oracle os 认证,OS Authentication,ORACLE系统认证

系统认证可以让OS用户在登录oracle 系统时不需要提供密码，用以下方式就可以轻松登录

sqlplus /;

sqlplus /@service;

首先在操作系统创建操作系统用户，以下操作是在RHEL linux 5

useradd zhang;

password zhang;

su – zhang

sqlplus /

如果提示

sqlplus: error while loading shared libraries: libsqlplus.so: cannot open shared object file: No such file or director

网上查询确认为ORACLE 10g R2的一个BUG，版本号为4516865, 从网上下载了补丁，切回oracle用户关闭实例，把下载的文件changePerm.sh和restrict.lst解压到 $ORACLE_HOME/install目录下，之后进行如下操作：

[oracle@NCTEST install]$ ls

changePerm.sh restrict.lst

[oracle@NCTEST install]$ chmod 755 changePerm.sh

[oracle@NCTEST install]$ chmod 644 restrict.lst

[oracle@NCTEST install]$ ls -l

total 20

-rwxr-xr-x 1 oracle oinstall 10776 Feb 18 2006 changePerm.sh

-rw-r–r– 1 oracle oinstall 7660 Feb 16 2006 restrict.lst

[oracle@NCTEST install]$ ./changePerm.sh

—————————————————————————-

Disclaimer: The purpose of this script. is to relax permissions on some of the files in the database Oracle Home so that all clients can access them.

Please note that Oracle Corporation recommends using the most restrictive file permissions as possible for your given implementation. Running this script. should be done only after considering all security ramifications.

—————————————————————————-

Do you wish to continue (y/n) [n]: y

Finished running the script. successfully

Please see /tmp/changePerm_err.log for errors and /tmp/changePerm.log for the log of events

补丁安装说明成功

# su – zhang

$ export ORACLE_HOME=/u01/app/oracle/product/10.1.0/db_1

$ export PATH=$PATH:$ORACLE_HOME/bin

$ export ORACLE_SID=orcl

$ sqlplus /

SQL*Plus: Release 10.1.0.3.0 – Production on Wed Jun 7 08:43:30 2006

Copyright (c) 1982, 2004, Oracle. All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

In both cases, the connections failed because we have not told Oracle the users are OS authenticated. To do this, we must create an Oracle user, but first we must check the value of the Oracle OS_AUTHENT_PREFIX initialization parameter.

SQL> SHOW PARAMETER os_authent_prefix

NAME TYPE VALUE

———————————— ———– ——————————

os_authent_prefix string ops$

SQL> create user ops$zhang identified by enterally;

User created.

SQL> grant connect to ops$zhang;

Grant succeeded.

SQL> host

[oracle@orazhang admin]$ su – zhang

Password:

[zhang@orazhang ~]$ export ORACLE_HOME=/u01/app/oracle/product/10.1.0/db_1

[zhang@orazhang ~]$$ export PATH=$PATH:$ORACLE_HOME/bin

[zhang@orazhang ~]$ export ORACLE_SID=orcl

[zhang@orazhang ~]$ echo $ORACLE_SID

orcl

[zhang@orazhang ~]$ sqlplus /

SQL*Plus: Release 10.2.0.1.0 – Production on Fri Apr 1 12:03:22 2011

Copyright (c) 1982, 2005, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 – Production

With the Partitioning, OLAP and Data Mining options

SQL> show user

USER is “OPS$ZHANG”

SQL> select * from tab;

no rows selected

SQL>

成功

—————-

这个ops$前缀的定义在初始化参数中定义OS_AUTHENT_PREFIX

如果OS_AUTHENT_PREFIX=”OPS$”，

数据库用户名=OPS$+操作系统用户

如果OS_AUTHENT_PREFIX＝””

数据库中用户名＝操作系统用户名

如果remote_os_authent 　配置为true,将回开启远程系统认证，远程机器就可以sqlplus /@service远程系统认证,是有一定危险的。

打赏

微信扫一扫，打赏作者吧～