The password file belongs to the database part
Role of the password file: DBA user authentication
DBA user when having sysdba and Sysoper permissions
By default
SYSDBA is sys, he has the most authority.
Sysoper is the system.
There are two ways to authenticate to an Oracle database
(1) Authentication with operating system integration
(2) authentication using the password file of the Oracle database
They even have an application scenario
If local login
(1) Using Operating system authentication
(2) Password file authentication
[[email protected] dpdump]# ID Oracle
UID=1101 (Oracle) gid=1000 (oinstall) group =1000 (Oinstall), 1300 (DBA), 1301 (Oper)
We see that Oracle users belong to the DBA group, so with the DBA this group of permissions, by default he has the operating system permissions, you can not apply password can log in (using the operating system user name and password, and then can go in)
Sqlplus/as SYSDBA
Sql> in this case, we're logged in with the SYS user.
Sql> Show User
USER is "SYS"
What is password file authentication
Password file directory $oracle_home/dbs
The password file is $oracle_home/dbs/orapw<sid>
The following orapwesbtest is the password file for this instance of Esbtest
For example, I'm now going to delete this password file, let's see
[Email protected] dbs]$ sqlplus Sys/[email protected] as Sysdba
If the password file is deleted, create a password file
For example, here the orapwesbtest password file is missing, we use the following method to generate a password file
Orapwd file= orapwesbtest password=yizhenuplooking Entries=1
The decision is password file authentication or OS authentication, which is determined by two parameters
Parameters (1)
Remote/login/passwordfile=none|exclusive|shared
None does not apply password to use AH authentication
Execlusive to password file authentication, own exclusive use (this is the default)
Shared to password file authentication, different instances DBA users can share files
If there is a password file authentication, the SYS user cannot log on remotely.
Parameters (2)
$ORACLE _home/network/admin/sqlnet.ora
Add the following line to the file
Sqlnet. Authentcication_services=none|all|nts
None represents shutting down operating system authentication, only password authentication
All for Linux/unix platform, turn off the local password file authentication, operating system authentication, but remote (not their own machine) can use password file authentication, but this machine is not to login
NTS is a Windows platform and is not discussed for the time being
These two parameters can be used together, different combinations, there will be different effects
Management of password files:
The amount of the password file is set up:
Take a look at how to use the Orapwd
Usage:orapwd file=<fname> entries=<users> force=<y/n> ignorecase=<y/n> nosysdba=<y/n>
where
File-name of password files (required), the name of the password file orapw<sid>
Password-password for SYS would is prompted if not specified the password of the user at command Line,sys
Entries-maximum number of distinct DBA (optional), how many sysdba,sysoper rights users can be placed in the password file, the actual user password file can be placed larger than this
Force-whether to overwrite existing file (optional), force default is N, can also be asked as Y, whether to overwrite the original password file
Ignorecase-passwords is case-insensitive (optional),
Nosysdba-whether to shut out of the SYSDBA logon (optional Database Vault only).
There must be no spaces around the equal-to (=) character.
Changes to the password file:
(1) Orapwd Establish password file (not recommended)
(2) ALTER user SYS identified by
(3) Grant SYSDBA to User
(4) Grant Sysoper to User
(5) Revoke sysdba|sysoper from user
It will change the password file.
For example, I do not remember my sys user's password, this time I can first through the operating system certification into the way
Sqlplus/as SYSDBA
ALTER user SYS identified by 12334234;
For example, we now want a normal user to have some SYSDBA permissions
Conn/as Sysdba;
Create user Bao identified by yizhenuplooking;
Sql> Grant Sysdba to Bao;
Grant succeeded.
We can sign in with password authentication
Sqlplus Bao/[email protected] as SYSDBA;
The normal user Bao has the SYS permission, but the default is not Bao but the SYS user, you can use show user to look at, because you are logged in with the authority of the SYS user, so by default is the SYS user
Look what the difference is between SYSDBA and Sysoper, both of them are system permissions
SYSDBA is the gang leader.
Sysoper is the gang's second boss.
How do I see what permissions my current users have? For example, see which of the current system is the amount with SYSDBA permissions, and which are the Sysoper permissions
We can view the password file view, this must be under the SYSDBA user to view
Conn/as Sysdba;
Sql> select * from V$pwfile_users;
USERNAME Sysdb SYSOP Sysas
------------------------------ ----- ----- -----
SYS true True FALSE
BAO TRUE false False
S1 false TRUE False
Summarize:
(1) The role of the password file
(2) Location of password files
(3) Search Order of password files
First look for Orapw<sid>,, can not find in looking for orapwd, cannot find the password authentication failed
(4) DBA user authentication method system authentication and password file authentication, when to use what authentication method, by two parameters decide
(5) Establishment of password file
(6) How to modify the password file
(7) When the SYS password is wrong, it is best not to give him to remove the re-establishment, I should use the system authentication method to change the password with ALTER user sys, if the password file is not or is damaged, only re-established
Today's assignment:
1. Combination time using two authentication login mode parameters, see what effect will be summed up, close OS authentication, password file, close the local password file, close the remote password file how to do
2.
oracle-6-Password file