Summary of the two oralce authentication methods

Transferred from external.

Sqlnet. authentication_services = (CNT) | (none)
Operating system authentication mode. No password file is used;
None: Password File authentication method

Remote_login_passwordfile = (none) | (exclusive) | (shared)
None: the password file is not used for operating system authentication;
Exclusive: Password File authentication method, but only one database instance can use this file;
Shared: Password File authentication method. This file can be used by multiple database instances. However, only the sys account can be identified in this setting, even if the file contains information from other users, they are not allowed to log on with sysoper/sysdba.

(1). sqlnet. authentication_services = (ETS)
At the same time, remote_login_passwordfile = (none) is used for operating system authentication.

After logging on to the local operating system as a user in the oracle_dba group, perform the following operations:
Sqlplus/nolog
SQL> Conn/AsSysdba
You can useSysdbaIdentity login is successful, database operations.

When logging on remotely, run the following command:
Sqlplus/nolog
SQL> Conn/AsSysdba
It will display:
Error: ORA-01031: insufficient privileges
That isSysdbaIdentity remote logon to the system, which is also the reason for OS authentication.

(2). sqlnet. authentication_services = (none ),
Remote_login_passwordfile = (exclusive) | (shared), used with the password file pwdsid. ora. The authentication method for the password file is as follows:

When you log on to the system as a user in the oracle_dba group locally, perform the following operations:
Sqlplus/nolog
SQL> Conn/AsSysdba
It will display:
Error: ORA-01031: insufficient privileges

Perform the following operations locally or remotely:
Sqlplus/nolog
SQL> conn sys/password @ service nameAsSysdba
You can access the system, that is, the password file authentication method allows usersSysdbaIdentity logon, but the password is required.

(3). sqlnet. authentication_services = (CNT), at the same time
Remote_login_passwordfile = (exclusive) | (shared), which works with the password file pwdsid. ora. In this case, operating system authentication and password file authentication work simultaneously:

After logging on to the operating system as a user in the oracle_dba group locally, perform the following operations:
Sqlplus/nolog
SQL> Conn/AsSysdba
You can log on to the system by operating system authentication.

When executed remotely:
Sqlplus/nolog
SQL> conn sys/password @ service nameAsSysdba
At the same time, you can log on to the database system normally, that is, the password file authentication method is successful. Note: The following login methods are not a concept:
Sqlplus/nolog
1: Conn/AsSysdbaLog on to the local machine and use the operating system authentication. You can use any monitoring information.
2: conn sys/PasswordAsSysdbaLog on to the local machine and authenticate the password file. It can be used for listening or not.
3: conn sys/password @ dbanoteAsSysdbaRemote Access is supported on the local machine. Password File authentication is required, and a listener is required. tnsnames. ora and remote_login_passwordfile must be exclusive.

 

Note:

From the Oracle explanation, we can know that sqlnet. authentication_services = (ETS) is dedicated to Windows systems and is not applicable to Linux/Unix.

Finally, let's make a simple summary:
1. In Windows, sqlnet. authentication_services must be set to ETS or all to use OS authentication. If it is not set or set to any other value, OS authentication cannot be used.
2. in Linux, if the value of sqlnet. authentication_services is set to all or is not set, OS authentication can be successful. If it is set to any other value, OS authentication cannot be used.

After commenting out, the management client in Windows cannot log on using the Sys or system account. You can log on after uncommenting.