none:不使用密码文件认证。如果选择了这个值,就相当于屏蔽了密码文件的内容了。
exclusive:要密码文件认证,自己独占使用(默认值)
shared:要密码文件认证,不同实例dba用户可以共享密码文件
2.位于$ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES=none|all|nts
none:关闭操作系统认证,只能密码认证
all:用于linux/unix平台,关闭本机密码文件认证,采用操作系统认证
nts:用于windows平台
测试远程登录的时候密码文件丢失情况
$ rm -rf $ORACLE_HOME/dbs/orapw$ORACLE_SID
$ sqlplus sys/mypna123@userdata as sysdba
SQL*Plus: Release 10.2.0.4. - Production on Tue Sep ::
Copyright (c) , , Oracle. All Rights Reserved.
ERROR:
ORA-: insufficient privileges
Enter user-name:
$ orapwd file=orapw$ORACLE_SID password=mypna123 entries=
$ sqlplus sys/mypna123@userdata as sysdba
SQL*Plus: Release 10.2.0.4. - Production on Tue Sep ::
Copyright (c) , , Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4. - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SYS@userdata>
可以看到默认配置下,丢失密码文件后,不可以远程登录数据库,只可以本地系统认证后登录数据库
测试remote_login_passwordfile为exclusive,AUTHENTICATION_SERVICES为none的情况
SYS@userdata>show parameter remote_login_passwordfile;
NAME TYPE VALUE
------------------------------------ --------------------------------- ------------------------------
remote_login_passwordfile string EXCLUSIVE
$ echo "SQLNET.AUTHENTICATION_SERVICES=NONE" >> $ORACLE_HOME/network/admin/sqlnet.ora
$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.4. - Production on Tue Sep ::
Copyright (c) , , Oracle. All Rights Reserved.
ERROR:
ORA-: insufficient privileges
Enter user-name:
$ sqlplus sys/mypna123@userdata as sysdba
SQL*Plus: Release 10.2.0.4. - Production on Tue Sep ::
Copyright (c) , , Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4. - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SYS@userdata>
可以看到在remote_login_passwordfile为exclusive,AUTHENTICATION_SERVICES为none的情况下,数据库只能使用密码文件认证方式
测试remote_login_passwordfile为exclusive,AUTHENTICATION_SERVICES为all的情况
SYS@userdata>show parameter remote_login_passwordfile;
NAME TYPE VALUE
------------------------------------ --------------------------------- ------------------------------
remote_login_passwordfile string EXCLUSIVE
$ cat $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES=ALL
$ sqlplus sys/mypna123@userdata as sysdba
SQL*Plus: Release 10.2.0.4. - Production on Tue Sep ::
Copyright (c) , , Oracle. All Rights Reserved.
ERROR:
ORA-: Authentication service failed to initialize
Enter user-name:
$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.4. - Production on Tue Sep ::
Copyright (c) , , Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4. - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SYS@userdata>
可以看到在remote_login_passwordfile为exclusive,AUTHENTICATION_SERVICES为all的情况下本机登录只支持系统认证,不支持密码文件认证.普通用户和sys用户均不可以本地登录.但是远程登录是不受限制的.
看有哪些用户是拥有sysdba权限
SYS@userdata>grant sysdba to scott;
Grant succeeded.
SYS@userdata>select * from v$pwfile_users;
USERNAME SYSDBA SYSOPER
---------------------------------------- --------------- ---------------
SYS TRUE TRUE
SCOTT TRUE FALSE