1. ORACLE has two ways to authenticate sysdba/sysoper users:
1). Operating System Level Authentication: After logging on to the oracle Database Host, you can use sqlplus/as sysdba to log on directly: users who belong to the dba permission group (linux/unix) in linux/unix, users in the ORA_DBA group in windows;
2). Remote Authentication: Password File authentication. You can use sqlplus sys/xxx @ sid to log on to any host.
2. The two methods have their respective switches:
1) Switch for operating system level authentication:Sqlnet. AUTHENTICATION_SERVICES in ora, when SQLNET. AUTHENTICATION_SERVICES = ETS. When the content of the NS indicates NTSecurity, OS authentication is adopted. If the value is NONE, the operating system authentication is disabled. You must use usr/pwd as sysdba/sysoper to log on.
2). Password File authentication switch:In spfile/pfile, The remote_login_passwordfile parameter is as follows:
Remote_login_passwordfile = EXCLUSIVE, which is dedicated to one instance;
Remote_login_passwordfile = SHARE can be shared by multiple instances (for OPS/RAC environments );
Remote_login_passwordfile = NONE, the password file is not enabled. In this case, no sysdba/sysoper can be connected.
Remote_login_passwordfile = shared: More than one database canuse a password file. However, the only user recognized by the password file isSYS.
OS-level authentication takes precedence over Password File authentication. The two authentication methods can be enabled, disabled, or enabled at the same time, as shown in the figure below:
3. Password File:
1) Generate and recreate the password file
Orapwd file = filename password = password entries = max_users
Filename: Name of the password file (mandatory)
Password: The password forSYSOPERand SYSDBA (mandatory)
Entries: The maximum number ofdistinct users allowed to connect as SYSDBAor
SYSOPER. If you exceed this number, you must create a new password file. It is safer to have a larger number. Thereare no spaces around the equal-to (=) character.
In windows, the default location of the password file is the ora92/database directory, and the default file name is pwdSID. in linux, oracle is located in the $ ORACLE_HOME/dbs directory by default. The default file name is orapwSID, which is not recognized by other file names.
2) Maintenance and query of password file users
Run grant sysdba/sysoper to user. oracle automatically adds an entry to the password file and copies the password.
Select * fromv $ pwfile_users to view the password file
For example:
SQL> grant sysdbato scott;
Grant succeeded
SQL> select * fromv $ pwfile_users;
USERNAME SYSDBA SYSOPER SYSASM
-------------------------------------------------
SYS TRUE FALSE
SCOTT TRUE FALSE