Oracle Physical Structure (v) password file

The password file, or password file, is used to authenticate users who manage through the network.

1. Local connection

By default, whether the instance is started or not, the database server local user logon to the database is validated by the operating system, that is, whether the operating system user that initiated the login belongs to the Oinstall group, and is acceptable

Log on, otherwise prohibited, and the database users and passwords used at logon regardless of the wrong database user and the wrong password or null password are allowed to log in. Note that the operating system validation is only local

Then the as SYSDBA login only takes effect, but as SYSDBA identity, database validation is performed.

[root@station31~] #cat/etc/passwd | grep Oracle

Oracle:x:500:501::/home/oracle:/bin/bash

[root@station31~] #cat/etc/group | grep 501

oinstall:x:501:

Sed–i ' s/oinstall:x:501/oinstall:x:505/'/etc/group change the group ID that the Oracle user belongs to

#su-oracle

$sqlplus/as sysdba; Logon without password failed

Perl–p–e ' s/oinstall:x:505/oinstall:x:501/'/etc/group undo the above changes

Test results:

The operating system verifies that the local instance starts: as SYSDBA login without password or wrong password can log in, the normal user login to the correct password;

Instance shutdown: Can be logged in as SYSDBA login without password or error password, database is not started, database authentication is invalid, normal user cannot log in.

Disable operating system authentication Local instance start: Login with as SYSDBA requires correct password.

Instance shutdown: can only log in as SYSDBA and with the correct password.

Disabling operating system validation:

VI $ORACLE _home/network/admin/sqlnet.ora

Sqlnet. Authentication_services (NONE)

Add uplink, specify disable operating system validation, and increase local logon security.

When OS authentication is disabled, the local login will use password file authentication, the default password file is $oracle_home/dbs/orapw$oracle_sid default, depending on the setting of the database password file parameter (default)

The SYS user is already included.

Sql>show parameter remote_login_passwordfile;

Password file validation rules are: For users who log on as SYSDBA, authenticate with password file, verify that the password file contains the user and the password is correct in the password file; for non-

SYSDBA user who is logged on, the database validation is still used to verify that the user is included in the database and that the password is correct in the database.