Oracle密码文件

密码文件作用:

密码文件用于dba用户的登录认证。

dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户。

本地登录:

1)操作系统认证:

[oracle@localhost ~]$ sqlplus "/as sysdba"

[oracle@localhost ~]$ sqlplus / as sysdba

[oracle@localhost ~]$ sqlplus sys/tiger as sysdba-->首先OS认证,OS认证失败再密码文件认证

2)密码文件认证:

[oracle@localhost ~]$ sqlplus sys/tiger@rezin as sysdba

远程密码文件登录:

[oracle@localhost ~]$ sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

密码文件位置:

linux/unix:[oracle@localhost ~]$ ls ORACLE_HOME/dbs/orapwORACLE_SID

/u01/oracle/10g/dbs/orapworcl

/u01/oracle/10g/dbs/orapwrezin

windows:ORACLE_HOME/database/orapwORACLE_SID

密码文件查找顺序:

1)opapw<sid>

2)orapw

以上两个都查找不到,验证失败。

密码文件认证还是OS认证:

1)参数文件:remote_login_passwordfile=none|exclusive|shared

none:不使用密码文件认证

exclusive:使用密码文件认证,自己独占使用(默认)

shared:使用密码文件认证,不同实例dba用户可以共享密码文件(asm下必须使用)

2)$ORACLE_HOME/network/admin/sqlnet.ora文件下:

SQLNET.AUTHENTICATION_SERVICES =none|all|nts(linux下默认没有设置)

none:关闭OS认证,只能密码文件认证

all:linux平台关闭本机密码文件认证,采用操作系统认证,但是远程(异机)可以密码文件认证

nts:windows下使用(桶linux下all)

练习:

1)配置:remote_login_passwordfile=exclusive

SQLNET.AUTHENTICATION_SERVICES =none

结果:可以密码文件认证(本地/远超),不可以操作系统认证

[oracle@localhost ~]$ sqlplus sys/tiger as sysdba****(本地密码文件登录)****

[oracle@localhost ~]$ sqlplus sys/tiger@rezin as sysdba****(本地密码文件登录)****

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:39 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

???:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL> exit

? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options ??

[oracle@localhost ~]$ sqlplus / as sysdba****(OS认证)****

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:51 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Enter user-name:

[oracle@localhost ~]$ sqlplus "/as sysdba"(OS认证)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:01:04 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Enter user-name:

2)配置:remote_login_passwordfile=exclusive

SQLNET.AUTHENTICATION_SERVICES =all

结果:本机密码文件认证不可用,但是远程密码文件认证可用,本机OS认证可用

[oracle@localhost ~]$ sqlplus "/as sysdba"(本机OS认证登录成功)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:45:35 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

[oracle@localhost ~]$ sqlplus sys/tiger@orcl as sysdba****(本机密码文件认证失败)****

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:46:52 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-12641: Authentication service failed to initialize

Enter user-name:

C: >sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba****(远程密码文件登录成功)****

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 11:58:38 2015

Copyright (c) 1982, 2010, Oracle. All rights reserved.

连接到:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

[oracle@localhost ~]$ sqlplus scott/tiger****(普通用户本地OS登录成功)****

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:01:57 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

[oracle@localhost ~]$ sqlplus scott/tiger@orcl****(登录失败)****

[oracle@localhost ~]$ sqlplus scott/t (登录失败)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:02:52 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-12641: Authentication service failed to initialize

Enter user-name:

密码文件管理:

****密码文件建立:****orapwd命令用法(不建议使用)

[oracle@localhost ~]$ orapwd

Usage: orapwd file=<fname> password=<password> entries=<users> force=<y/n>

where

file - name of password file (mand), -->创建密码文件名字:orapw<sid>

password - password for SYS (mand), -->sys用户密码

entries - maximum number of distinct DBA and -->可以有多少个sysdba和sysoper用户可以放到密码文件里边去(采用二进制方式,即输入1表示最少存放4个,去除重复的)

force - whether to overwrite existing file (opt), -->oracle 10g后新加的参数,用法:force=n或force=y,表示密码文件存在是否覆盖,10g之前只能删除原有的密码文件,再创建。

OPERs (opt),

There are no spaces around the equal-to (=) character.

例如: [oracle@localhost ~]$ orapwd file=orapworcl password=rezin entries=1 force=y

密码文件修改:例如 修改sys用户密码或授予sysdba、sysoper权限

orapwd重建密码文件:不建议使用,可能会让其他sys用户不能登录

alter user sys identified by <new password>

grant sysdba|sysoper to <user>;

revoke sysdba|sysoper from <user>

查看密码文件内容:strings指令查看二进制文件内容。

[oracle@localhost dbs]$ strings orapworcl

]\[Z

ORACLE Remote Password file

INTERNAL

9D9FF9FDAFB17385

E6BAA2164C375C09

sysdba和sysoper具体区别: 查看官方文档

通过system_privilege_map视图查看系统权限:

SQL> select * from system_privilege_map

2 where name like '%SYS%';

PRIVILEGE NAME PROPERTY


-3 ALTER SYSTEM 0

-4 AUDIT SYSTEM 0

-83 SYSDBA 0

-84 SYSOPER 0

查看用户系统权限通过密码文件视图v$pwfile_user查看:

SQL> select * from v$pwfile_users;

USERNAME SYSDB SYSOP


SYS TRUE TRUE

通过以上查询可以知道,sys用户登录方式既可以通过as sysdba登录schema显示'SYS',也可以通过as sysoper登录schema显示'PUBLIC'。

LAST验证:需要配合参数文件知识练习

1、按照组合:

1)remote_login_passwordfile=none sqlnet.authentication_services=none

2)remote_login_passwordfile=exclusive sqlnet.authentication_services=none

3)remote_login_passwordfile=none sqlnet.authentication_services=all

如果是win,请你把all改为nts

4)remote_login_passwordfile=exclusive sqlnet.authentication_services=all

分别测试:

本机:sqlplus / as sysdba

sqlplus sys/<pswd> as sysdba

sqlplus sys/<pswd>@<sid> as sysdba

远程:sqlplus sys/<pswd>@<sid> as sysdba

sqlplus sys/<pswd>@ip:port/<sid> as sysdba

测试哪些组合可以登录成功,哪些不能登录成功。

总结出如果关闭OS验证;如何关闭密码文件验证;如何关闭本地密码文件验证;如何关闭远程密码文件验证。

2、修改remote_login_passwordfile=shated然后使用alter user sys identified by <pswd>;修改密码,测试能否修改成功。

不允许修改

3、如果sys密码丢失或不对,你如何做?

alter user sys identified by tiger;修改密码

4、sysdba、sysoper区别在哪,普通用户如何使用密码文件已sysdba或sysoper登录。

答案:

1)remote_login_passwordfile=none sqlnet.authentication_services=none

关闭密码文件认证,关闭OS认证。

本机:sqlplus / as sysdba

[oracle@localhost dbs]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:06:22 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Enter user-name:

本机:sqlplus sys/tiger as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:14:24 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

Enter user-name:

本机:sqlplus sys/tiger@orcl as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:15:39 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

Enter user-name:

远程:sqlplus sys/tiger@orcl as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:16:11 2015

Copyright (c) 1982, 2010, Oracle. All rights reserved.

ERROR:

ORA-12154: TNS: 无法解析指定的连接标识符

请输入用户名:

远程:sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:17:35 2015

Copyright (c) 1982, 2010, Oracle. All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

请输入用户名:

2)remote_login_passwordfile=exclusive sqlnet.authentication_services=none

关闭OS认证,只能使用密码文件认证,自己独占使用。

本机:sqlplus / as sysdba

[oracle@localhost dbs]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:38:23 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Enter user-name:

本机: sqlplus sys/<pswd> as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:39:24 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机: sqlplus sys/<pswd>@<sid> as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:41:00 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

远程:sqlplus sys/<pswd>@<sid> as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:41:52 2015

Copyright (c) 1982, 2010, Oracle. All rights reserved.

ERROR:

ORA-12154: TNS: 无法解析指定的连接标识符

请输入用户名:

远程: sqlplus sys/<pswd>@ip:port/<sid> as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:44:07 2015

Copyright (c) 1982, 2010, Oracle. All rights reserved.

连接到:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

3)remote_login_passwordfile=none sqlnet.authentication_services=all

关闭密码文件认证,采用OS认证。

本机:sqlplus / as sysdba

[oracle@localhost dbs]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:22:24 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机:sqlplus sys/tiger as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:23:10 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机:sqlplus sys/tiger@orcl as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:24:01 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-12641: Authentication service failed to initialize

Enter user-name:

远程:sqlplus sys/tiger@orcl as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:24:47 2015

Copyright (c) 1982, 2010, Oracle. All rights reserved.

ERROR:

ORA-12154: TNS: 无法解析指定的连接标识符

请输入用户名:

远程:sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:25:33 2015

Copyright (c) 1982, 2010, Oracle. All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

请输入用户名:

4)remote_login_passwordfile=exclusive sqlnet.authentication_services=all

linux平台关闭本机密码文件认证,采用OS认证,但是远程(异机)可以密码文件认证,自己独占使用。

本机:sqlplus / as sysdba

[oracle@localhost dbs]$ sql / as sysdba

[uniread] Loaded history (12 lines)

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:57:20 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机: sqlplus sys/<pswd> as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:59:16 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

本机:sqlplus sys/<pswd>@<sid> as sysdba

[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 23:00:44 2015

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:

ORA-12641: Authentication service failed to initialize

Enter user-name:

远程:sqlplus sys/<pswd>@<sid> as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:01:18 2015

Copyright (c) 1982, 2010, Oracle. All rights reserved.

ERROR:

ORA-12154: TNS: 无法解析指定的连接标识符

请输入用户名:

远程:sqlplus sys/<pswd>@ip:prot/<sid> as sysdba

C:\Users\WCWEN>sqlplus sys/tiger@192.168.96.141:1521/orcl as sysdba

SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:02:56 2015

Copyright (c) 1982, 2010, Oracle. All rights reserved.

连接到:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

相关推荐
无敌岩雀6 分钟前
深入探讨 Redis 持久化机制:原理、配置与优化策略
数据库·redis
NiJiMingCheng17 分钟前
Python爬取豆瓣电影全部分类数据并存入数据库
数据库·数据仓库·python·网络爬虫
Leo Han1 小时前
Spring中实现动态数据源切换,基于AbstractRoutingDataSource
java·数据库·spring
捂月1 小时前
spring boot有哪些不足之处?
数据库·spring boot·sql
好记忆不如烂笔头abc1 小时前
How Do Indexes Become Unusable? (Doc ID 1054736.6)
oracle
冰零(lane)2 小时前
Spring Boot 动态数据源切换
java·数据库·spring boot
所待.3832 小时前
MySQL之视图
android·数据库·mysql
xuanloyer2 小时前
Oracle 深入学习 Part 10: Managing Undo Data(管理Undo数据)
开发语言·数据库·oracle
tjsoft2 小时前
delphi 12 webserver post数据与对应的接收方式
服务器·前端·数据库
Lostgreen3 小时前
图数据库 & Cypher语言
大数据·数据库·笔记