Authentication methods of ORACLESYSDBA and Sysoper

1.ORACLE There are two ways to authenticate Sysdba/sysoper users:

1. Operating system Level Authentication: that is, login to the Oracle database host, use the following user login, you can directly use Sqlplus/as SYSDBA login: Under Linux/unix under the DBA Authority Group (Linux/unix) users, Users under Windows who are subordinate to the ORA_DBA Group;

2. Remote Authentication: Password file authentication, that is, in any host can use Sqlplus sys/xxx@sid login.

2. There are two different ways to have individual switches:

1. Operating system level Certification switch: Sqlnet.ora authentication_services, when Sqlnet.authentication_services=nts,nts representative ntsecurity, that is, the use of the OS certification If none is turned off OS level authentication, must use USR/PWD as Sysdba/sysoper landing.

2). password file authentication switch: spfile/pfile remote_login_passwordfile parameter:

Remote_login_passwordfile = EXCLUSIVE, then an instance is dedicated;

Remote_login_passwordfile = share can be shared by multiple instances (for OPS/RAC environments);

Remote_login_passwordfile = None does not enable the password file, no sysdba/sysoper can be connected at this time.

Remote_login_passwordfile = Shared:more than one database canuse a password file. However, the only user recognized by the password file Issys.

OS level Authentication is preferred over password file authentication. These two authentication methods can be opened at the same time, closed or open only one, as shown below:

3. password file:

1). Generation and reconstruction of password files

Orapwd file=filename Password=password entries=max_users

Filename:name of the password file (mandatory)

password:the Password Forsysoperand SYSDBA (mandatory)

Entries:the Maximum number ofdistinct users allowed to connect as Sysdbaor

Sysoper. If you are exceed this number,you must create a new password file. It is safer to have a larger number. Thereare no spaces around the equal-to (=) character.

Windows password file default location is the Ora92/database directory, the default file name is Pwdsid.ora,linux under the ORACLE default location is $oracle_home/dbs directory, the default file name is Orapwsid, It is not recognized for other filenames.

2). Maintenance and query of password file users

Executing the grant Sysdba/sysoper to user, Oracle automatically adds an entry to the password file and the password copy comes in.

SELECT * Fromv$pwfile_users can view password file

For example:

Sql> Grant Sysdbato Scott;

Grant succeeded

sql> SELECT * fromv$pwfile_users;

USERNAME SYSDBA Sysoper sysasm

------------------------------------ ------- ------

SYS true True FALSE

SCOTT TRUE False