今天首先发现sys用户使用什么密码都可以登录
SQL> conn sys/sys as sysdba
已连接。
SQL> conn sys/oracle as sysdba
已连接。
SQL> conn sys/dfdfsfdsf as sysdba
已连接。
原因就是使用了操作系统认证
Operating system authentication takes precedence over
password file authentication.
操作系统认证是优先于密码文件认证的
将Oradba组中的用户删除,这时并不表示使用密码文件认证了
SQL> conn /as sysdba
ERROR:
ORA-01031: insufficient privileges
不过此时以上已经无法连接了
将sqlnet.ora中的
#SQLNET.AUTHENTICATION_SERVICES= (NTS)注释掉,但将Oradba组中的用户恢复
SQL> conn /as sysdba
ERROR:
ORA-01031: insufficient privileges
无论是将sqlnet.ora SQLNET.AUTHENTICATION_SERVICES= (NTS)注释掉,还是将Oradba组中的用户删除,都不能使用操作系统认证
SQL> conn sys/oracle as sysdba
ERROR:
ORA-01031: insufficient privileges
此时使用sys用户登录,报ORA-01031,可能是没有密码文件
orapwd file=d:\oracle\ora92\database\pwdgame.ora password=game entries=10创建密码文件
file:密码文件路径
password:sys用户的密码
entries:使用密码文件管理的用户数
将remote_login_passwordfile设置为Exclusive或者shared
SQL> show parameter remote_login
NAME TYPE VALUE
------------------------------------ ----------- --------------------------
remote_login_passwordfile string EXCLUSIVE
SQL> conn sys/game as sysdba
ERROR:
ORA-01031: insufficient privileges
还是报ORA-01031
折腾了半天,想起来新增密码文件可能需要重启
重启后,连接成功了
SQL> conn sys/game as sysdba;
已连接。
关于remote_login_passwordfile
NONE: Setting this parameter to NONE causes Oracle Database to behave as if the
password file does not exist. That is, no privileged connections are allowed over
nonsecure connections.
设置为none,就好象密码文件不存在,无法使用密码文件认证
实验中,我把remote_login_passwordfile设置为None,
将sqlnet.ora中的#SQLNET.AUTHENTICATION_SERVICES= (NTS)注释掉,连接数据库,报ORA-01031的错误
EXCLUSIVE: (The default) An EXCLUSIVE password file can be used with only
one instance of one database. Only an EXCLUSIVE file can be modified. Using an
EXCLUSIVE password file enables you to add, modify, and delete users. It also
enables you to change the SYS password with the ALTER USER command.
默认为Exclusive,一个实例使用一个密码文件,并且密码文件可以修改,也可以新增,修改,删除密码文件管理的用户.还可以使用alter user改变sys用户的密码
SHARED: A SHARED password file can be used by multiple databases running on
the same server, or multiple instances of a Real Application Clusters (RAC)
database. A SHARED password file cannot be modified. This means that you
cannot add users to a SHARED password file. All users needing SYSDBA or SYSOPER system privileges must be added to the password file when REMOTE_LOGIN_PASSWORDFILE is set to EXCLUSIVE. After all users are added, you can change REMOTE_LOGIN_PASSWORDFILE to SHARED, and then share the file.
shared的密码文件不能被修改,所以不能新增用户.用法是:先修改为exclusive来新增用户,待用户都添加了以后,再将该参数修改为shared
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/22111412/viewspace-611683/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/22111412/viewspace-611683/