Oracle 密码文件

参考：http://blog.csdn.net/leshami/article/details/5611672

--==============================
-- Oracle密码文件
--==============================
/*

一、密码文件
   作用：主要进行DBA权限的身份认证
   DBA用户：具有sysdba，sysoper权限的用户被称为dba用户。默认情况下sysdba角色中存在sys用户，sysoper角色中存在system用户
 
二、Oracle的两种认证方式；
   1.使用与操作系统集成的身份验证
   2.使用Oracle数据库的密码文件进行身份认证

三、密码文件的位置
   Linux下的存放位置：$ORACLE_HOME/dbs/orapw$ORACLE_SID
                  即：ORACLE_HOME/dbs/orapw<sid>
   Windows下的存放位置:$ORACLE_HOME/database/PWD%ORACLE_SID%.ora

   密码文件查找的顺序
   --->orapw<sid>--->orapw--->Failure

   两种认证方式：类似于SQL server中的windows认证和SQL server认证

   决定在两个参数中
   1.remote_login_passwordfile = none | exclusive |shared  位于$ORACLE_HOME/dbs/spfile$ORACLE_SID.ora参数文件中
      none : 不使用密码文件认证
      exclusive :要密码文件认证，自己独占使用(默认值)
      shared ：要密码文件认证，不同实例dba用户可以共享密码文件

   2. $ORACLE_HOME/network/admin/sqlnet.ora
      SQLNET.AUTHENTICATION_SERVICES = none | all | ntf(windows)
      none : 表示关闭操作系统认证，只能密码认证
      all : 用于linux或unix平台，关闭本机密码文件认证，采用操作系统认证，但远程<异机>可以使用密码文件认证
      nts : 用于windows平台

  不同的组合
     1           2
   none          none      sys用户无论是本机还是远程均不可用

 
四、演示：实验判断当前使用的是操作系统认证还是密码认证
1.在sqlnet.ora中追加SQLNET.AUTHENTICATION_SERVICES = none

oracle@testdb admin]$ vi sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = none
~
"sqlnet.ora" [New] 1L, 39C written                                                                                                                   
[oracle@testdb admin]$

--使用操作系统登陆认证，失败
[oracle@testdb admin]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Mon Dec 25 21:26:22 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

ERROR:
ORA-01017: 用户名/口令无效; 登录被拒绝


Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied


Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied


SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus
[oracle@testdb admin]$

--改用密码认证登陆，成功。
[oracle@testdb admin]$ sqlplus sys/oracle as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Mon Dec 25 21:27:04 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>   


 2.将SQLNET.AUTHENTICATION_SERVICES的值改为all
 
[oracle@testdb admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = all
[oracle@testdb admin]$

[oracle@testdb admin]$ cat tnsnames.ora
DBDB =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.56.12)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = DBdb)
    )
  )

testdb =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.56.28)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = DBdb)
    )
  )
[oracle@testdb admin]$
DBDB是连接到远程的数据库的tns
testdb是连接到本机数据库的tns;

--使用操作系统登陆认证，成功。
[oracle@testdb admin]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Mon Dec 25 21:36:00 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> exit    
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@testdb admin]$

--使用本机密码认证，成功；
[oracle@testdb admin]$ sqlplus sys/oracle as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Mon Dec 25 21:40:35 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

--使用本机密码认证加本机tns连接，失败；
[oracle@testdb admin]$ sqlplus sys/oracle@testdb as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Mon Dec 25 21:36:17 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

ERROR:
ORA-12641: Authentication service failed to initialize


Enter user-name:
ERROR:
ORA-01017: invalid username/password; logon denied

--使用客户端远程密码连接方式连接本机，成功：
C:\Users\Administrator>sqlplus system/oracle@192.168.56.28/DBdb

SQL*Plus: Release 11.2.0.1.0 Production on 星期二 12月 26 10:16:53 2017

Copyright (c) 1982, 2010, Oracle.  All rights reserved.


连接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>


--使用tns连接到其他数据库的tns,成功；
[oracle@testdb admin]$ sqlplus sys/oracle@DBDB as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Mon Dec 25 21:36:43 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>


五、密码文件的建立：orapwd */

[oracle@testdb ~]$ orapwd
Usage: orapwd file=<fname> password=<password> entries=<users> force=<y/n>
  where
   file - name of password file (mand), /*密码文件的名字orapw<sid>*/
   password - password for SYS will be prompted if not specified at command line,  /*sys用户的密码*/
   entries - maximum number of distinct DBA (optional), /*可以有多少个sysdba,sysoper权限用户放到密码文件中去，去掉重复记录*/
                                            /*注意entries中存放的个数但不是实际个数，这个是二进制数据*/  
   force - whether to overwrite existing file (optional),/*10g新增的参数，默认值为n ,y表示允许覆盖*/
   ignorecase - passwords are case-insensitive (optional),
   nosysdba - whether to shut out the SYSDBA logon (optional Database Vault only).
 
 There must be no spaces around the equal-to (=) character.

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/31397003/viewspace-2149282/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/31397003/viewspace-2149282/