口令文件用于具有sysdba身份的用户执行远程登录数据库,Oracle允许用户通过口令文件验证,在数据库未启动之前登录,从而启动实例,加载打开数据库;Oracle通过一个初始化参数remote_login_passwordfile限制口令文件的使用,通过配置该参数可以控制是否在多个数据之间共享密码文件,也可以通过这个参数禁用口令文件验证。该参数是静态参数,修改后需要重启数据库生效。
Oracle寻找口令文件的顺序:orapw —> orapw —> failure
remote_login_passwordfile的值:
1、 NONE:禁用口令文件验证
设置成NONE时,用户将不能以SYSDBA或SYSOPER身份远程登录。
SYS@MTH> show parameter remote_login
NAME TYPE VALUE
------------------------------------ -------------------------------- ------------------------------
remote_login_passwordfile string NONE
oracle@C01TEST03:/home/oracle>sqlplus sys/××××××@mth as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Mon May 22 15:09:30 2017
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
本地server是可以登录的:
oracle@C01TEST03:/home/oracle>sqlplus sys/somersby as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Mon May 22 15:14:05 2017
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
2、EXCLUSIVE:独占模式(默认)
(1)普通用户被赋予SYSDBA角色时,就会被写到orapw文件中;
(2)具有SYSDBA角色的用户,密码更改后也会记录到口令文件。
oracle@C01TEST03:/oracle/product/11.2.0/dbs>strings $ORACLE_HOME/dbs/orapwMTH
]\[Z
ORACLE Remote Password file
INTERNAL
CFBC245AC38E5695
D554438BDCDF8D2F
SYSTEM
DE262D2D0106CFCE
7( }
修改参数值为EXCLUSIVE:
SYS@MTH> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SYS@MTH> startup
ORA-32004: obsolete or deprecated parameter(s) specified for RDBMS instance
ORACLE instance started.
Total System Global Area 1887350784 bytes
Fixed Size 2254344 bytes
Variable Size 520096248 bytes
Database Buffers 1358954496 bytes
Redo Buffers 6045696 bytes
Database mounted.
Database opened.
SYS@MTH>
SYS@MTH> set lines 200;
SYS@MTH> show parameter remote_login_passwordfile;
NAME TYPE VALUE
------------------------------------ -------------------------------- ------------------------------
remote_login_passwordfile string EXCLUSIVE
查看具有SYSDBA角色的用户:
SYS@MTH> select * from v$pwfile_users;
USERNAME SYSDB SYSOP SYSAS
------------------------------ --------- ------- --------
SYS TRUE TRUE FALSE
SYSTEM TRUE FALSE FALSE
3、SHARED:共享模式
(1)配置shared模式,口令文件可以被一台服务器上的多个数据库或者RAC集群数据库共享;
(2)shared模式下,修改具有SYSDBA角色的用户的密码,授予普通用户SYSDBA权限,都是不允许的。
SYS@MTH> alter user sys identified by mth;
alter user sys identified by mth
*
ERROR at line 1:
ORA-28046: Password change for SYS disallowed
SYS@MTH> grant sysdba to mth;
grant sysdba to mth
*
ERROR at line 1:
ORA-01999: password file cannot be updated in SHARED mode
将参数从EXCLUSIVE修改为SHARED:
(1)修改口令文件名
oracle@C01TEST03:/oracle/product/11.2.0/dbs>mv orapwMTH orapw
(2)修改参数的值
SYS@MTH> alter system set remote_login_passwordfile=shared scope=spfile;
System altered.
(3)重启数据库生效
参考博客:http://www.cnblogs.com/ericli/articles/5477742.html
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/30776559/viewspace-2139702/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/30776559/viewspace-2139702/