About sys user verification
-------------------------------
Sys is the user with the highest permissions in Oracle, and system is a user used for database management. After the database is installed, the passwords of SYS and system should be modified immediately to ensure database security. You can change the password in three ways:
Sqlplus/As sysdba;
1. SQL> alter user SYS identified by 11111
2. SQL> grant connect to SYS identified by 11111
3. SQL> password system (Note: This command only applies to System)
You can change passwords between sys and system users.
However, after changing the password to 11111, you can log on as follows:
Sqlplus/As sysdba;
Sqlplus sys/ABCDE as sysdba;
Sqlplus sys/As sysdba;
Sqlplus sys as sysdba;
You can log on successfully, and then view the current user:
SQL> show user
Displays user is 'sys '.
Why? Why is it ineffective to change the password.
The answer is: authentication method.
Sys Password Authentication includes operating system authentication and Oracle Authentication.
In the operating system authentication mode, for a UNIX operating system, as long as the operating system is logged on as a user in the DBA group, you can log on to the database as sysdba, the sys password is not verified.
For the WINNT operating system, after the Oracle database is installed, a user group named ora_dba is automatically installed in the operating system, as long as it is a user in this group, that is, you can log on to the database as sysdba without verifying the Sys password. You can also create a user group named ora_sid_dba (whose Sid is the Instance name). users belonging to this user group can also have the preceding privileges.
Next, let's talk about how to change the authentication method to operating system authentication or Oracle Authentication. (Winnt and UNIX platforms are similar)
To set the authentication method to operating system authentication:
1. Modify the remote_login_passwordfile parameter to none.
2. Modify the sqlnet. ora file. The directory of this file is:.../Oracle/product/10.1.0/db_1/Network/admin/sqlnet. ora. Add this line in it:
Sqlnet. autentication_services = (CNT)
3. Restart the database.
Set the authentication method to Oracle Authentication (password file authentication ):
1. Modify the remote_login_passwordfile parameter to exclusive or shared. Exclusive indicates that only one instance can use a password file. The shared table password file can be used by multiple instances.
2. Modify the sqlnet. ora file and add the # sign before sqlnet. autentication_services = (ETS), that is, # sqlnet. autentication_services = (ETS)
3. Restart the database.
Create a password file:
Orapwd file = filepath/pwd <Sid> Password = password entries = N
Filepath indicates the path of the password file. The format of the password file is PWD <Sid>, and the SID is the name of the database instance. It is orapwd <Sid> in UNIX.