一:文件路径位置

[oracle@localhost db_1]$ cd $ORACLE_HOME/dbs

[oracle@localhost dbs]$ ls

dbsorapwPROD1   hc_orcl.dat   initneworcl.ora  initorcl.ora   lkNEWORCL  lkPROD1  orapwneworcl  spfileorcl.ora   tem.dbf

hc_neworcl.dat  hc_PROD1.dat  init.ora         initPROD1.ora  lkORCL     my.dbf   orapworcl     spfilePROD1.ora

[oracle@localhost dbs]$ pwd

/u01/app/oracle/product/11.2.0/db_1/dbs

[oracle@localhost dbs]$

二、口令文件的命名规则

orapw+sid

如:

orapworcl

三、口令文件存放的是sys

主要是存放管理用户的密码信息的

select *from v$pwfile_users;
SYS@orcl> select * from v$pwfile_users;

USERNAME                       SYSDB SYSOP SYSAS

------------------------------ ----- ----- -----

SYS                            TRUE  TRUE  FALSE

SYS@orcl>

四:实验操作

注: remote_login_passwordfile 是静态参数。修改了该值之后,数据库需要重启。

1)当remote_login_passwordfile  是 EXCLUSIVE

没有sqlnet.ora文件

   sqlplus sys/oracle as sysdba

    sqlplus / as sysdba

    sqlplus sys/oracle@togogo as sysdba

    以上均成功

2)当remote_login_passwordfile是 EXCLUSIVE

    sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=none

    sqlplus sys/oracle as sysdba  成功

   sqlplus / as sysdba           不成功

   sqlplus sys/oracle@togogo as sysdba   成功
[oracle@localhost dbs]$ clear

[oracle@localhost dbs]$ ls

dbsorapwPROD1   hc_orcl.dat   initneworcl.ora  initorcl.ora   lkNEWORCL  lkPROD1  orapwneworcl  spfileorcl.ora   tem.dbf

hc_neworcl.dat  hc_PROD1.dat  init.ora         initPROD1.ora  lkORCL     my.dbf   orapworcl     spfilePROD1.ora

[oracle@localhost dbs]$ cd ../network/

[oracle@localhost network]$ ls

admin  doc  install  jlib  lib  log  mesg  tools  trace

[oracle@localhost network]$ ca admin/

-bash: ca: command not found

[oracle@localhost network]$ ls

admin  doc  install  jlib  lib  log  mesg  tools  trace

[oracle@localhost network]$ cd admin/

[oracle@localhost admin]$ ls

listener.ora  samples  shrept.lst  sqlnet.ora  tnsnames.ora

[oracle@localhost admin]$ cat sqlnet.ora

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/)))

[oracle@localhost admin]$ vi sqlnet.ora

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/)))

SQLNET.AUTHENTICATION_SERVICES=none

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

~

"sqlnet.ora" 4L, 152C written

[oracle@localhost admin]$ cat sqlnet.ora

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/)))

SQLNET.AUTHENTICATION_SERVICES=none

[oracle@localhost admin]$ pwd

/u01/app/oracle/product/11.2.0/db_1/network/admin

[oracle@localhost admin]$
[oracle@localhost admin]$ rlwrap sqlplus / as sysdba;

SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:01:36 2018

Copyright (c) 1982, 2011, Oracle.  All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Enter user-name:

ERROR:

ORA-01017: invalid username/password; logon denied

Enter user-name:

ERROR:

ORA-01017: invalid username/password; logon denied

SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus

[oracle@localhost admin]$ rlwrap sqlplus sys/oracle as sysdba;

SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:02:40 2018

Copyright (c) 1982, 2011, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SYS@orcl>

3)当remote_login_passwordfile是 EXCLUSIVE

   sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=all

    sqlplus sys/oracle as sysdba  成功

   sqlplus / as sysdba           成功

   sqlplus sys/oracle@togogo as sysdba   不成功

4)当remote_login_passwordfile是 none     没有sqlnet.ora文件

   sqlplus sys/oracle as sysdba  成功

   sqlplus / as sysdba           成功

   sqlplus sys/oracle@togogo as sysdba   不成功

5)当remote_login_passwordfile是 none

   sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=none

   sqlplus sys/oracle as sysdba  不成功

   sqlplus / as sysdba           不成功

   sqlplus sys/oracle@togogo as sysdba   不成功

6)当remote_login_passwordfile是 none

   sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=all

    sqlplus sys/oracle as sysdba  成功

   sqlplus / as sysdba           成功

   sqlplus sys/oracle@togogo as sysdba   不成功

五、创建口令文件

 orapwd file=口令文件名称 password=用户密码

Creating a Password File with ORAPWD

The syntax of the ORAPWD command is as follows:

ORAPWD FILE=filename [ENTRIES=numusers] [FORCE={Y|N}] [IGNORECASE={Y|N}]

Command arguments are summarized in the following
table.

Argument Description
FILE Name to assign to the
password file. You must supply a complete path. If you supply only a file name,
the file is written to the current directory.
ENTRIES (Optional) Maximum
number of entries (user accounts) to permit in the file.
FORCE (Optional)
If y, permits
overwriting an existing password file.
IGNORECASE (Optional)
If y,
passwords are treated as
case-insensitive.

There are no spaces permitted around the equal-to (=)
character.

The command prompts for the SYS password and stores the password in the created
password file.

Example

The following command creates a password file
named orapworcl that
allows up to 30 privileged users with different passwords.

orapwd FILE=orapworcl ENTRIES=30

Sharing and Disabling the Password File

You use the
initialization parameter REMOTE_LOGIN_PASSWORDFILE to
control whether a password file is shared among multiple Oracle Database
instances. You can also use this parameter to disable password file
authentication. The values recognized for REMOTE_LOGIN_PASSWORDFILE are:

  • NONE:
    Setting this parameter to NONE causes Oracle Database to behave as if the password
    file does not exist. That is, no privileged connections are allowed over
    nonsecure connections.

  • EXCLUSIVE:
    (The default) An EXCLUSIVE password file can be used with only one instance of one
    database. Only an EXCLUSIVE file
    can be modified. Using an EXCLUSIVE password file enables you to add, modify, and delete
    users. It also enables you to change the SYS password with the ALTER USER command.

  • SHARED:
    SHARED password file can be used by multiple databases running
    on the same server, or multiple instances of an Oracle Real Application Clusters
    (Oracle RAC) database. A SHARED password file cannot be modified. Therefore, you cannot
    add users to a SHARED password file. Any attempt to do so or to change the
    password of SYS or
    other users with the SYSDBA or SYSOPER privileges generates an error. All users
    needing SYSDBA or SYSOPERsystem privileges must be added to the password file
    when REMOTE_LOGIN_PASSWORDFILE is
    set to EXCLUSIVE.
    After all users are added, you can changeREMOTE_LOGIN_PASSWORDFILE to SHARED, and
    then share the file.

    This option is useful if you are administering multiple
    databases or an Oracle RAC database.

If REMOTE_LOGIN_PASSWORDFILE is
set to EXCLUSIVE or SHARED and
the password file is missing, this is equivalent to setting REMOTE_LOGIN_PASSWORDFILE to NONE.

Note:

You cannot change the password for SYS if REMOTE_LOGIN_PASSWORDFILE is
set to SHARED. An
error message is issued if you attempt to do so.

Keeping
Administrator Passwords Synchronized with the Data Dictionary

If you change the REMOTE_LOGIN_PASSWORDFILE initialization parameter from NONE to EXCLUSIVE or SHARED, or
if you re-create the password file with a different SYSpassword, then you must ensure that the passwords in
the data dictionary and password file for the SYS user
are the same.

To synchronize the SYS passwords, use the ALTER USER statement to change the SYS password. The ALTER USER statement updates and synchronizes both the dictionary
and password file passwords.

To synchronize the passwords for non-SYS users who log in using the SYSDBA or SYSOPER privilege, you must revoke and then regrant the
privilege to the user, as follows:

  1. Find
    all users who have been granted the SYSDBA privilege.

    SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSDBA='TRUE';

  2. Revoke
    and then re-grant the SYSDBA privilege to these users.

    REVOKE SYSDBA FROM non-SYS-user;
    
GRANT SYSDBA TO non-SYS-user;

  3. Find
    all users who have been granted the SYSOPER privilege.

    SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSOPER='TRUE';

  4. Revoke
    and regrant the SYSOPER privilege to these users.

    REVOKE SYSOPER FROM non-SYS-user;
    
GRANT SYSOPER TO non-SYS-user;

Adding Users to a Password File

When you grant SYSDBA or SYSOPER privileges to a user, that user's name and privilege
information are added to the password file. If the server does not have
an EXCLUSIVE password file (that is, if the initialization
parameter REMOTE_LOGIN_PASSWORDFILE is NONE or SHARED, or
the password file is missing), Oracle Database issues an error if you attempt to
grant these privileges.

A user's name remains in the password file only as long
as that user has at least one of these two privileges. If you revoke both of
these privileges, Oracle Database removes the user from the password
file.

Creating a
Password File and Adding New Users to It

Use the following procedure to create a password and
add new users to it:

  1. Follow the instructions for creating a password file as
    explained in "Creating a Password File with ORAPWD".

  2. Set the REMOTE_LOGIN_PASSWORDFILE initialization parameter to EXCLUSIVE.
    (This is the default.)

    Note:

    REMOTE_LOGIN_PASSWORDFILE is a
    static initialization parameter and therefore cannot be changed without
    restarting the database.

  3. Connect with SYSDBA privileges as shown in the following example, and enter
    the SYS password when prompted:

    CONNECT SYS AS SYSDBA

  4. Start up the instance and create the database if
    necessary, or mount and open an existing database.

  5. Create users as necessary. Grant SYSDBA or SYSOPER privileges to yourself and other users as appropriate.
    See "Granting and Revoking SYSDBA and SYSOPER Privileges",
    later in this section.

——————————————————————————————————————————————————————————————————

Oracle 口令文件:即 oracle密码文件的更多相关文章

  1. Oracle登录操作系统验证和密码文件验证

    1.确认数据库版本 2.查看当前配置文件 ORALCE数据库不同的登录验证方式是和SQLNET.ORA配置文件有关系的,在配置文件中有一个参数sqlnet.authentication_service ...

  2. oracle 密码文件文件

    密码文件作用: 密码文件用于dba用户的登录认证. dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户. 本地登录: 1)操作系统认证: [oracle@ ...

  3. Oracle 密码文件

    一.密码文件 作用:主要进行DBA权限的身份认证 DBA用户:具有sysdba,sysoper权限的用户被称为dba用户.默认情况下sysdba角色中存在sys用户,sysoper角色中存在syste ...

  4. 创建oracle 密码文件

    orapwd file='$ORACLE_HOME/dbs/oratest' password=oracle entries=5 force=y; 说明:●FILE参数指定口令文件存放的全路径及文件名 ...

  5. 【Oracle】密码文件相关

    Oracle数据库的orapwd命令,主要用来建立密码(口令)文件. 一.查看帮助信息 [oracle@oracle11g dbs]$ orapwd Usage: orapwd file=<fn ...

  6. oracle ORA-01991错误--重建密码文件问题

    问题现象描述: 统计服务器测试没问题,刚好上次配置系统的时候有点问题,故重装一次,配置好安全策略(最近在研究如何新配置一台服务器的时候,第一时间配置好相关的安全设置,有空再写下来). 为了省事,直接冷 ...

  7. oracle口令文件在windows和linux系统下的命名和位置

      分类: Oracle 1.windows系统下 oracle口令文件在:$ORACLE_HOME/database目录下: 命名规则为:PWD$SID.ora   2.linux系统下 oracl ...

  8. Oracle 无备份情况下的恢复--密码文件/参数文件

    13.1 恢复密码文件 密码文件(linux 为例)在$ORACLE_HOME/dbs目录下,文件名的前缀是orapw,后接数据库实例名. [oracle@DSI backup]$ cd /u01/a ...

  9. Oracle 12C 密码文件问题 ORA-01017: invalid username/password; logon denied

    新安装的Oracle 12.1.0.2.0,NBU在测试备份的时候报ORA-01017 --alter user sys identified by "Wwjd!23";sqlpl ...

随机推荐

  1. [C++]Linux之进程间通信小结【待完善】

    [此博文,待日后完善] 进程通信方式: 1.管道通信(匿名管道/命名管道) 2.消息队列 3.共享内存 4.信号量 1.管道通信 无名管道用于具有亲缘关系进程间的通信管道是半双工的,数据只能单向流动( ...

  2. CF809C Find a car

    传送门 luogu 其实这题的某个位置\((i,j)\)的数是\((i-1)\mathrm{xor}(j-1)+1\) 首先一个矩形的答案可以拆成\((x2,y2)-(x1-1,y2)-(x2,y1- ...

  3. luogu P3980 [NOI2008]志愿者招募

    传送门 网络流又一神仙套路应用 首先考虑列不等式,设\(x_i\)为第i种人的个数,记\(b_{i,j}\)为第i种人第j天是否能工作,那么可以列出n个不等式,第j个为\(\sum_{i=1}^{m} ...

  4. 【css】正确的让文本换行

    通常文本换行我们会使用word-break属性,有两个值供我们选择 word-break: break-all; word-break: break-world; 那么如何区分这两个值呢,我们看图说话 ...

  5. Codeforces #662C Binary Table

    听说这是一道$ Tourist$现场没出的题 Codeforces #662C 题意: 给定$n*m的 01$矩阵,可以任意反转一行/列($0$变$1$,$1$变$0$),求最少$ 1$的数量 $ n ...

  6. Django REST Framework API Guide 03

    本节大纲 1.Routers 2.Parsers 3.Renderers Routers Usage from rest_framework import routers router = route ...

  7. P1903 [国家集训队]数颜色 / 维护队列(莫队区间询问+单点修改)

    题目链接:https://www.luogu.org/problemnew/show/P1903 题目大意:中文题目 具体思路:莫队单点修改+区间询问模板题,在原来的区间询问的基础上,我们要记录当前这 ...

  8. 一个spring3.2的项目 从jdk1.7放到1.8的环境中编译,打开网页异常:spring jar包版本升级经历

    背景:一个历史项目用的是 spring3.2 的版本,在jdk1.7中运行没有问题,但是如果在jdk1.8中运行就会报错 ---浏览器中显示: HTTP Status 500 - Servlet.in ...

  9. linux 启动管理

  10. python - 文件系统和文件

    文件系统和文件        文件系统是os用于明确磁盘或分区上的文件的方法和数据结构--即在磁盘上组织文件的方法        计算机文件,是存储在某种长期储存设备或临时存储设备中的一段数据流,并且 ...