Oracle密码文件

GawynKing2024-04-03 23:02

密码文件作用:

密码文件用于dba用户的登录认证。

dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户。

本地登录:

1)操作系统认证:

oracle@localhost \~\]$ sqlplus "/as sysdba" \[oracle@localhost \~\]$ sqlplus / as sysdba \[oracle@localhost \~\]$ sqlplus sys/tiger as sysdba--\>首先OS认证,OS认证失败再密码文件认证 2)密码文件认证: \[oracle@localhost \~\]$ sqlplus sys/tiger@rezin as sysdba 远程密码文件登录: \[oracle@localhost \~\]$ sqlplus sys/[email protected]:1521/orcl as sysdba ****密码文件位置:**** linux/unix:\[oracle@localhost \~\]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID /u01/oracle/10g/dbs/orapworcl /u01/oracle/10g/dbs/orapwrezin windows:$ORACLE_HOME/database/orapw$ORACLE_SID ****密码文件查找顺序:**** 1)opapw\ 2)orapw 以上两个都查找不到,验证失败。 ****密码文件认证还是OS认证:**** 1)参数文件:remote_login_passwordfile=none\|exclusive\|shared none:不使用密码文件认证 exclusive:使用密码文件认证,自己独占使用(默认) shared:使用密码文件认证,不同实例dba用户可以共享密码文件(asm下必须使用) 2)$ORACLE_HOME/network/admin/sqlnet.ora文件下: SQLNET.AUTHENTICATION_SERVICES =none\|all\|nts(linux下默认没有设置) none:关闭OS认证,只能密码文件认证 all:linux平台关闭本机密码文件认证,采用操作系统认证,但是远程(异机)可以密码文件认证 nts:windows下使用(桶linux下all) ****练习:**** 1)配置:remote_login_passwordfile=exclusive SQLNET.AUTHENTICATION_SERVICES =none 结果:可以密码文件认证(本地/远超),不可以操作系统认证 \[oracle@localhost \~\]$ sqlplus sys/tiger as sysdba****(本地密码文件登录)**** \[oracle@localhost \~\]$ sqlplus sys/tiger@rezin as sysdba****(本地密码文件登录)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:39 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ???: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> exit ? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options ?? \[oracle@localhost \~\]$ sqlplus / as sysdba****(OS认证)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:51 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: 或 \[oracle@localhost \~\]$ sqlplus "/as sysdba"****(OS认证)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:01:04 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: 2)配置:remote_login_passwordfile=exclusive SQLNET.AUTHENTICATION_SERVICES =all 结果:本机密码文件认证不可用,但是远程密码文件认证可用,本机OS认证可用 \[oracle@localhost \~\]$ sqlplus "/as sysdba"****(本机OS认证登录成功)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:45:35 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options \[oracle@localhost \~\]$ sqlplus sys/tiger@orcl as sysdba****(本机密码文件认证失败)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:46:52 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-12641: Authentication service failed to initialize Enter user-name: C: \>sqlplus sys/[email protected]:1521/orcl as sysdba****(远程密码文件登录成功)**** SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 11:58:38 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. 连接到: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> \[oracle@localhost \~\]$ sqlplus scott/tiger****(普通用户本地OS登录成功)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:01:57 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> \[oracle@localhost \~\]$ sqlplus scott/tiger@orcl****(登录失败)**** \[oracle@localhost \~\]$ sqlplus scott/t ****(登录失败)**** SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:02:52 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-12641: Authentication service failed to initialize Enter user-name: ****密码文件管理:**** ****密码文件建立:****orapwd命令用法(不建议使用) \[oracle@localhost \~\]$ orapwd Usage: orapwd file=\ password=\ entries=\ force=\ where file - name of password file (mand), --\>创建密码文件名字:orapw\ password - password for SYS (mand), --\>sys用户密码 entries - maximum number of distinct DBA and --\>可以有多少个sysdba和sysoper用户可以放到密码文件里边去(采用二进制方式,即输入1表示最少存放4个,去除重复的) force - whether to overwrite existing file (opt), --\>oracle 10g后新加的参数,用法:force=n或force=y,表示密码文件存在是否覆盖,10g之前只能删除原有的密码文件,再创建。 OPERs (opt), There are no spaces around the equal-to (=) character. ****例如:**** ****\[oracle@localhost \~\]$**** ****orapwd file=orapworcl password=rezin entries=1 force=y**** ****密码文件修改:例如 修改sys用户密码或授予sysdba、sysoper权限**** orapwd重建密码文件:不建议使用,可能会让其他sys用户不能登录 alter user sys identified by \ grant sysdba\|sysoper to \; revoke sysdba\|sysoper from \ 查看密码文件内容:strings指令查看二进制文件内容。 \[oracle@localhost dbs\]$ strings orapworcl \]\\\[Z ORACLE Remote Password file INTERNAL 9D9FF9FDAFB17385 E6BAA2164C375C09 ****sysdba和sysoper具体区别:**** ****查看官方文档**** 通过system_privilege_map视图查看系统权限: SQL\> select \* from system_privilege_map 2 where name like '%SYS%'; PRIVILEGE NAME PROPERTY ---------- ---------------------------------------- ---------------------------------------------------------- -3 ALTER SYSTEM 0 -4 AUDIT SYSTEM 0 -83 SYSDBA 0 -84 SYSOPER 0 查看用户系统权限通过密码文件视图v$pwfile_user查看: SQL\> select \* from v$pwfile_users; USERNAME SYSDB SYSOP ------------------------------ ----- ----- SYS TRUE TRUE 通过以上查询可以知道,sys用户登录方式既可以通过as sysdba登录schema显示'SYS',也可以通过as sysoper登录schema显示'PUBLIC'。 ****LAST验证:需要配合参数文件知识练习**** 1、按照组合: 1)remote_login_passwordfile=none sqlnet.authentication_services=none 2)remote_login_passwordfile=exclusive sqlnet.authentication_services=none 3)remote_login_passwordfile=none sqlnet.authentication_services=all 如果是win,请你把all改为nts 4)remote_login_passwordfile=exclusive sqlnet.authentication_services=all 分别测试: 本机:sqlplus / as sysdba sqlplus sys/\ as sysdba sqlplus sys/\@\ as sysdba 远程:sqlplus sys/\@\ as sysdba sqlplus sys/\@ip:port/\ as sysdba 测试哪些组合可以登录成功,哪些不能登录成功。 总结出如果关闭OS验证;如何关闭密码文件验证;如何关闭本地密码文件验证;如何关闭远程密码文件验证。 2、修改remote_login_passwordfile=shated然后使用alter user sys identified by \;修改密码,测试能否修改成功。 不允许修改 3、如果sys密码丢失或不对,你如何做? alter user sys identified by tiger;修改密码 4、sysdba、sysoper区别在哪,普通用户如何使用密码文件已sysdba或sysoper登录。 ****答案:**** ****1)remote_login_passwordfile=none**** ****sqlnet.authentication_services=none**** ****关闭密码文件认证,关闭OS认证。**** 本机:sqlplus / as sysdba \[oracle@localhost dbs\]$ sqlplus / as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:06:22 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: 本机:sqlplus sys/tiger as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:14:24 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied Enter user-name: 本机:sqlplus sys/tiger@orcl as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:15:39 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied Enter user-name: 远程:sqlplus sys/tiger@orcl as sysdba C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:16:11 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-12154: TNS: 无法解析指定的连接标识符 请输入用户名: 远程:sqlplus sys/[email protected]:1521/orcl as sysdba C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:17:35 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied 请输入用户名: ****2)remote_login_passwordfile=exclusive**** ****sqlnet.authentication_services=none**** ****关闭OS认证,只能使用密码文件认证,自己独占使用。**** 本机:sqlplus / as sysdba \[oracle@localhost dbs\]$ sqlplus / as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:38:23 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: 本机: sqlplus sys/\ as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:39:24 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机: sqlplus sys/\@\ as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:41:00 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 远程:sqlplus sys/\@\ as sysdba C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:41:52 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-12154: TNS: 无法解析指定的连接标识符 请输入用户名: 远程: sqlplus sys/\@ip:port/\ as sysdba C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:44:07 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. 连接到: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> ****3)remote_login_passwordfile=none**** ****sqlnet.authentication_services=all**** ****关闭密码文件认证,采用OS认证。**** 本机:sqlplus / as sysdba \[oracle@localhost dbs\]$ sqlplus / as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:22:24 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机:sqlplus sys/tiger as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:23:10 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机:sqlplus sys/tiger@orcl as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:24:01 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-12641: Authentication service failed to initialize Enter user-name: 远程:sqlplus sys/tiger@orcl as sysdba C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:24:47 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-12154: TNS: 无法解析指定的连接标识符 请输入用户名: 远程:sqlplus sys/[email protected]:1521/orcl as sysdba C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:25:33 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied 请输入用户名: ****4)remote_login_passwordfile=exclusive**** ****sqlnet.authentication_services=all**** ****linux平台关闭本机密码文件认证,采用OS认证,但是远程(异机)可以密码文件认证,自己独占使用。**** 本机:sqlplus / as sysdba \[oracle@localhost dbs\]$ sql / as sysdba \[uniread\] Loaded history (12 lines) SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:57:20 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机: sqlplus sys/\ as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:59:16 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\> 本机:sqlplus sys/\@\ as sysdba \[oracle@localhost dbs\]$ sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 23:00:44 2015 Copyright (c) 1982, 2005, Oracle. All rights reserved. ERROR: ORA-12641: Authentication service failed to initialize Enter user-name: 远程:sqlplus sys/\@\ as sysdba C:\\Users\\WCWEN\>sqlplus sys/tiger@orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:01:18 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-12154: TNS: 无法解析指定的连接标识符 请输入用户名: 远程:sqlplus sys/\@ip:prot/\ as sysdba C:\\Users\\WCWEN\>sqlplus sys/[email protected]:1521/orcl as sysdba SQL\*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:02:56 2015 Copyright (c) 1982, 2010, Oracle. All rights reserved. 连接到: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production With the Partitioning, OLAP and Data Mining options SQL\>

相关推荐
CodeJourney.6 分钟前
深度探索:DeepSeek赋能WPS图表绘制
数据库·人工智能·算法·信息可视化·excel
zru_960220 分钟前
MongoDB 入门使用教程
数据库·mongodb
berryyan25 分钟前
AKShare安装教程(一步一步适合新手)
数据库·投资
xjdkxnhcoskxbco1 小时前
安卓四大组件之ContentProvider
java·数据库·servlet
wowocpp1 小时前
MongoDB Ubuntu 安装
数据库·mongodb
小天努力学java2 小时前
【软考-架构】14、软件可靠性基础
数据库·架构
yyyyyyykk2 小时前
Spring知识点总结
数据库·mysql·spring
小L爱科研2 小时前
5.3/Q1,GBD数据库最新文章解读
数据库·数据分析·逻辑回归·线性回归·健康医疗
百万蹄蹄向前冲3 小时前
动图MangoDB 8.0.8从安装到使用
数据库·mongodb·豆包marscode
maomi_95263 小时前
头歌实训之存储过程、函数与触发器
数据库
热门推荐
01KGG转MP3工具|非KGM文件|解密音频02从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑03我决定放弃搞 Java 了04YOLOv5改进 | 添加CA注意力机制 + 增加预测层 + 更换损失函数之GIoU05YOLOv8入门 | 重要性能衡量指标、训练结果评价及分析及影响mAP的因素【发论文关注的指标】06DeepSeek各版本说明与优缺点分析07西电B测-计算机网络综合实验(含验收问题)08yolov8,yolo11,yolo12 服务器训练到部署全流程 笔记09苍穹外卖面试总结10最新 Kubernetes 集群部署 + flannel 网络插件(保姆级教程,最新 K8S 版本)