oracle10g的密码文件管理
参考:http://www.cnblogs.com/moonfans/p/3852015.html
查看监听是否正常
[oracle@mygod1 ~]$ lsnrctl status
Listener Parameter File /software/app/oracle/product/10.2.0/db_1/network/admin/listener.ora
Listener Log File /software/app/oracle/product/10.2.0/db_1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=mygod1)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC0)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orcl_XPT" has 1 instance(s).
Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully
[oracle@mygod1 ~]$
sys用户在连接数据库时必须以sysdba or sysoper方式,sys用户要想连接数据库必须使用口令文件
SQL> select * from v$pwfile_users;
USERNAME SYSDB SYSOP
------------------------------ ----- -----
SYS TRUE TRUE
SQL>
由于目前存在口令文件,所以我可以远程登录成功
[oracle@mygod1 ~]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID
/software/app/oracle/product/10.2.0/db_1/dbs/orapworcl
[oracle@mygod1 ~]$ sqlplus sys/redhat$orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Apr 11 23:51:20 2017
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL>
口令文件丢失可以自己生成
[oracle@mygod1 ~]$ orapwd file=$ORACLE_HOME/dbs/orapw$ORACLE_SID password=redhat force=y
[oracle@mygod1 ~]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID
/software/app/oracle/product/10.2.0/db_1/dbs/orapworcl
[oracle@mygod1 ~]$
禁止远程登录remote_login_passwordfile=NONE
SQL> show parameter remote;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_archive_enable string true
remote_dependencies_mode string TIMESTAMP
remote_listener string
remote_login_passwordfile string EXCLUSIVE
remote_os_authent boolean FALSE
remote_os_roles boolean FALSE
SQL>
SQL> alter system set remote_login_passwordfile=NONE scope=spfile;
System altered.
SQL> shutdown immediate
ORA-01109: database not open
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 595591168 bytes
Fixed Size 2022600 bytes
Variable Size 176161592 bytes
Database Buffers 415236096 bytes
Redo Buffers 2170880 bytes
Database mounted.
Database opened.
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:21:19 2017
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied 此时远程登录失败。
Enter user-name:
允许远程登录但是不可以修改sys用户密码 remote_login_passwordfile=shared
SQL> alter system set remote_login_passwordfile=shared scope=spfile;
System altered.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 595591168 bytes
Fixed Size 2022600 bytes
Variable Size 180355896 bytes
Database Buffers 411041792 bytes
Redo Buffers 2170880 bytes
Database mounted.
Database opened.
SQL>
[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:26:39 2017
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL> alter user sys identified by tiger;
alter user sys identified by tiger
*
ERROR at line 1:
ORA-28046: Password change for SYS disallowed
SQL>
允许远程登录并可以修改sys用户密码 remote_login_passwordfile=exclusive
[oracle@mygod1 ~]$ sqlplus / as sysdba
SQL> alter system set remote_login_passwordfile=exclusive scope=spfile;
System altered.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 595591168 bytes
Fixed Size 2022600 bytes
Variable Size 184550200 bytes
Database Buffers 406847488 bytes
Redo Buffers 2170880 bytes
Database mounted.
Database opened.
SQL>
[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:32:22 2017
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL> alter user sys identified by tiger;
User altered.
SQL>
关闭os登录,但支持远程登录sqlnet.authentication_services=none
# bvasudev 02/07/97 - Change sqlnet.authentication_services documentation
#names.authority_required = False
# _authority_required _auto_refresh*
#sqlnet.authentication_services
# Enables one or more authentication services. If
# support, using (beq, kerberos5) would enable authentication via
#sqlnet.authentication_services=(beq, kerberos5)
#sqlnet.authentication_kerberos5_service
#sqlnet.authentication_kerberos5_service=acme
#sqlnet.radius_authentication = localhost
#sqlnet.radius_authentication_port = 1654
#sqlnet.radius_authentication_interface = DefaultRadiusInterface
#ssl_client_authentication
# The ssl_client_authentication parameter controls whether the client
# is authenticated using SSL. This parameter should be set to FALSE if
# authentication (DH_anon) or if using other non-SSL authentication
#Purpose: Indicates the time interval within which database authentication
# authentication within the given time period, then the database
[oracle@mygod1 ~]$
[oracle@mygod1 ~]$ echo "sqlnet.authentication_services=none" >/$ORACLE_HOME/network/admin/sqlnet.ora
[oracle@mygod1 ~]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:38:44 2017
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:38:56 2017
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL>
打开os登录,但不支持远程登录sqlnet.authentication_services=all
[oracle@mygod1 ~]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:40:25 2017
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:40:30 2017
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name: