Oracle OS authentication and password file authentication method, oracleos

Oracle OS authentication and password file authentication method, oracleos
OS Authentication

1. In the SQLNET. ORA (located in the $ ORACLE_HOME/NETWORK/ADMIN directory) file, use vi to edit and comment out the line # SQLNET. AUTHENTICATION_SERVICES = (NONE.

2. Check whether the current OS user belongs to the DBA group.

3. Execute sqlplus/as sysdba to log on to the database.

Password File Authentication

1. In the SQLNET. ORA (located in the $ ORACLE_HOME/NETWORK/ADMIN directory) file, use vi to edit and change it to SQLNET. AUTHENTICATION_SERVICES = (NONE). If not, add the row.
2. Set spfile or pfileREMOTE_LOGIN_PASSWORDFILE = EXCLUSIVE, OrREMOTE_LOGIN_PASSWORDFILE = SHARED

Alter system set REMOTE_LOGIN_PASSWORDFILE = exclusive scope = SPFILE;

View the Modification result: show parameter remote

NAME                                 TYPE        VALUE------------------------------------ ----------- ------------------------------remote_dependencies_mode             string      TIMESTAMPremote_listener                      stringremote_login_passwordfile            string      EXCLUSIVEremote_os_authent                    boolean     FALSEremote_os_roles                      boolean     FALSEresult_cache_remote_expiration       integer     0

3. Use orapwd to create a password file

Orapwd file = '$ ORACLE_HOME/dbs/orapw $ ORACLE_SID' password = pwd entries = 10 force = y

4. Execute sqlplus sys/pwd as sysdba to log on locally.

5. remotely execute sqlplus sys/pwd@192.168.1.40/orcl as sysdba login.

Oracle Permissions

Oracle Operating System Identity Authentication

Oraclelogin Database Remote Login authenticationos
Sqlnet. authentication_services = (CNT), in $ ORACLE_HOME/network/admin/sqlnet. ora
In either case, the operating system authentication is allowed.
If sqlnet. authentication_services is not set in unix, operating system authentication is performed by default! Or if it is set to all, operating system authentication is also allowed.
The SQLNET. AUTHENTICATION_SERVICES = (NONE, CNT) parameter indicates the authentication method used by the user to connect to the Oracle server.
NONE indicates the identity authentication of the Oracle database, and NT indicates the identity authentication of the operating system.

You can use either OS authentication or password file authentication to verify the database logon with sysdba, one is to log on directly to the Database Host (using OS authentication), and the other is to log on remotely through the network. Two parameters need to be set, one is SQLNET. AUTHENTICATION_SERVICES, one is REMOTE_LOGIN_PASSWORDFILE.
OS authentication: If OS authentication is enabled and sysdba is used for logon, you only need to install the oracle software to log on to sqlplus "/as sysdba ". If you want to disable OS authentication and only use the password file to log on, you must first have a password file:
Orapwd file = C:/oracle/product/10.2.0/db_1/database/PWDoralocal. ora password = maximo entries = 10;
Set $ ORACLE_HOME/network/admin/sqlnet. ora:
SQLNET. AUTHENTICATION_SERVICES = none
Note that the password file is only loaded when the database is started. Once the password file is loaded, it is out of oracle management. Therefore, after we create a password file using orapwd, the password specified in takes effect only after the data is restarted:

So far, we have achieved no OS authentication (sqlplus "/as sysdba" login failure ). So how can we use sysdba to remotely log on to the network? We can set REMOTE_LOGIN_PASSWORDFILE = none in the initialization file.
Note: When REMOTE_LOGIN_PASSWORDFILE = none, the database needs to be restarted for this parameter to take effect. Once this parameter is enabled, the operating system authentication will be used instead of the password file. Therefore, if REMOTE_LOGIN_PASSWORDFILE = none and SQLNET. AUTHENTICATION_SERVICES = none, the database cannot be logged on.

Alter system set REMOTE_LOGIN_PASSWORDFILE = none scope = spfile;
(1) REMOTE_LOGIN_PASSWORDFILE = none and SQLNET. AUTHENTICATION_SERVICES = none:
Oracle Installation User Local sqlplus "/as sysdba" cannot log on
Non-oracle Installation User Local sqlplus "sys/change_on_install as sysdba" cannot log on
Remote Installation of non-oracle user s... the remaining full text>

Use PL/SQL to log on to the oracle 10g Database of the Local Machine. If the input does not exist, you can log on to the database with the dba permission for any password.

This is because operating system verification is used by default when Oracle is installed:

You can use either OS authentication or password file authentication to verify the database logon with sysdba, one is to log on directly to the Database Host (using OS authentication), and the other is to log on remotely through the network. Two parameters need to be set, one is SQLNET. AUTHENTICATION_SERVICES, one is REMOTE_LOGIN_PASSWORDFILE.

After the following method is modified, You can restrict sysdba from logging on without a password.

Sqlnet. authentication_services = (CNT), in $ ORACLE_HOME \ network \ admin \ sqlnet. ora
In either case, the operating system authentication is allowed.
If sqlnet. authentication_services is not set in unix, operating system authentication is performed by default! Or if it is set to all, operating system authentication is also allowed. The SQLNET. AUTHENTICATION_SERVICES = (NONE, CNT) parameter indicates the authentication method used by the user to connect to the Oracle server.
NONE indicates the identity authentication of the Oracle database, and NT indicates the identity authentication of the operating system.

OS authentication: If OS authentication is enabled and sysdba is used for logon, you only need to install the oracle software to log on to sqlplus "/as sysdba ". If you want to disable OS authentication and only use the password file to log on, you must first have a password file: orapwd file = C: \ oracle \ product \ 10.2.0 \ db_1 \ database \ PWDoralocal. ora password = maximo entries = 10;
Set $ ORACLE_HOME/network/admin/sqlnet. ora:
SQLNET. AUTHENTICATION_SERVICES = none