Oracle Authentication method

There are two authentication methods for Oracle login, one is "operating system authentication" and the other is "Password file Authentication".
1, when the operating system certification, in the local use of any user can be SYSDBA login; (default mode)
2, when the password file authentication, it is not any user can use SYSDBA Landing, this time must enter the correct user name password can (in fact this method is safe)
3, as to what kind of authentication method you use locally, it can be set by parameter.

The Oracle database is sqlnet.authentication_services through the parameters in the Sqlnet.ora file, and the Remote_login_ in the parameter file Passwordfile and password file Pwdsid.ora to achieve identity authentication.

sqlnet.authentication_services= (NTS) | (NONE)
NTS: Operating system authentication method, do not use password file;
NONE: Password file authentication method

remote_login_passwordfile= (NONE) | (EXCLUSIVE) | (SHARED)
None: Do not use password file, operating system authentication;
EXCLUSIVE: Password file authentication method, but only one database instance can use this file;
SHARED: Password file authentication method, you can have multiple DB instances can use this file, but this setting only the SYS account can be recognized, even if there are other user information in the file, and do not allow them to log in SYSOPER/SYSDBA.

(1). sqlnet.authentication_services= (NTS)
At the same time remote_login_passwordfile= (NONE), this is the operating system authentication mode.

When the user logged in under the ORACLE_DBA group enters the local operating system, do the following:
Sqlplus/nolog
Sql>conn/ASSYSDBA
Can be inSYSDBAThe identity login is successful and the database operation is performed.

When you log on remotely, do the following:
Sqlplus/nolog
Sql>conn/ASSYSDBA
It will show:
Error:ora-01031:insufficient Privileges
That is not allowed toSYSDBAIdentity remote Login system, which is also the reason why the OS authentication is known as the local authentication method.

(2). Sqlnet.authentication_services= (NONE), while
remote_login_passwordfile= (EXCLUSIVE) | (SHARED), with password file Pwdsid.ora, this is the password file authentication method:

When logging into the system locally as a user under the ORACLE_DBA group, do the following:
Sqlplus/nolog
Sql>conn/ASSYSDBA
It will show:
Error:ora-01031:insufficient Privileges

Perform the following operations locally or remotely:
Sqlplus/nolog
Sql>conn sys/password @ service NameASSYSDBA
Can enter the system, that is, password file authentication mode allows the user from local or remote toSYSDBALogin, but you must provide a password word.


(3). Sqlnet.authentication_services= (NTS), while
remote_login_passwordfile= (EXCLUSIVE) | (SHARED), in conjunction with the password file Pwdsid.ora, at which time the operating system authentication and password file authentication work simultaneously:

When a user logged on locally under the ORACLE_DBA group enters the operating system, do the following:
Sqlplus/nolog
Sql>conn/ASSYSDBA
can enter the system. That is, the operating system authentication method login successful.

When executing remotely:
Sqlplus/nolog
Sql>conn sys/password @ service NameASSYSDBA
At the same time can normally log on to the database system, that is, password file authentication method login success.

Attached: It is not a concept to know the following types of landing methods
Sqlplus/nolog
1:conn /ASSYSDBAThis machine login, use operating system authentication, there is no monitoring can
2:conn Sys/password ASSYSDBAThe machine login, use password file authentication, there is no monitoring can
3:conn Sys/[email protected] ASSYSDBACan be remote, the use of password file authentication, must have monitoring, must have Tnsnames.ora,remote_login_ Passwordfile must be exclusive------------------------------------------------------------------------------------------------- ---------------- * * * Special attention * * *(

C:\>sqlplus "/as sysdba"
Sql*plus:release 10.2.0.1.0-production on Fri Nov 2 16:16:22 2007
Copyright (c) 1982, 2005, Oracle. All right reserved.
ERROR:
Ora-01031:insufficient Privileges
Enter User-name:

This error is generally due to a problem with Oracle Login authentication:

Oracle login authentication is available in two ways, operating system-based login authentication and Oracle-based authentication.

You can modify the Oracle login authentication method by changing the Sqlnet.ora file:

Sqlnet. Authentication_services= (NTS) is based on operating system authentication; sqlnet.authentication_services= (NONE) is based on Oracle authentication; sqlnet.authentication_ Services= (none,nts) is the coexistence of both.

after testing, the above rules apply only to Windows Server, under Linux the rules are as follows :

By default, the Oracle database Sqlnet.ora file under Linux does not have the sqlnet.authentication_services parameter, which is based on the coexistence of operating system authentication and Oracle password authentication. When the sqlnet.authentication_services parameter is added, either sqlnet.authentication_services is set to None or NTS is based on the Oracle password authentication.

Methods for setting the authentication mode of Oracle login to the operating system under Windows:

1: Add OS user to ORA_DBA Group
2: Set Sqlnet.ora sqlnet. Authentication_services = (NTS)
Or you can rebuild the password file to change passwords, but the original grant Sysdba and Sysoper permissions of users, no longer have these 2 permissions.

One way Oracle is logged in is by operating system authentication login mode, which is often said to be the OS Authentication login method, which is also available in SQL Server.
When logging into the database with the Administrator account of Windows, just add as SYSDBA, regardless of the user name and password login, is correct, because then the system has ignored/both the user name and password, the default is the SYS user.
Some friends often use Connect/as sysdba login, but do not know why not provide a user name and password to get SYSDBA permissions. Still think this is not safe?

Oracle can log on with OS authentication on a common multi-user operating system. such as Solaris,windows and so on.
The following is a common Windows operating system to explain the way to see this operating system authentication method login principle. If your machine can use Connect/as sysdba to get SYSDBA permissions, then each of the following procedures on your machine will be verified, if not, you can log in this way after the following actions have changed.

1. Typing compmgmt.msc into Computer Management at the command line
2. Select Local Users and groups, groups
3. See if there's a group named ORA_DBA.
4. Double-click the reorganization to see if there are administrator users inside
5. Think about whether you are logged in as a administrator user?
6. Then go to the ORACLE installation directory (i.e. $oracle_home is typically D: "ORACLE") ora92 "network" admin find Sqlnet.ora file See if there is Sqlnet.authentication_ Services= (NTS)
7. If that's all right, you'll be able to sign in to Oracle with an operating system authentication (Connect/as SYSDBA)

The next question is, if your data is important, for security reasons, you want to prohibit this type of operating system authentication. So what should we do?
Quite simply, find the Sqlnet.ora file in the 6th step just now and change sqlnet.authentication_services= (NTS) to Sqlnet.authentication_services=none. Try again and see if you get the following results:
ERROR:
Ora-01031:insufficient Privileges
Warning: You are no longer connected to ORACLE.

Oracle Authentication method