The REMOTE_ OS _AUTHENT initialization parameter is used to control whether remote operating system verification is allowed. By default, the database only runs operating system verification on the local server: SQL> SELECT * FROM GLOBAL_NAME; www.2cto.com GLOBAL_NAME------------------------------------------------------------------------------------TESTRAC SQL> SELECT * FROM V $ VERSION; BANNER implements Oracle Database10gEnterpriseEdition Release10.2.0.4.0-64 biPL/SQL Release 10.2.0.4.0-Production www.2cto.com CORE 10.2.0.4. 0 ProductionTNS for Solaris: Version 10.2.0.4.0-ProductionNLSRTL Version 10.2.0.4.0-Production SQL> show parameter OS _AUTH name type value =----------- invalid PARAMETER string ops $ remote_ OS _authent boolean FALSESQL> CREATE USER OPS $ ORACLE IDENTIFIED EXTERNALLY; the user has been created. SQL> GRANT CONNECT TO OPS $ ORACLE; authorization successful. SQL> HOST $ sqlplus/SQL * Plus: Release10.2.0.4.0-Production Copyright (c) 1982,200 7, Oracle. all Rights Reserved. connect to: Oracle Database10gEnterprise Edition Release10.2.0.4.0-64bit ProductionWith the Partitioning, Real Application Clusters, OLAP, data Miningand Real Application Testing options www.2cto.com SQL> SHOW USERUSER is "OPS $ ORACLE". After OPS $ ORACLE users are created, you can locally log on using the operating system authentication method, however, the remote server cannot log on using the same method: [ora Cle @ bjtest ~] $ Sqlplus/nolog SQL * Plus: Release11.2.0.1.0 Production Copyright (c) 1982,200 9, Oracle. all rights reserved. SQL> set sqlp 'sql112> 'sql112> CONN/@ 172.25.198.223/TESTRACERROR: ORA-01017: invalid username/password; logon denied if you modify the REMOTE_ OS _AUTHENT parameter:
SQL> EXIT from Oracle Database10gEnterprise Edition Release10.2.0.4.0-64bit ProductionWith the Partitioning, Real Application Clusters, OLAP, data Miningand Real Application Testing options disconnect www.2cto.com $ exit SQL> alter system set REMOTE_ OS _AUTHENT = TRUE SCOPE = SPFILE; the SYSTEM has changed. SQL> SHUTDOWN the IMMEDIATE database has been disabled. The database has been detached. The ORACLE routine has been disabled. The SQL> STARTUPORACLE routine has been started. Total System Global Area 1258291200 bytesFixed Size 2040280 bytesVariable Size 318774824 bytesDatabase Buffers 922746880 bytesRedo Buffers 14729216 bytes database loaded. The database has been opened. Use the remote server to verify the operating system logon again: SQL112> CONN/@ 172.25.198.223/TESTRAC is connected. Www.2cto.com SQL112> SELECT * FROM GLOBAL_NAME; GLOBAL_NAME--------------------------------------------------------------------------------TESTRAC SQL112> HOST iduid = 500 (oracle) gid = 500 (oinstall) groups = 500 (oinstall), 501 (dba) needs to note that, after this parameter is enabled, there is a great security risk. As long as the remote server creates a user based on the external users in the database, it can log on to the database. Therefore, unless necessary, otherwise, it is not recommended to enable this parameter. This article is from the personal space of yangtingkun
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
