I. What is the Oracle operating system user authentication login method, that is, you only need to create an OS authentication user in the database. Then, you can create and log on to the same user name on the server's local or remote client, and you can connect to the local or remote database without a password. The most typical is "sqlassysdba", which means no user name or password is given.
I. What is the Oracle operating system user authentication login method, that is, you only need to create an OS authentication user in the database. Then, you can create and log on to the same user name on the server's local or remote client, and you can connect to the local or remote database without a password. The most typical is "SQL/as sysdba", which means no user name or password is given.
I. What is the logon Method for Oracle operating system user authentication.
You only need to create an OS authenticated user in the database. Then, you can
Create and log on to the same user name, you do not need a password to connect to the local or remote database.
The most typical is "SQL/as sysdba", which means you can log on to the database system without providing the user name and password.
II. How to Use OS user authentication to log on to the database locally or remotely.
1. Check whether operating system authentication is enabled
$ ORACLE_HOME/network/admin/sqlnet. ora
In Windows, check whether it is set to the default type. The default type is for Oracle for Windows.
SQLNET. AUTHENTICATION_SERVICES = (CNT)
In UNIX/Linux, check whether it is set to NONE. If yes, change it to ALL or comment out the line.
2. Check whether the password file parameter is EXCLUSIVE.
Show parameter REMOTE_LOGIN_PASSWORDFILE
If not, run the following command to change it:
Alter system set remote_login_passwordfile = EXCLUSIVE scope = spfile;
Check whether the password file has been created. If not, run the following command to create and enter the password of the sys user.
Orapwd file = orapw $ ORACLE_SID passwd = xcl entries = 5 force = y;
Run the following command to check whether a sys user has a password file.
Select * from v $ pwfile_users;
The parameter value description of remote_login_passwordfile is attached:
None: So that oracle does not use password files and can only use OS authentication. Remote Management through insecure networks is not allowed.
Exclusive: a unique password file can be used, but only one database is allowed. The password file may include other users except sys users.
Shared: Shared password files can be used on multiple databases. However, the password file can only contain sys users. It is usually used when a dba manages multiple databases.
3. Check whether the remote operating system authentication parameter is TRUE.
Show parameter remote_ OS _authent
If not, run the following command to change it:
Alter system set remote_ OS _authent = true scope = spfile;
4. Existing OS authentication keywords and Authenticated Users
-- View the keyword of the current database OS authentication, which is usually ops $
Show parameter OS _authent_prefix
-- Check whether there are OS authenticated users.
SELECT username, password FROM dba_users WHERE username like 'Ops $ % ';
You can also use alter system set OS _authent_prefix = "" scope = spfile; to remove the prefix.
5. If you have changed the parameters, restart the database to make the changes take effect. Otherwise, it is skipped.
Shutdown immediate
Startup
6. Create an OS authenticated user in the database
A. Create a myosuser operating system user on the database service.
Useradd myosuser
Passwd myosuser
B. Create a database. Remember to add a prefix before the user name.
-- Identified externally indicates that this user has passed the operating system authentication
Create user ops $ myosuser identified externally;
Grant connect, resource to ops $ myosuser;
You can also change myosuser to administrator, which makes it more obvious and convenient for windows clients to connect to a remote database.
Another thing to note is that OS authentication takes precedence over Password File authentication.
7. log on to the database server with its local OS user for testing
Export ORACLE_SID = xcldb
Export ORACLE_HOME =/u01/app/oracle/product/11.2.0/db_1
Su-myosuser
/U01/app/oracle/product/11.2.0/db_1/bin/sqlplus/
Show user
Note: myosuser must belong to the dba group role.
8. Connect to the database on the server on a remote client machine
Log on to the remote database as myosuser on the client machine.
Windows:
A. Create a myosuser
B. Authorize ORA_DBA or ora_role
C. Check whether sqlnet. ora is SQLNET. AUTHENTICATION_SERVICES = (CNT)
D. Enter sqlplus/@ remote_xcldb to log on.
Of course, if you use the administrator user for testing, it will not be so troublesome.
3. Disable remote operating system authentication
A. alter system set remote_ OS _authent = false scope = spfile;
B. Restart the database.
4. How to disable OS authentication user logon
Add the following statement to $ ORACLE_HOME/network/admin/sqlnet. ora to set it to NONE.
SQLNET. AUTHENTICATION_SERVICES = (NONE)
Both Windows and UNIX/Linux do this.
5. Increase the security level for the sqlnet. ora File
Chown root: root sqlnet. ora
Chmod 744 sqlnet. ora
In this way, only the root user can change the value.
Simple process:
Remote client connection --> check whether the database can be remotely connected (remote_ OS _authent = true)
--> Check whether the password file can be used (remote_login_passwordfile = EXCLUSIVE) --> check the password file
--> Check whether sqlnet. ora can use OS to AUTHENTICATION_SERVICES! = NONE)
--> Check whether the OS authentication username exists --> check the password --> the logon is successful.
MAIL: xcl_168@aliyun.com
BLOG: http://blog.csdn.net/xcl168
