Go The role and description of password file in Oracle

Database-built users are unable to authenticate through the database until the database is started

The password file contains the user name and password of the Sysdba/sysoper user.
Allow user to authenticate with password file and log in before database is started
thereby starting the database

If there is no password file, it can only be certified by the operating system before the database is started.

With Rman, there are many times when you need to process a database in a state such as Nomount,mount
Therefore, SYSDBA permissions are usually required if they belong to the local DBA group and can be logged on by operating system authentication
If it is a remote SYSDBA login, you need to pass Passwordfile authentication.

1.remote_login_passwordfile = NONE

Password file authentication is disabled at this time, Oracle database does not allow remote Sysdba/sysoper identity login
Unable to manage operations such as database start and stop remotely

Local

[Email protected] oracle]$ sqlplus "/As SYSDBA" Sql*plus:release 9.2.0.3.0-production on Thu Apr 09:58:45 2004Copyr Ight (c) 1982, 2002, Oracle Corporation. All rights reserved. Connected to:oracle9i Enterprise Edition Release 9.2.0.3.0-productionwith The partitioning, OLAP and Oracle Data Mining Optionsjserver Release 9.2.0.3.0-productionsql> alter USER SYS identified by Oracle; User altered. Sql> Show parameter Passname                      TYPE   VALUE-------------------------------------------------------------- Remote_login_passwordfile string NONE      

Remote

E:\oracle\ora92\bin>sqlplus/nolog

Sql*plus:release 9.2.0.4.0-production on Thu April 15 09:39:22 2004

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Sql> connect Sys/[email protected] as Sysdba
ERROR:
Ora-01017:invalid Username/password; Logon denied

The password file cannot actually be verified here

2.remote_login_passwordfile = Exclusive

Sql> alter system set remote_login_passwordfile=exclusive Scope=spfile; System altered. Sql> Startup Force;oracle instance started. Total System Global area 131142648 bytesfixed size 451576 bytesvariable size 104857600 bytesdatabase buffers 25165824 byte Sredo buffers 667648 bytesdatabase mounted. Database opened. Sql> Show parameter Passname TYPE VALUE------------------------------------------------------------------------- ----Remote_login_passwordfile string exclusivesql> ALTER USER SYS identified by Oracle; User altered.

Remote

E:\oracle\ora92\bin>sqlplus/nolog

Sql*plus:release 9.2.0.4.0-production on Thu April 15 09:47:11 2004

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Sql> connect Sys/[email protected] as Sysdba
is connected.
Sql> Show User
USER is "SYS"
Sql>

This is actually the password file to verify the login

3. Further testing

If we delete Passwdfile,sysdba/sysoper at this time will not be able to authenticate, will not be able to log into the database

Server:

Sql>!
[Email protected] oracle]$ CD $ORACLE _home/dbs
[[email protected] dbs]$ ls ORAPWHSJF
Orapwhsjf
[Email protected] dbs]$ MV ORAPWHSJF Orapwhsjf.bak
[Email protected] dbs]$

Remote:

E:\oracle\ora92\bin>sqlplus/nolog

Sql*plus:release 9.2.0.4.0-production on Thu April 15 09:50:14 2004

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Sql> connect Sys/[email protected] as Sysdba
ERROR:
Ora-01031:insufficient Privileges


Sql>

This is actually the inability to verify the identity through the password file

4. If you lose the Passwdfile

If you accidentally lose using Passwdfile, you won't be able to start the database at this time

sql> startup force;
ORACLE instance started.

Total System Global area 131142648 bytes
Fixed Size 451576 bytes
Variable Size 104857600 bytes
Database buffers 25165824 bytes
Redo buffers 667648 bytes
Ora-01990:error opening password file '/OPT/ORACLE/PRODUCT/9.2.0/DBS/ORAPW '
Ora-27037:unable to obtain file status
Linux error:2: No such file or directory
Additional Information:3

This can be resolved by orapwd rebuilding the password file.
Here we restore the password file to both

Sql>!
[Email protected] oracle]$ mv $ORACLE _home/dbs/orapwhsjf.bak ORAPWHSJF
[[Email protected] oracle]$ exit
Exit

sql> ALTER DATABASE open;

Database altered.

Sql>

This is roughly the case.

5. Remote_login_passwordfile = Shared

Let's take a look at the instructions in the Oracle9i documentation:

SHARED

More than one database can use a password file. However, the only user recognized by the password file is SYS.

It means that multiple databases can share a password file, but only one user can be identified: SYS

Sql> select * from V$pwfile_users;

USERNAME Sysdb SYSOP
------------------------------ ----- -----
SYS true True

Sql> Grant SYSDBA to Eygle;
Grant SYSDBA to Eygle
*
ERROR at line 1:
ORA-01994: GRANT failed:cannot Add users to public password file

Sql> Show parameter password

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
Remote_login_passwordfile string SHARED

We see that the user cannot be added to the password file at this time.

Many people doubt that: the default name of the password file is orapw<sid> how can I share it?

In fact, this is true: when the Oracle database starts, it first looks for the orapw<sid> password file, and if the file does not exist, it starts looking for the ORAPW password file
If the password file is named ORAPW, multiple databases can be shared.

Let's take a look at the test:

[[email protected] dbs]$ sqlplus "/As SYSDBA" Sql*plus:release 9.2.0.3.0-production on Tue Jul 6 09:40:34 2004Copy  Right (c) 1982, 2002, Oracle Corporation. All rights reserved. Connected to:oracle9i Enterprise Edition Release 9.2.0.3.0-productionwith The partitioning, OLAP and Oracle Data Mining Optionsjserver Release 9.2.0.3.0-productionsql> shutdown immediatedatabase closed. Database dismounted. ORACLE instance shut down. Sql>! [[email protected] dbs]$ lshsjf initdw.ora inithsjf.ora init.ora lkhsjf orapwhsjf SPFILEHSJF.ORA[[EMAIL PR  Otected] dbs]$ MV ORAPWHSJF orapwhsjf.bak[[email protected] dbs]$ exitexitsql> startuporacle instance started. Total System Global area 235999908 bytesfixed size 451236 bytesvariable size 201326592 byte Sdatabase buffers 33554432 Bytesredo buffers 667648 bytesora-01990:error opening password file '/opt/oracle/product/9.2.0/dbs/orapw'-This is the last file to find ora-27037:unable to obtain files Statuslinux error:2: No Such file or directoryadditional Information:3 

We set up the ORAPW password file, at which time we can open the database.

Sql>! [Email protected] dbs]$ LSHSJF  initdw.ora  inithsjf.ora init.ora  lkhsjf  orapwhsjf.bak  Spfilehsjf.ora[[email protected] dbs]$ CP orapwhsjf.bak orapw[[email protected] dbs]$ exitexitsql> ALTER DATABASE open ;D Atabase altered. Sql> Show parameter Passwname                                 TYPE        VALUE-------------------------------------------------------------- ---------------remote_login_passwordfile            string      sharedsql>    

So you might wonder if multiple exclusive databases can share a password file (ORAPW)?

We continue this experiment:

Sql> Show parameter password

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
Remote_login_passwordfile string SHARED

[Email protected] dbs]$ strings ORAPW
]\[z
ORACLE Remote Password File
INTERNAL
Ab27b53edc5fef41
8a8f025737a9097a

Note that only the Internal/sys password is recorded here.

When remote_login_passwordfile=exclusive

Sql> alter system set remote_login_passwordfile=exclusive Scope=spfile;

System altered.

sql> startup force;
ORACLE instance started.

Total System Global area 235999908 bytes
Fixed Size 451236 bytes
Variable Size 201326592 bytes
Database buffers 33554432 bytes
Redo buffers 667648 bytes
Database mounted.
Database opened.
Sql>!

[Email protected] bin]$ CD $ORACLE _home/dbs
[Email protected] dbs]$ strings ORAPW
]\[z
ORACLE Remote Password File
Hsjf
INTERNAL
Ab27b53edc5fef41
8a8f025737a9097a
[[Email protected] dbs]$ exit
Exit

Note here that the instance name information is written to the password file after it is started in exclusive mode.

This password file can still be used if another instance is started in exclusive mode, and the instance name in the password file is overwritten at the same time.

That is, the database only reads the password file during the startup process, and the database does not lock the file while it is running, similar to the Pfile/spfile file.

Sql> select * from V$pwfile_users;

USERNAME Sysdb SYSOP
------------------------------ ----- -----
SYS true True

Sql> Grant SYSDBA to Eygle;

Grant succeeded.

Sql> select * from V$pwfile_users;

USERNAME Sysdb SYSOP
------------------------------ ----- -----
SYS true True
Eygle TRUE FALSE

Sql>!
[Email protected] bin]$ CD $ORACLE _home/dbs
[Email protected] dbs]$ strings ORAPW
]\[z
ORACLE Remote Password File
Hsjf
INTERNAL
Ab27b53edc5fef41
8a8f025737a9097a
>eygle
B726e09fe21f8e83

Note that you can increase the SYSDBA user at this time, and this information can be written to the password file.

Once additional SYSDBA users have been added to the password file, this file can no longer be shared by other exclusive instances.

In fact, the password file is for other users to start a sudo role.

6. Rebuilding the password file

If the password file is missing, you can use ORAPWD to rebuild the password file with the following syntax:

[Email protected] oracle]$ orapwd

where
File-name of password file (mand),
Password-password for SYS (Mand),
Entries-maximum number of distinct DBA and opers (opt),
There is no spaces around the equal-to (=) character.

Transferred from: http://www.eygle.com/faq/passwordfile.htm