Oracle Operating System Identity Authentication

Oracle operating system identity authentication using lelogin Database Remote Login authenticationossqlnet. authentication_services = (CNT), in $ ORACLE_HOME/network/admin/sqlnet. in ora, the operating system is windows or all. operating system authentication is allowed in both cases. If sqlnet. authentication_services is not set in unix, operating system authentication is performed by default! Or if it is set to all, operating system authentication is also allowed. The SQLNET. AUTHENTICATION_SERVICES = (NONE, CNT) parameter indicates the authentication method used by the user to connect to the Oracle server. NONE indicates the identity authentication of the Oracle database, and NT indicates the identity authentication of the operating system. You can use either of the two methods. You can use either OS authentication or password file authentication to verify the database logon with sysdba, one is to log on directly to the Database Host (using OS authentication), and the other is to log on remotely through the network. Two parameters need to be set, one is SQLNET. AUTHENTICATION_SERVICES, one is REMOTE_LOGIN_PASSWORDFILE. OS authentication: If OS authentication is enabled and sysdba is used for logon, you only need to install the oracle software to log on to sqlplus "/as sysdba ". If you want to disable OS authentication and only use the password file to log on, you must first have a password file: orapwd file = C:/oracle/product/10.2.0/db_1/database/PWDoralocal. ora password = maximo entries = 10; then we need to set $ ORACLE_HOME/network/admin/sqlnet. set in ora: SQLNET. AUTHENTICATION_SERVICES = none note that the password file is only loaded when the database is started. Once the password file is loaded, it is out of oracle management. Therefore, after we create a password file using orapwd, the password specified in it takes effect only after the data is restarted: At this point, we have achieved no OS authentication (sqlplus "/as sysdba" login failure ). So how can we use sysdba to remotely log on to the network? We can set REMOTE_LOGIN_PASSWORDFILE = none in the initialization file. Note: When REMOTE_LOGIN_PASSWORDFILE = none, the database needs to be restarted for this parameter to take effect. Once this parameter is enabled, the operating system authentication will be used instead of the password file. Therefore, if REMOTE_LOGIN_PASSWORDFILE = none and SQLNET. AUTHENTICATION_SERVICES = none, the database cannot be logged on. Alter system set REMOTE_LOGIN_PASSWORDFILE = none scope = spfile; (1) REMOTE_LOGIN_PASSWORDFILE = none and SQLNET. AUTHENTICATION_SERVICES = none: oracle Installation User Local sqlplus "/as sysdba" cannot log on non-oracle Installation User Local sqlplus "sys/change_on_install as sysdba" cannot log on non-oracle Installation user remote sqlplus "/as sysdba_on_install @ sid sysdba "cannot log on (2) REMOTE_LOGIN_PASSWORDFILE = exclusive and SQLNET. AUTHENTICATION_SERVICES = none: oracle Installation User Local sqlplus "/as sysdba "Cannot log on to non-oracle Installation User Local sqlplus" sys/change_on_install as sysdba "can log on to non-oracle Installation user remote sqlplus"/as sysdba_on_install @ sid as sysdba "can log on (3) REMOTE_LOGIN_PASSWORDFILE = none and SQLNET. AUTHENTICATION_SERVICES = (ETS ): oracle Installation User Local sqlplus "/as sysdba" can log on non-oracle Installation User Local sqlplus "sys/change_on_install as sysdba" cannot log on non-oracle Installation user remote sqlplus "/as sysdba_on_install @ sid sysdba "cannot log on (4) REMOTE_LOGIN_PASSWORDFILE = exclusive and SQLNET. AUTHENTICATION_SERVICES = (ETS ): oracle Installation User Local sqlplus "/as sysdba" can log on to non-oracle Installation User Local sqlplus "sys/change_on_install as sysdba" can log on to non-oracle Installation user remote sqlplus "/as sysdba_on_install @ sid sysdba "can log on to Oracle REMOTE_LOGIN_PASSWORDFILE and set the initialization parameter REMOTE_LOGIN_PASSWORDFILE: in the initialization parameter file of the Oracle database instance, this parameter controls the usage and status of the password file. It can have the following options: 1. NONE: indicates that the Oracle system does not use a password file, privileged user login is authenticated through the operating system; 2. EXCLUSIVE: indicates that only one database instance can use this password file. Only the password file under this setting can contain user information except SYS, that is, the system permission SYSOPER/SYSDBA can be granted to other users except SYS. The default value is set in oracle 9i. Some friends say shared, but not. 3. SHARED: indicates that multiple database instances can use this password file. In this setting, only the SYS account can be identified by the password file. Even if the file contains information from other users, they are not allowed to log on with the SYSOPER/SYSDBA permission. ---- When the REMOTE_LOGIN_PASSWORDFILE parameter is set to EXCLUSIVE and SHARED, the order of password files searched by the Oracle system is: Search for the ORA_SID_PWFILE parameter value in the System Registration Database (which is the full path name of the password file ); if not, search for the ORA_PWFILE parameter value. If not, use the default value ORACLE_HOME/DATABASE/PWDSID. ORA; the SID represents the corresponding Oracle database system identifier. Summary $ ORACLE_HOME/network/admin/sqlnet. AUTHENTICATION_SERVICES parameter in ora: 1. In windows, SQLNET. AUTHENTICATION_SERVICES must be set to ETS or ALL to use OS authentication. If it is not set or set to any other value, OS authentication cannot be used. 2. in linux, if the value of SQLNET. AUTHENTICATION_SERVICES is set to ALL or is not set, OS authentication can be successful. If it is set to any other value, OS authentication cannot be used. REMOTE_LOGIN_PASSWORDFILE parameter in spfile: 1. When the value is exclusive, the remote user can log on as sysdba. 2. If the value is none, how can I modify the sys user password that cannot log on to oracle using sysdba? 1. Forget the logon password of a user other than SYS and SYSTEM users. Log On with SYS (or SYSTEM) USER: conn sys/PASS_WORD as sysdba; use the following statement to modify the USER's password: alter user user_name identified by "newpass"; Note: The password cannot be full of numbers. It cannot start with a number. Otherwise: ORA-00988: Password missing or invalid 2. Forgot SYS user, or SYSTEM user password. If you forget the password of the SYSTEM user, you can use the SYS user to log on. Then run the alter user command to change the password: conn sys/PASS_WORD as sysdba; alter user system identified by "newpass"; if you forget the sys user password, you can use the system user to log on. Then run the alter user command to change the password. Conn system/PASS_WORD; alter user system identified by "newpass"; 3. If SYS and SYSTEM users' passwords are forgotten or lost. You can use ORAPWD. EXE to change the password. Start Menu-& gt; Run-& gt; enter 'cmd' to open the Command Prompt window and enter the following command: orapwd file = D: \ oracle10g \ database \ pwdctcsys. ora password = newpass this command re-generates the Database password File. The password file is located in the \ database directory under the ORACLE_HOME directory. This password is used to change the password of the sys user. The password of other users except sys will not change. However, Oracle provides two verification methods: OS verification and password file verification. If the first method is used, change the password using the following methods: sqlplus/nolog; connect/as sysdba alter user sys identified by; alter user system identified by; if the second method is used, modify the password in the above way. You can also change the password in the following way: orapwd file = pwdxxx. ora password = your new password entries = 10 after setting, restart the service and log on again. After oracle 11g is installed on the local machine, you cannot remember the password of sys. You can change the password as follows: 1. open cmd, enter sqlplus/nolog, press enter, enter "conn/as sysdba", and enter "alter user sys identified by new password". Note: it is best to start the new password with a letter, otherwise the error Ora-00988 may occur. With this method, you can change the password as long as you have administrator permissions on the oracle server and do not remember the password. 2. execute the following command on the command line: sqlplus "/@ service name as sysdba", and then in sqlplus, alter user sys identified by new password; alter user system identified by new password; 3. run to the C drive root directory 1) input: SET ORACLE_SID = your SID Name 2) input: sqlplus/nolog3) input: connect/as sysdba4) input: alert user sys identified by sys5) input: alert user system identified by system6). The password is the initial password of the Oracle database. first, enter SQLPLUS/NOLOG in CMD, and then enter CONN/as sysdba in the displayed interface. In this way, the user logged on to the local system will trust the user to access the database. there are two ways to solve this problem: ALT Er user (USERNAME) identified by "password"; this is the password that can change USERNAME. of course, this USERNAME must already exist in another way: create user (USERNAME) identified by "password"; the command TO Change USER Permissions is grant roles to (USERNAME ); the above two methods are for the ORACLE 9I version. 5.use the orapwd.exe command to modify the command. Orapwd file = '/oracle/pwdsid. ora' password = 123456 this command is used to change the password of the sys user. You overwrite the original password file. The password of other users except sys will not change. 6. su-oraclesqlplus/nologconn/as sysdbastartup (if the database is not in the startup status, it is started) alter user sys identified by 123456 then you can use the sys user password to log on to the operating system authentication mode conn/as sysdbaalter user sys identified by xxx