_login_passwordfile=none                       sqlnet.authentication_services=all

如果是win,请你把all改为nts

4)remote_login_passwordfile=exclusive               sqlnet.authentication_services=all

分别测试:

本机:sqlplus / as sysdba

sqlplus sys/<pswd> as sysdba

sqlplus sys/<pswd>@<sid> as sysdba

远程:sqlplus sys/<pswd>@<sid> as sysdba

sqlplus sys/<pswd>@ip:port/<sid> as sysdba

测试哪些组合可以登录成功,哪些不能登录成功。

总结出如果关闭OS验证;如何关闭密码文件验证;如何关闭本地密码文件验证;如何关闭远程密码文件验证。

2、修改remote_login_passwordfile=shated然后使用alter user sys identified by <pswd>;修改密码,测试能否修改成功。

不允许修改

3、如果sys密码丢失或不对,你如何做?

alter user sys identified by tiger;修改密码

4、sysdba、sysoper区别在哪,普通用户如何使用密码文件已sysdba或sysoper登录。

答案:

1)remote_login_passwordfile=none                    sqlnet.authentication_services=none

关闭密码文件认证,关闭OS认证。

本机:sqlplus / as sysdba

[oracle@localhost dbs]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:06:22 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Enter user-name:

本机:sqlplus sys/tiger as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:14:24 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

Enter user-name:

本机:sqlplus sys/tiger@orcl as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:15:39 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

Enter user-name:

远程:sqlplus sys/tiger@orcl as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:16:11 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

ERROR:

ORA-12154: TNS: 无法解析指定的连接标识符

请输入用户名:

远程:sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:17:35 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

请输入用户名:

2)remote_login_passwordfile=exclusive              sqlnet.authentication_services=none

关闭OS认证,只能使用密码文件认证,自己独占使用。

本机:sqlplus / as sysdba

[oracle@localhost dbs]$ sqlplus  / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:38:23 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Enter user-name:

本机:  sqlplus sys/<pswd> as sysdba

[oracle@localhost dbs]$ sqlplus  sys/tiger as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:39:24 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机:  sqlplus sys/<pswd>@<sid> as sysdba

[oracle@localhost dbs]$ sqlplus  sys/tiger@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:41:00 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

远程:sqlplus sys/<pswd>@<sid> as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:41:52 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

ERROR:

ORA-12154: TNS: 无法解析指定的连接标识符

请输入用户名:

远程: sqlplus sys/<pswd>@ip:port/<sid> as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:44:07 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

连接到:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

3)remote_login_passwordfile=none                    sqlnet.authentication_services=all

关闭密码文件认证,采用OS认证。

本机:sqlplus / as sysdba

[oracle@localhost dbs]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:22:24 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机:sqlplus sys/tiger as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:23:10 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机:sqlplus sys/tiger@orcl as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:24:01 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-12641: Authentication service failed to initialize

Enter user-name:

远程:sqlplus sys/tiger@orcl as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:24:47 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

ERROR:

ORA-12154: TNS: 无法解析指定的连接标识符

请输入用户名:

远程:sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:25:33 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

请输入用户名:

4)remote_login_passwordfile=exclusive            sqlnet.authentication_services=all

linux平台关闭本机密码文件认证,采用OS认证,但是远程(异机)可以密码文件认证,自己独占使用。

本机:sqlplus / as sysdba

[oracle@localhost dbs]$ sql / as sysdba

[uniread] Loaded history (12 lines)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:57:20 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机: sqlplus sys/<pswd> as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:59:16 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机:sqlplus sys/<pswd>@<sid> as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 23:00:44 2015

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-12641: Authentication service failed to initialize

Enter user-name:

远程:sqlplus sys/<pswd>@<sid> as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:01:18 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

ERROR:

ORA-12154: TNS: 无法解析指定的连接标识符

请输入用户名:

远程:sqlplus sys/<pswd>@ip:prot/<sid> as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:02:56 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

连接到:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

Oracle体系结构之oracle密码文件管理的更多相关文章

  1. Oracle体系结构之联机日志文件管理

    日志文件分类:重做日志文件 归档日志文件 警告日志文件 跟踪日志文件 redo_log_file文件作用: 1)维护数据一致性 2)记录了数据库里的更改操作 redo_log_friles以组为单位, ...

  2. Oracle体系结构之Oracle静态监听配置模板

    1.监听程序配置:[oracle@localhost admin]$ vim listener.ora# listener.ora Network Configuration File: /u01/a ...

  3. Oracle体系结构之Oracle分区

    目录 Oracle分区 0 一.Oracle分区理论知识 1 二.分区表的实现方式 1 1.范围分区(range partition table) 1 2.列表分区(list partitioning ...

  4. Oracle体系结构之Oracle基本数据字典:v$database、v$instance、v$version、dba_objects

    v$database: 视图结构: SQL> desc v$database; Name                                      Null?    Type - ...

  5. 黑马oracle_day01:01.oracle体系结构

    01.oracle体系结构 02.oracle的基本操作 03.oracle的查询 04.oracle对象 05.oracle编程 01.oracle体系结构 开发环境:VMware® Worksta ...

  6. Oracle打怪升级之路一【Oracle基础、Oracle查询】

    前言 背景:2021年马上结束了,在年尾由于工作原因接触到一个政府单位比较传统型的项目,数据库用的是Oracle.需要做的事情其实很简单,首先从大约2000多张表中将表结构及数据导入一个共享库中,其次 ...

  7. 黑马oracle_day02:04.oracle对象&&05.oracle编程(a)

    01.oracle体系结构 02.oracle的基本操作 03.oracle的查询 04.oracle对象&&05.oracle编程(a) 05.oracle编程(b) 04.orac ...

  8. oracle密码文件管理

    密码文件 密码文件作用: 密码文件用于dba用户的登录认证. dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户. 本地登录: 1)操作系统认证: [or ...

  9. Oracle管理监控 之 rac环境密码文件管理

    密码文件作用: 密码文件用于dba用户的登录认证. dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户. RAC环境中多个节点的密码文件应该保证一致,否则 ...

随机推荐

  1. Ansible 如何查看模块文档

    [root@localhost ~]$ ansible-doc -l # 列出所有模块 [root@localhost ~]$ ansible-doc cron # 查看指定模块的文档

  2. Kafka版本升级 ( 0.10.0 -> 0.10.2 )

    升级Kafka集群的版本其实很简单,核心步骤只需要4步,但是我们需要在升级的过程中确保每一步操作都不会“打扰”到producer和consumer的正常运转.为此,笔者在本机搭了一个测试环境进行实际的 ...

  3. 手写自己的ThreadLocal(线程局部变量)

    ThreadLocal对象通常用于防止对可变的单实例变量或全局变量进行共享. 精简版: public class MyThreadLocal<T> { private Map<Thr ...

  4. sklearn特征抽取

    特征抽取sklearn.feature_extraction 模块提供了从原始数据如文本,图像等众抽取能够被机器学习算法直接处理的特征向量. 1.特征抽取方法之 Loading Features fr ...

  5. 【Phalapi】新加Namespace (模块)

    官网地址: https://www.phalapi.net/ github 地址: https://github.com/phalapi/phalapi/tree/master-2x 1 compos ...

  6. WEB-DICT词库计划

    欢迎大家支持晓阳童鞋的词库计划,建立一个庞大的中文词库 地址如下:http://webdict.info/ 什么是WEB-DICT词库计划? WEB-DICT词表计划目标是通过机器学习算法以及人工标注 ...

  7. PV&UV&IP之间的区别和联系

    PV PV是网站分析的一个术语,用于衡量网站用户访问的网页的数量.对于广告投入商来说,PV值可以预期它可以带来多少收入广告,一般来说,OV与来访者的数量成正比,但是PV并不直接决定页面的真实来访者数量 ...

  8. Promise最佳实践(转)

    本文作者:IMWeb dekuchen 原文出处:IMWeb社区 未经同意,禁止转载 有关Promise的几个问题 基础概念 一:什么是Promise 国内比较流行的看法: 阮一峰: Promise ...

  9. 泛型实体类List<>绑定到repeater

    后台代码: private void bindnewslist() { long num = 100L; List<Model.news> news = _news.GetList(out ...

  10. SharpGL学习笔记(一) 平台构建与Opengl的hello World

    (一)平台构建与Opengl的hello World OpenGL就是3d绘图的API,微软针和它竞争推出D3D,也就是玩游戏时最常见的DirectorX组件中的3d功能. 所以不要指望windows ...