oracle-6-Password file

The password file belongs to the database part

Role of the password file: DBA user authentication

DBA user when having sysdba and Sysoper permissions

By default

SYSDBA is sys, he has the most authority.

Sysoper is the system.

There are two ways to authenticate to an Oracle database

(1) Authentication with operating system integration

(2) authentication using the password file of the Oracle database

They even have an application scenario

If local login

(1) Using Operating system authentication

(2) Password file authentication

[[email protected] dpdump]# ID Oracle
UID=1101 (Oracle) gid=1000 (oinstall) group =1000 (Oinstall), 1300 (DBA), 1301 (Oper)

We see that Oracle users belong to the DBA group, so with the DBA this group of permissions, by default he has the operating system permissions, you can not apply password can log in (using the operating system user name and password, and then can go in)

Sqlplus/as SYSDBA

Sql> in this case, we're logged in with the SYS user.
Sql> Show User
USER is "SYS"

What is password file authentication

Password file directory $oracle_home/dbs

The password file is $oracle_home/dbs/orapw<sid>

The following orapwesbtest is the password file for this instance of Esbtest

For example, I'm now going to delete this password file, let's see

[Email protected] dbs]$ sqlplus Sys/[email protected] as Sysdba

If the password file is deleted, create a password file

For example, here the orapwesbtest password file is missing, we use the following method to generate a password file

Orapwd file= orapwesbtest password=yizhenuplooking Entries=1

The decision is password file authentication or OS authentication, which is determined by two parameters

Parameters (1)

Remote/login/passwordfile=none|exclusive|shared

None does not apply password to use AH authentication

Execlusive to password file authentication, own exclusive use (this is the default)

Shared to password file authentication, different instances DBA users can share files

If there is a password file authentication, the SYS user cannot log on remotely.

Parameters (2)

$ORACLE _home/network/admin/sqlnet.ora

Add the following line to the file

Sqlnet. Authentcication_services=none|all|nts

None represents shutting down operating system authentication, only password authentication

All for Linux/unix platform, turn off the local password file authentication, operating system authentication, but remote (not their own machine) can use password file authentication, but this machine is not to login

NTS is a Windows platform and is not discussed for the time being

These two parameters can be used together, different combinations, there will be different effects

Management of password files:

The amount of the password file is set up:

Take a look at how to use the Orapwd
Usage:orapwd file=<fname> entries=<users> force=<y/n> ignorecase=<y/n> nosysdba=<y/n>

where
File-name of password files (required), the name of the password file orapw<sid>
Password-password for SYS would is prompted if not specified the password of the user at command Line,sys
Entries-maximum number of distinct DBA (optional), how many sysdba,sysoper rights users can be placed in the password file, the actual user password file can be placed larger than this
Force-whether to overwrite existing file (optional), force default is N, can also be asked as Y, whether to overwrite the original password file
Ignorecase-passwords is case-insensitive (optional),
Nosysdba-whether to shut out of the SYSDBA logon (optional Database Vault only).

There must be no spaces around the equal-to (=) character.

Changes to the password file:

(1) Orapwd Establish password file (not recommended)

(2) ALTER user SYS identified by

(3) Grant SYSDBA to User

(4) Grant Sysoper to User

(5) Revoke sysdba|sysoper from user

It will change the password file.

For example, I do not remember my sys user's password, this time I can first through the operating system certification into the way

Sqlplus/as SYSDBA

ALTER user SYS identified by 12334234;

For example, we now want a normal user to have some SYSDBA permissions

Conn/as Sysdba;

Create user Bao identified by yizhenuplooking;

Sql> Grant Sysdba to Bao;

Grant succeeded.

We can sign in with password authentication

Sqlplus Bao/[email protected] as SYSDBA;

The normal user Bao has the SYS permission, but the default is not Bao but the SYS user, you can use show user to look at, because you are logged in with the authority of the SYS user, so by default is the SYS user

Look what the difference is between SYSDBA and Sysoper, both of them are system permissions

SYSDBA is the gang leader.

Sysoper is the gang's second boss.

How do I see what permissions my current users have? For example, see which of the current system is the amount with SYSDBA permissions, and which are the Sysoper permissions

We can view the password file view, this must be under the SYSDBA user to view

Conn/as Sysdba;

Sql> select * from V$pwfile_users;

USERNAME Sysdb SYSOP Sysas
------------------------------ ----- ----- -----
SYS true True FALSE
BAO TRUE false False
S1 false TRUE False

Summarize:

(1) The role of the password file

(2) Location of password files

(3) Search Order of password files

First look for Orapw<sid>,, can not find in looking for orapwd, cannot find the password authentication failed

(4) DBA user authentication method system authentication and password file authentication, when to use what authentication method, by two parameters decide

(5) Establishment of password file

(6) How to modify the password file

(7) When the SYS password is wrong, it is best not to give him to remove the re-establishment, I should use the system authentication method to change the password with ALTER user sys, if the password file is not or is damaged, only re-established

Today's assignment:

1. Combination time using two authentication login mode parameters, see what effect will be summed up, close OS authentication, password file, close the local password file, close the remote password file how to do

2.

oracle-6-Password file