密码文件作用:
密码文件用于dba用户的登录认证。
dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户。
本地登录:
1)操作系统认证:
oracle@localhost \~\]$ sqlplus "/as sysdba"
\[oracle@localhost \~\]$ sqlplus / as sysdba
\[oracle@localhost \~\]$ sqlplus sys/tiger as sysdba--\>首先OS认证,OS认证失败再密码文件认证
2)密码文件认证:
\[oracle@localhost \~\]$ sqlplus sys/tiger@rezin as sysdba
远程密码文件登录:
\[oracle@localhost \~\]$ sqlplus sys/[email protected]:1521/orcl as sysdba
****密码文件位置:****
linux/unix:\[oracle@localhost \~\]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID
/u01/oracle/10g/dbs/orapworcl
/u01/oracle/10g/dbs/orapwrezin
windows:$ORACLE_HOME/database/orapw$ORACLE_SID
****密码文件查找顺序:****
1)opapw\
2)orapw
以上两个都查找不到,验证失败。
****密码文件认证还是OS认证:****
1)参数文件:remote_login_passwordfile=none\|exclusive\|shared
none:不使用密码文件认证
exclusive:使用密码文件认证,自己独占使用(默认)
shared:使用密码文件认证,不同实例dba用户可以共享密码文件(asm下必须使用)
2)$ORACLE_HOME/network/admin/sqlnet.ora文件下:
SQLNET.AUTHENTICATION_SERVICES =none\|all\|nts(linux下默认没有设置)
none:关闭OS认证,只能密码文件认证
all:linux平台关闭本机密码文件认证,采用操作系统认证,但是远程(异机)可以密码文件认证
nts:windows下使用(桶linux下all)
****练习:****
1)配置:remote_login_passwordfile=exclusive
SQLNET.AUTHENTICATION_SERVICES =none
结果:可以密码文件认证(本地/远超),不可以操作系统认证
\[oracle@localhost \~\]$ sqlplus sys/tiger as sysdba****(本地密码文件登录)****
\[oracle@localhost \~\]$ sqlplus sys/tiger@rezin as sysdba****(本地密码文件登录)****
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:39 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
???:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\> exit
? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options ??
\[oracle@localhost \~\]$ sqlplus / as sysdba****(OS认证)****
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:51 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
或
\[oracle@localhost \~\]$ sqlplus "/as sysdba"****(OS认证)****
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:01:04 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
2)配置:remote_login_passwordfile=exclusive
SQLNET.AUTHENTICATION_SERVICES =all
结果:本机密码文件认证不可用,但是远程密码文件认证可用,本机OS认证可用
\[oracle@localhost \~\]$ sqlplus "/as sysdba"****(本机OS认证登录成功)****
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:45:35 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
\[oracle@localhost \~\]$ sqlplus sys/tiger@orcl as sysdba****(本机密码文件认证失败)****
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:46:52 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
C: \>sqlplus sys/[email protected]:1521/orcl as sysdba****(远程密码文件登录成功)****
SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 11:58:38 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>
\[oracle@localhost \~\]$ sqlplus scott/tiger****(普通用户本地OS登录成功)****
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:01:57 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>
\[oracle@localhost \~\]$ sqlplus scott/tiger@orcl****(登录失败)****
\[oracle@localhost \~\]$ sqlplus scott/t ****(登录失败)****
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:02:52 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
****密码文件管理:****
****密码文件建立:****orapwd命令用法(不建议使用)
\[oracle@localhost \~\]$ orapwd
Usage: orapwd file=\ password=\ entries=\ force=\
where
file - name of password file (mand), --\>创建密码文件名字:orapw\
password - password for SYS (mand), --\>sys用户密码
entries - maximum number of distinct DBA and --\>可以有多少个sysdba和sysoper用户可以放到密码文件里边去(采用二进制方式,即输入1表示最少存放4个,去除重复的)
force - whether to overwrite existing file (opt), --\>oracle 10g后新加的参数,用法:force=n或force=y,表示密码文件存在是否覆盖,10g之前只能删除原有的密码文件,再创建。
OPERs (opt),
There are no spaces around the equal-to (=) character.
****例如:**** ****\[oracle@localhost \~\]$**** ****orapwd file=orapworcl password=rezin entries=1 force=y****
****密码文件修改:例如 修改sys用户密码或授予sysdba、sysoper权限****
orapwd重建密码文件:不建议使用,可能会让其他sys用户不能登录
alter user sys identified by \
grant sysdba\|sysoper to \;
revoke sysdba\|sysoper from \
查看密码文件内容:strings指令查看二进制文件内容。
\[oracle@localhost dbs\]$ strings orapworcl
\]\\\[Z
ORACLE Remote Password file
INTERNAL
9D9FF9FDAFB17385
E6BAA2164C375C09
****sysdba和sysoper具体区别:**** ****查看官方文档****
通过system_privilege_map视图查看系统权限:
SQL\> select \* from system_privilege_map
2 where name like '%SYS%';
PRIVILEGE NAME PROPERTY
---------- ---------------------------------------- ----------------------------------------------------------
-3 ALTER SYSTEM 0
-4 AUDIT SYSTEM 0
-83 SYSDBA 0
-84 SYSOPER 0
查看用户系统权限通过密码文件视图v$pwfile_user查看:
SQL\> select \* from v$pwfile_users;
USERNAME SYSDB SYSOP
------------------------------ ----- -----
SYS TRUE TRUE
通过以上查询可以知道,sys用户登录方式既可以通过as sysdba登录schema显示'SYS',也可以通过as sysoper登录schema显示'PUBLIC'。
****LAST验证:需要配合参数文件知识练习****
1、按照组合:
1)remote_login_passwordfile=none sqlnet.authentication_services=none
2)remote_login_passwordfile=exclusive sqlnet.authentication_services=none
3)remote_login_passwordfile=none sqlnet.authentication_services=all
如果是win,请你把all改为nts
4)remote_login_passwordfile=exclusive sqlnet.authentication_services=all
分别测试:
本机:sqlplus / as sysdba
sqlplus sys/\ as sysdba
sqlplus sys/\@\ as sysdba
远程:sqlplus sys/\@\ as sysdba
sqlplus sys/\@ip:port/\ as sysdba
测试哪些组合可以登录成功,哪些不能登录成功。
总结出如果关闭OS验证;如何关闭密码文件验证;如何关闭本地密码文件验证;如何关闭远程密码文件验证。
2、修改remote_login_passwordfile=shated然后使用alter user sys identified by \;修改密码,测试能否修改成功。
不允许修改
3、如果sys密码丢失或不对,你如何做?
alter user sys identified by tiger;修改密码
4、sysdba、sysoper区别在哪,普通用户如何使用密码文件已sysdba或sysoper登录。
****答案:****
****1)remote_login_passwordfile=none**** ****sqlnet.authentication_services=none****
****关闭密码文件认证,关闭OS认证。****
本机:sqlplus / as sysdba
\[oracle@localhost dbs\]$ sqlplus / as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:06:22 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
本机:sqlplus sys/tiger as sysdba
\[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:14:24 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
本机:sqlplus sys/tiger@orcl as sysdba
\[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:15:39 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
远程:sqlplus sys/tiger@orcl as sysdba
C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba
SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:16:11 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS: 无法解析指定的连接标识符
请输入用户名:
远程:sqlplus sys/[email protected]:1521/orcl as sysdba
C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba
SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:17:35 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
请输入用户名:
****2)remote_login_passwordfile=exclusive**** ****sqlnet.authentication_services=none****
****关闭OS认证,只能使用密码文件认证,自己独占使用。****
本机:sqlplus / as sysdba
\[oracle@localhost dbs\]$ sqlplus / as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:38:23 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
本机: sqlplus sys/\ as sysdba
\[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:39:24 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>
本机: sqlplus sys/\@\ as sysdba
\[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:41:00 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>
远程:sqlplus sys/\@\ as sysdba
C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba
SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:41:52 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS: 无法解析指定的连接标识符
请输入用户名:
远程: sqlplus sys/\@ip:port/\ as sysdba
C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba
SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:44:07 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>
****3)remote_login_passwordfile=none**** ****sqlnet.authentication_services=all****
****关闭密码文件认证,采用OS认证。****
本机:sqlplus / as sysdba
\[oracle@localhost dbs\]$ sqlplus / as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:22:24 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>
本机:sqlplus sys/tiger as sysdba
\[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:23:10 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>
本机:sqlplus sys/tiger@orcl as sysdba
\[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:24:01 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
远程:sqlplus sys/tiger@orcl as sysdba
C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba
SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:24:47 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS: 无法解析指定的连接标识符
请输入用户名:
远程:sqlplus sys/[email protected]:1521/orcl as sysdba
C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba
SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:25:33 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
请输入用户名:
****4)remote_login_passwordfile=exclusive**** ****sqlnet.authentication_services=all****
****linux平台关闭本机密码文件认证,采用OS认证,但是远程(异机)可以密码文件认证,自己独占使用。****
本机:sqlplus / as sysdba
\[oracle@localhost dbs\]$ sql / as sysdba
\[uniread\] Loaded history (12 lines)
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:57:20 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>
本机: sqlplus sys/\ as sysdba
\[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:59:16 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>
本机:sqlplus sys/\@\ as sysdba
\[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba
SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 23:00:44 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
远程:sqlplus sys/\@\ as sysdba
C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba
SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:01:18 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS: 无法解析指定的连接标识符
请输入用户名:
远程:sqlplus sys/\@ip:prot/\ as sysdba
C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba
SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:02:56 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL\>