一:文件路径位置

[oracle@localhost db_1]$ cd $ORACLE_HOME/dbs
[oracle@localhost dbs]$ ls
dbsorapwPROD1 hc_orcl.dat initneworcl.ora initorcl.ora lkNEWORCL lkPROD1 orapwneworcl spfileorcl.ora tem.dbf
hc_neworcl.dat hc_PROD1.dat init.ora initPROD1.ora lkORCL my.dbf orapworcl spfilePROD1.ora
[oracle@localhost dbs]$ pwd
/u01/app/oracle/product/11.2.0/db_1/dbs
[oracle@localhost dbs]$

二、口令文件的命名规则

orapw+sid
如:
orapworcl

三、口令文件存放的是sys

主要是存放管理用户的密码信息的

select *from v$pwfile_users;
SYS@orcl> select * from v$pwfile_users;

USERNAME                       SYSDB SYSOP SYSAS
------------------------------ ----- ----- -----
SYS TRUE TRUE FALSE SYS@orcl>

四:实验操作

注: remote_login_passwordfile 是静态参数。修改了该值之后,数据库需要重启。

1)当remote_login_passwordfile  是 EXCLUSIVE

没有sqlnet.ora文件
sqlplus sys/oracle as sysdba
sqlplus / as sysdba
sqlplus sys/oracle@togogo as sysdba
以上均成功

2)当remote_login_passwordfile是 EXCLUSIVE

    sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=none

    sqlplus sys/oracle as sysdba  成功
sqlplus /
as sysdba 不成功
sqlplus sys/oracle@togogo
as sysdba 成功
[oracle@localhost dbs]$ clear

[oracle@localhost dbs]$ ls
dbsorapwPROD1 hc_orcl.dat initneworcl.ora initorcl.ora lkNEWORCL lkPROD1 orapwneworcl spfileorcl.ora tem.dbf
hc_neworcl.dat hc_PROD1.dat init.ora initPROD1.ora lkORCL my.dbf orapworcl spfilePROD1.ora
[oracle@localhost dbs]$ cd ../network/
[oracle@localhost network]$ ls
admin doc install jlib lib log mesg tools trace
[oracle@localhost network]$ ca admin/
-bash: ca: command not found
[oracle@localhost network]$ ls
admin doc install jlib lib log mesg tools trace
[oracle@localhost network]$ cd admin/
[oracle@localhost admin]$ ls
listener.ora samples shrept.lst sqlnet.ora tnsnames.ora
[oracle@localhost admin]$ cat sqlnet.ora
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/)))
[oracle@localhost admin]$ vi sqlnet.ora ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/)))
SQLNET.AUTHENTICATION_SERVICES=none ~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"sqlnet.ora" 4L, 152C written
[oracle@localhost admin]$ cat sqlnet.ora
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/)))
SQLNET.AUTHENTICATION_SERVICES=none [oracle@localhost admin]$ pwd
/u01/app/oracle/product/11.2.0/db_1/network/admin
[oracle@localhost admin]$
[oracle@localhost admin]$ rlwrap sqlplus / as sysdba;

SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:01:36 2018

Copyright (c) 1982, 2011, Oracle.  All rights reserved.

ERROR:
ORA-01031: insufficient privileges Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus
[oracle@localhost admin]$ rlwrap sqlplus sys/oracle as sysdba; SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:02:40 2018 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options SYS@orcl>

3)当remote_login_passwordfile是 EXCLUSIVE

   sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=all

    sqlplus sys/oracle as sysdba  成功
sqlplus / as sysdba 成功
sqlplus sys/oracle@togogo as sysdba 不成功

4)当remote_login_passwordfile是 none     没有sqlnet.ora文件

   sqlplus sys/oracle as sysdba  成功
sqlplus / as sysdba 成功
sqlplus sys/oracle@togogo as sysdba 不成功

5)当remote_login_passwordfile是 none

   sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=none

   sqlplus sys/oracle as sysdba  不成功
sqlplus / as sysdba 不成功
sqlplus sys/oracle@togogo as sysdba 不成功

6)当remote_login_passwordfile是 none

   sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=all

    sqlplus sys/oracle as sysdba  成功
sqlplus / as sysdba 成功
sqlplus sys/oracle@togogo as sysdba 不成功

五、创建口令文件

 orapwd file=口令文件名称 password=用户密码

Creating a Password File with ORAPWD

The syntax of the ORAPWD command is as follows:

ORAPWD FILE=filename [ENTRIES=numusers] [FORCE={Y|N}] [IGNORECASE={Y|N}]

Command arguments are summarized in the following
table.

Argument Description
FILE Name to assign to the
password file. You must supply a complete path. If you supply only a file name,
the file is written to the current directory.
ENTRIES (Optional) Maximum
number of entries (user accounts) to permit in the file.
FORCE (Optional)
If y, permits
overwriting an existing password file.
IGNORECASE (Optional)
If y,
passwords are treated as
case-insensitive.

There are no spaces permitted around the equal-to (=)
character.

The command prompts for the SYS password and stores the password in the created
password file.

Example

The following command creates a password file
named orapworcl that
allows up to 30 privileged users with different passwords.

orapwd FILE=orapworcl ENTRIES=30

Sharing and Disabling the Password File

You use the
initialization parameter REMOTE_LOGIN_PASSWORDFILE to
control whether a password file is shared among multiple Oracle Database
instances. You can also use this parameter to disable password file
authentication. The values recognized for REMOTE_LOGIN_PASSWORDFILE are:

  • NONE:
    Setting this parameter to NONE causes Oracle Database to behave as if the password
    file does not exist. That is, no privileged connections are allowed over
    nonsecure connections.

  • EXCLUSIVE:
    (The default) An EXCLUSIVE password file can be used with only one instance of one
    database. Only an EXCLUSIVE file
    can be modified. Using an EXCLUSIVE password file enables you to add, modify, and delete
    users. It also enables you to change the SYS password with the ALTER USER command.

  • SHARED:
    SHARED password file can be used by multiple databases running
    on the same server, or multiple instances of an Oracle Real Application Clusters
    (Oracle RAC) database. A SHARED password file cannot be modified. Therefore, you cannot
    add users to a SHARED password file. Any attempt to do so or to change the
    password of SYS or
    other users with the SYSDBA or SYSOPER privileges generates an error. All users
    needing SYSDBA or SYSOPERsystem privileges must be added to the password file
    when REMOTE_LOGIN_PASSWORDFILE is
    set to EXCLUSIVE.
    After all users are added, you can changeREMOTE_LOGIN_PASSWORDFILE to SHARED, and
    then share the file.

    This option is useful if you are administering multiple
    databases or an Oracle RAC database.

If REMOTE_LOGIN_PASSWORDFILE is
set to EXCLUSIVE or SHARED and
the password file is missing, this is equivalent to setting REMOTE_LOGIN_PASSWORDFILE to NONE.

Note:

You cannot change the password for SYS if REMOTE_LOGIN_PASSWORDFILE is
set to SHARED. An
error message is issued if you attempt to do so.

Keeping
Administrator Passwords Synchronized with the Data Dictionary

If you change the REMOTE_LOGIN_PASSWORDFILE initialization parameter from NONE to EXCLUSIVE or SHARED, or
if you re-create the password file with a different SYSpassword, then you must ensure that the passwords in
the data dictionary and password file for the SYS user
are the same.

To synchronize the SYS passwords, use the ALTER USER statement to change the SYS password. The ALTER USER statement updates and synchronizes both the dictionary
and password file passwords.

To synchronize the passwords for non-SYS users who log in using the SYSDBA or SYSOPER privilege, you must revoke and then regrant the
privilege to the user, as follows:

  1. Find
    all users who have been granted the SYSDBA privilege.

    SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSDBA='TRUE';
    
  2. Revoke
    and then re-grant the SYSDBA privilege to these users.

    REVOKE SYSDBA FROM non-SYS-user;
    GRANT SYSDBA TO non-SYS-user;
  3. Find
    all users who have been granted the SYSOPER privilege.

    SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSOPER='TRUE';
    
  4. Revoke
    and regrant the SYSOPER privilege to these users.

    REVOKE SYSOPER FROM non-SYS-user;
    GRANT SYSOPER TO non-SYS-user;

Adding Users to a Password File

When you grant SYSDBA or SYSOPER privileges to a user, that user's name and privilege
information are added to the password file. If the server does not have
an EXCLUSIVE password file (that is, if the initialization
parameter REMOTE_LOGIN_PASSWORDFILE is NONE or SHARED, or
the password file is missing), Oracle Database issues an error if you attempt to
grant these privileges.

A user's name remains in the password file only as long
as that user has at least one of these two privileges. If you revoke both of
these privileges, Oracle Database removes the user from the password
file.

Creating a
Password File and Adding New Users to It

Use the following procedure to create a password and
add new users to it:

  1. Follow the instructions for creating a password file as
    explained in "Creating a Password File with ORAPWD".

  2. Set the REMOTE_LOGIN_PASSWORDFILE initialization parameter to EXCLUSIVE.
    (This is the default.)

    Note:

    REMOTE_LOGIN_PASSWORDFILE is a
    static initialization parameter and therefore cannot be changed without
    restarting the database.

  3. Connect with SYSDBA privileges as shown in the following example, and enter
    the SYS password when prompted:

    CONNECT SYS AS SYSDBA
    
  4. Start up the instance and create the database if
    necessary, or mount and open an existing database.

  5. Create users as necessary. Grant SYSDBA or SYSOPER privileges to yourself and other users as appropriate.
    See "Granting and Revoking SYSDBA and SYSOPER Privileges",
    later in this section.

——————————————————————————————————————————————————————————————————

Oracle 口令文件:即 oracle密码文件的更多相关文章

  1. Oracle登录操作系统验证和密码文件验证

    1.确认数据库版本 2.查看当前配置文件 ORALCE数据库不同的登录验证方式是和SQLNET.ORA配置文件有关系的,在配置文件中有一个参数sqlnet.authentication_service ...

  2. oracle 密码文件文件

    密码文件作用: 密码文件用于dba用户的登录认证. dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户. 本地登录: 1)操作系统认证: [oracle@ ...

  3. Oracle 密码文件

    一.密码文件 作用:主要进行DBA权限的身份认证 DBA用户:具有sysdba,sysoper权限的用户被称为dba用户.默认情况下sysdba角色中存在sys用户,sysoper角色中存在syste ...

  4. 创建oracle 密码文件

    orapwd file='$ORACLE_HOME/dbs/oratest' password=oracle entries=5 force=y; 说明:●FILE参数指定口令文件存放的全路径及文件名 ...

  5. 【Oracle】密码文件相关

    Oracle数据库的orapwd命令,主要用来建立密码(口令)文件. 一.查看帮助信息 [oracle@oracle11g dbs]$ orapwd Usage: orapwd file=<fn ...

  6. oracle ORA-01991错误--重建密码文件问题

    问题现象描述: 统计服务器测试没问题,刚好上次配置系统的时候有点问题,故重装一次,配置好安全策略(最近在研究如何新配置一台服务器的时候,第一时间配置好相关的安全设置,有空再写下来). 为了省事,直接冷 ...

  7. oracle口令文件在windows和linux系统下的命名和位置

      分类: Oracle 1.windows系统下 oracle口令文件在:$ORACLE_HOME/database目录下: 命名规则为:PWD$SID.ora   2.linux系统下 oracl ...

  8. Oracle 无备份情况下的恢复--密码文件/参数文件

    13.1 恢复密码文件 密码文件(linux 为例)在$ORACLE_HOME/dbs目录下,文件名的前缀是orapw,后接数据库实例名. [oracle@DSI backup]$ cd /u01/a ...

  9. Oracle 12C 密码文件问题 ORA-01017: invalid username/password; logon denied

    新安装的Oracle 12.1.0.2.0,NBU在测试备份的时候报ORA-01017 --alter user sys identified by "Wwjd!23";sqlpl ...

随机推荐

  1. 【Ubuntu】安装Java和Eclipse

    1. 安装Java 1> sudo add-apt-repository ppa:webupd8team/java 2> sudo apt-get update 3> sudo ap ...

  2. CSS 快速学习

    [快速学习让我不再思考太多,更多专注在一个 box 当中,上下文朝着正交方向前进~] [Think small,]https://learnxinyminutes.com/docs/zh-cn/css ...

  3. PHP入门知识

    一.搭建开发环境 想要使用一门后端语言,当然是要先搭建开发环境,模拟出服务器环境,不然怎么体现出后端,所以就先大众使用使用的Apache.Mysql,如果不想那么多折腾,建议直接使用xampp或者wa ...

  4. Hadoop之HDFS思维导图

  5. mysql库文件操作:

    增 :  create database db1 charset utf8; 查询:  当前创建的库  show create database db1; 所有:  show databases; 改 ...

  6. mysql 原理 ~ 死锁问题

    一 锁1 锁的定义   1 按照宏观角度     共享锁[S锁]     又称读锁,若事务T对数据对象A加上S锁,则事务T可以读A但不能修改A,其他事务只能再对A加S锁,而不能加X锁,直到T释放A上的 ...

  7. 20165234 《Java程序设计》第九周学习总结

    第九周学习总结 教材内容学习 第十三章 Java 网络编程 URL 类 URL 类是 java.net 包中的一个重要的类,使用URL创建对象的应用程序称为客户端程序. 一个 URL 对象通常包含最基 ...

  8. 动态规划 - 213. House Robber II

    URL: https://leetcode.com/problems/house-robber-ii/ You are a professional robber planning to rob ho ...

  9. shell 在手分析服务器日志【转】

    自己的小网站跑在阿里云的 ECS 上面, 偶尔也去分析分析自己网站服务器日志,看看网站的访问量.看看有没有黑阔搞破坏!于是收集,整理一些服务器日志分析命令,大家可以试试! awk '{print $1 ...

  10. MySQL数据库的锁详解【转】

    当然在我们的数据库中也有锁用来控制资源的并发访问,这也是数据库和文件系统的区别之一. 为什么要懂数据库锁? 通常来说对于一般的开发人员,在使用数据库的时候一般懂点 DQL(select),DML(in ...