Oracle密码文件

密码文件作用:

密码文件用于dba用户的登录认证。

dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户。

本地登录:

1)操作系统认证:

oracle@localhost \~\]$ sqlplus "/as sysdba" \[oracle@localhost \~\]$ sqlplus / as sysdba \[oracle@localhost \~\]$ sqlplus sys/tiger as sysdba--\>首先OS认证,OS认证失败再密码文件认证 2)密码文件认证: \[oracle@localhost \~\]$ sqlplus sys/tiger@rezin as sysdba 远程密码文件登录: \[oracle@localhost \~\]$ sqlplus sys/[email protected]:1521/orcl as sysdba ****密码文件位置:**** linux/unix:\[oracle@localhost \~\]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID /u01/oracle/10g/dbs/orapworcl /u01/oracle/10g/dbs/orapwrezin windows:$ORACLE_HOME/database/orapw$ORACLE_SID ****密码文件查找顺序:**** 1)opapw\ 2)orapw 以上两个都查找不到,验证失败。 ****密码文件认证还是OS认证:**** 1)参数文件:remote_login_passwordfile=none\|exclusive\|shared none:不使用密码文件认证 exclusive:使用密码文件认证,自己独占使用(默认) shared:使用密码文件认证,不同实例dba用户可以共享密码文件(asm下必须使用) 2)$ORACLE_HOME/network/admin/sqlnet.ora文件下: SQLNET.AUTHENTICATION_SERVICES =none\|all\|nts(linux下默认没有设置) none:关闭OS认证,只能密码文件认证 all:linux平台关闭本机密码文件认证,采用操作系统认证,但是远程(异机)可以密码文件认证 nts:windows下使用(桶linux下all) ****练习:**** 1)配置:remote_login_passwordfile=exclusive SQLNET.AUTHENTICATION_SERVICES =none 结果:可以密码文件认证(本地/远超),不可以操作系统认证 \[oracle@localhost \~\]$ sqlplus sys/tiger as sysdba****(本地密码文件登录)**** \[oracle@localhost \~\]$ sqlplus sys/tiger@rezin as sysdba****(本地密码文件登录)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:39 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ???: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> exit ? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options ?? \[oracle@localhost \~\]$ sqlplus / as sysdba****(OS认证)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:51 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: 或 \[oracle@localhost \~\]$ sqlplus "/as sysdba"****(OS认证)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:01:04 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: 2)配置:remote_login_passwordfile=exclusive SQLNET.AUTHENTICATION_SERVICES =all 结果:本机密码文件认证不可用,但是远程密码文件认证可用,本机OS认证可用 \[oracle@localhost \~\]$ sqlplus "/as sysdba"****(本机OS认证登录成功)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:45:35 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options \[oracle@localhost \~\]$ sqlplus sys/tiger@orcl as sysdba****(本机密码文件认证失败)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:46:52 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-12641: Authentication service failed to initialize Enter user-name: C: \>sqlplus sys/[email protected]:1521/orcl as sysdba****(远程密码文件登录成功)**** SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 11:58:38 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. 连接到: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> \[oracle@localhost \~\]$ sqlplus scott/tiger****(普通用户本地OS登录成功)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:01:57 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> \[oracle@localhost \~\]$ sqlplus scott/tiger@orcl****(登录失败)**** \[oracle@localhost \~\]$ sqlplus scott/t ****(登录失败)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:02:52 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-12641: Authentication service failed to initialize Enter user-name: ****密码文件管理:**** ****密码文件建立:****orapwd命令用法(不建议使用) \[oracle@localhost \~\]$ orapwd Usage: orapwd file=\ password=\ entries=\ force=\ where file - name of password file (mand), --\>创建密码文件名字:orapw\ password - password for SYS (mand), --\>sys用户密码 entries - maximum number of distinct DBA and --\>可以有多少个sysdba和sysoper用户可以放到密码文件里边去(采用二进制方式,即输入1表示最少存放4个,去除重复的) force - whether to overwrite existing file (opt), --\>oracle 10g后新加的参数,用法:force=n或force=y,表示密码文件存在是否覆盖,10g之前只能删除原有的密码文件,再创建。 OPERs (opt), There are no spaces around the equal-to (=) character. ****例如:**** ****\[oracle@localhost \~\]$**** ****orapwd file=orapworcl password=rezin entries=1 force=y**** ****密码文件修改:例如 修改sys用户密码或授予sysdba、sysoper权限**** orapwd重建密码文件:不建议使用,可能会让其他sys用户不能登录 alter user sys identified by \ grant sysdba\|sysoper to \; revoke sysdba\|sysoper from \ 查看密码文件内容:strings指令查看二进制文件内容。 \[oracle@localhost dbs\]$ strings orapworcl \]\\\[Z ORACLE Remote Password file INTERNAL 9D9FF9FDAFB17385 E6BAA2164C375C09 ****sysdba和sysoper具体区别:**** ****查看官方文档**** 通过system_privilege_map视图查看系统权限: SQL\> select \* from system_privilege_map 2 where name like '%SYS%'; PRIVILEGE NAME PROPERTY ---------- ---------------------------------------- ---------------------------------------------------------- -3 ALTER SYSTEM 0 -4 AUDIT SYSTEM 0 -83 SYSDBA 0 -84 SYSOPER 0 查看用户系统权限通过密码文件视图v$pwfile_user查看: SQL\> select \* from v$pwfile_users; USERNAME SYSDB SYSOP ------------------------------ ----- ----- SYS TRUE TRUE 通过以上查询可以知道,sys用户登录方式既可以通过as sysdba登录schema显示'SYS',也可以通过as sysoper登录schema显示'PUBLIC'。 ****LAST验证:需要配合参数文件知识练习**** 1、按照组合: 1)remote_login_passwordfile=none sqlnet.authentication_services=none 2)remote_login_passwordfile=exclusive sqlnet.authentication_services=none 3)remote_login_passwordfile=none sqlnet.authentication_services=all 如果是win,请你把all改为nts 4)remote_login_passwordfile=exclusive sqlnet.authentication_services=all 分别测试: 本机:sqlplus / as sysdba sqlplus sys/\ as sysdba sqlplus sys/\@\ as sysdba 远程:sqlplus sys/\@\ as sysdba sqlplus sys/\@ip:port/\ as sysdba 测试哪些组合可以登录成功,哪些不能登录成功。 总结出如果关闭OS验证;如何关闭密码文件验证;如何关闭本地密码文件验证;如何关闭远程密码文件验证。 2、修改remote_login_passwordfile=shated然后使用alter user sys identified by \;修改密码,测试能否修改成功。 不允许修改 3、如果sys密码丢失或不对,你如何做? alter user sys identified by tiger;修改密码 4、sysdba、sysoper区别在哪,普通用户如何使用密码文件已sysdba或sysoper登录。 ****答案:**** ****1)remote_login_passwordfile=none**** ****sqlnet.authentication_services=none**** ****关闭密码文件认证,关闭OS认证。**** 本机:sqlplus / as sysdba \[oracle@localhost dbs\]$ sqlplus / as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:06:22 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: 本机:sqlplus sys/tiger as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:14:24 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied Enter user-name: 本机:sqlplus sys/tiger@orcl as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:15:39 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied Enter user-name: 远程:sqlplus sys/tiger@orcl as sysdba C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:16:11 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-12154: TNS: 无法解析指定的连接标识符 请输入用户名: 远程:sqlplus sys/[email protected]:1521/orcl as sysdba C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:17:35 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied 请输入用户名: ****2)remote_login_passwordfile=exclusive**** ****sqlnet.authentication_services=none**** ****关闭OS认证,只能使用密码文件认证,自己独占使用。**** 本机:sqlplus / as sysdba \[oracle@localhost dbs\]$ sqlplus / as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:38:23 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: 本机: sqlplus sys/\ as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:39:24 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机: sqlplus sys/\@\ as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:41:00 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 远程:sqlplus sys/\@\ as sysdba C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:41:52 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-12154: TNS: 无法解析指定的连接标识符 请输入用户名: 远程: sqlplus sys/\@ip:port/\ as sysdba C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:44:07 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. 连接到: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> ****3)remote_login_passwordfile=none**** ****sqlnet.authentication_services=all**** ****关闭密码文件认证,采用OS认证。**** 本机:sqlplus / as sysdba \[oracle@localhost dbs\]$ sqlplus / as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:22:24 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机:sqlplus sys/tiger as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:23:10 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机:sqlplus sys/tiger@orcl as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:24:01 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-12641: Authentication service failed to initialize Enter user-name: 远程:sqlplus sys/tiger@orcl as sysdba C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:24:47 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-12154: TNS: 无法解析指定的连接标识符 请输入用户名: 远程:sqlplus sys/[email protected]:1521/orcl as sysdba C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:25:33 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied 请输入用户名: ****4)remote_login_passwordfile=exclusive**** ****sqlnet.authentication_services=all**** ****linux平台关闭本机密码文件认证,采用OS认证,但是远程(异机)可以密码文件认证,自己独占使用。**** 本机:sqlplus / as sysdba \[oracle@localhost dbs\]$ sql / as sysdba \[uniread\] Loaded history (12 lines) SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:57:20 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机: sqlplus sys/\ as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:59:16 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机:sqlplus sys/\@\ as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 23:00:44 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-12641: Authentication service failed to initialize Enter user-name: 远程:sqlplus sys/\@\ as sysdba C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:01:18 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-12154: TNS: 无法解析指定的连接标识符 请输入用户名: 远程:sqlplus sys/\@ip:prot/\ as sysdba C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:02:56 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. 连接到: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\>

相关推荐
数据智能老司机24 分钟前
CockroachDB权威指南——SQL调优
数据库·分布式·架构
数据智能老司机25 分钟前
CockroachDB权威指南——应用设计与实现
数据库·分布式·架构
数据智能老司机39 分钟前
CockroachDB权威指南——CockroachDB 模式设计
数据库·分布式·架构
数据智能老司机19 小时前
CockroachDB权威指南——CockroachDB SQL
数据库·分布式·架构
数据智能老司机20 小时前
CockroachDB权威指南——开始使用
数据库·分布式·架构
松果猿20 小时前
空间数据库学习(二)—— PostgreSQL数据库的备份转储和导入恢复
数据库
无名之逆20 小时前
Rust 开发提效神器:lombok-macros 宏库
服务器·开发语言·前端·数据库·后端·python·rust
s91236010120 小时前
rust 同时处理多个异步任务
java·数据库·rust
数据智能老司机20 小时前
CockroachDB权威指南——CockroachDB 架构
数据库·分布式·架构
hzulwy21 小时前
Redis常用的数据结构及其使用场景
数据库·redis