Overview of Oracle Password files

OS Certification

Server-side OS authentication is enabled by default after Oracle installation.

That is, the user and password check on the login database at the operating system level, you have the Oracle installation of the user operating system certification, the default also has the SYS user authentication.

When you log in as a sysdba character, you do not have to verify the username and password. Successful landing with any user name and password.

Sql> Connect/as SYSDBA

is connected.

Sql> Connect Sdfd/sds as Sysdba

is connected.

Sql> Show User

USER is "SYS"

This is convenient, but there are security risks, if you do not need this authentication method, then you can modify the $oracle_home/network/admin/directory of Sqlnet.ora files.

Sqlnet. Authentication_services= (NTS)

Amended to

Sqlnet. Authentication_services= (none), or add a # comment to the preceding line.

At this point, if you do not enter the correct username password will be the error

Sql> Connect/as SYSDBA

ERROR:

ORA-01031: Insufficient Permissions

Password file

Oracle's password files are used to store passwords for all users who connect to the database with SYSDBA or sysoper permissions, and password files are stored in the $oracle_home/dbs directory (Linux,window in database). The default name is Pwdsid.ora.

More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/database/Oracle/

Whether the password file is used is controlled by a parameter remote_login_passwordfile provided by Oracle, Remote_login_passwordfile has NONE,SHARED,EXCLUSIVE3 values:

None means that the password file is not used.

Exclusive represents the instance exclusive use of the password file, which is the individual instance using a separate password file,

Shared represents multiple instances sharing a password file

We can see from the V$pwfile_users view which users use the password file

Sql> select * from V$pwfile_users;

USERNAME Sysdb SYSOP

------------------------------ ----- -----

SYS true True

The contents of the above view are read from the password file, and if we delete the password file, the view is empty.

If the password file is accidentally deleted, you can use the ORAPWD command to generate the password file

Usage:orapwd file=<fname> entries=<users> force=<y/n> ignorecase=<y/n> nosysdba=<y/n>

For example, Orapwd file= ' $oracle _home/dbs/pwdsid.ora ' can be, of course, the name of the file may also be customized, but if customized, Linux to be in the. Profile,windows to add ora_sid_ to the registry Pwfile Environment variables

Specify a new password file path for it.

This article is from "Richard's notes-accumulate micro Cheng" blog, please be sure to keep this source http://zxf261.blog.51cto.com/701797/853722