oracle密码文件详解
2013-09-22 16:37
375 查看
一、密码文件
作用:主要进行DBA权限的身份认证
DBA用户:具有sysdba,sysoper权限的用户被称为dba用户。默认情况下sysdba角色中存在sys用户,sysoper角色中存在system用户
二、Oracle的两种认证方式;
1.使用与操作系统集成的身份验证
2.使用Oracle数据库的密码文件进行身份认证
三、密码文件的位置
Linux下的存放位置:$ORACLE_HOME/dbs/orapw$ORACLE_SID
即:ORACLE_HOME/dbs/orapw<sid>
Windows下的存放位置:$ORACLE_HOME/database/PWD%ORACLE_SID%.ora
密码文件查找的顺序
--->orapw<sid>--->orapw--->Failure
两种认证方式:类似于SQL server中的windows认证和SQL
server认证
决定在两个参数中
1.remote_login_passwordfile = none | exclusive |shared 位于$ORACLE_HOME/dbs/spfile$ORACLE_SID.ora参数文件中
none :
不使用密码文件认证
exclusive :要密码文件认证,自己独占使用(默认值),10G已经将其等同于shared了
shared
:要密码文件认证,不同实例dba用户可以共享密码文件
2. $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = none | all | ntf(windows)
none :
表示关闭操作系统认证,只能密码认证
all :
用于linux或unix平台,关闭本机密码文件认证,采用操作系统认证,但远程<异机>可以使用密码文件认证
nts :
用于windows平台
不同的组合
1 2
none none sys用户无论是本机还是远程均不可用
四、演示:
1.在sqlnet.ora中追加SQLNET.AUTHENTICATION_SERVICES = none
[oracle@robinson ~]$ sqlplus /as sysdba
/*登陆失败*/
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 10:41:28
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
--------------------------------------------------------------------------------
[oracle@robinson ~]$ sqlplus sys/redhatas sysdba
/*使用密码文件认证,登陆成功*/
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 10:42:35
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0- Production
With the Partitioning, OLAPand Data Mining options
SQL>
--=================================================================================
2.将SQLNET.AUTHENTICATION_SERVICES的值改为all
[oracle@robinson admin]$ sqlplus /as sysdba
/*采用本机认证可以登陆*/
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 10:46:55
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0- Production
With the Partitioning, OLAPand Data Mining options
SQL>
--------------------------------------------------------------------------------------
[oracle@robinson admin]$ sqlplus sys/redhat@orclas sysdba/*使用密码文件登陆认证失败*/
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 10:48:35
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authenticationservice failedto initialize
Enter user-name:
--注:此时可以使用远程登陆。
--使用#符号将新增的SQLNET.AUTHENTICATION_SERVICES行注释掉恢复到缺省值
/*
五、密码文件的建立:orapwd */
[oracle@robinson ~]$ orapwd
Usage: orapwd
file=<fname> password=<password> entries=<users> force=<y/n>
where
file
- name of passwordfile
(mand), /*密码文件的名字orapw<sid>*/
password - password
for SYS (mand), /*sys用户的密码*/
entries - maximum number
of distinct DBA and /*可以有多少个sysdba,sysoper权限用户放到密码文件中去,去掉重复记录*/
/*注意entries中存放的个数但不是实际个数,这个是二进制数据*/
force - whether
to overwrite existingfile
(opt),/*10g新增的参数,默认值为n ,y表示允许覆盖*/
OPERs (opt),
There are no spaces around the equal-to(=)character.
--修改密码:
[oracle@robinson ~]$ cd $ORACLE_HOME/dbs
[oracle@robinson dbs]$ ll orapworcl
-rw-r----- 1 oracle oinstall 1536 Apr 7 15:50 orapworcl
[oracle@robinson dbs]$ orapwd file=orapworcl password=oracle force=y
[oracle@robinson dbs]$ sqlplus sys/oracle@orclas sysdba
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 11:34:09
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0- Production
With the Partitioning, OLAPand Data Mining options
SQL>
--将密码改回原来的密码
[oracle@robinson dbs]$ orapwd file=orapworcl password=redhat
OPW-00005:Filewith same
name exists
- pleasedeleteor rename
[oracle@robinson dbs]$ orapwd file=orapworcl password=redhat force=y
[oracle@robinson dbs]$ rm orapworcl
/*删除密码文件*/
[oracle@robinson dbs]$ orapwd file=orapworcl password=redhat/*重建密码文件*/
--演示将entries改为,然后将多个用户设置为sysdba或sysoper
[oracle@robinson dbs]$ orapwd file=orapworcl password=redhat entries=1
[oracle@robinson dbs]$ strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
F7AC0C5E9C3C37AB
E100B964899CDDDF
--创建PL/SQL增加个新用户
SQL>
begin
2 for iin 1..20 loop
3 execute immediate'create user u'||i||' identified by u'||i||'';
4 end loop;
5 end;
6 /
--将新用户赋予sysdba角色
PL/SQL
procedure successfully completed.
SQL>
begin
2 for iin 1..20 loop
3 execute immediate'grant sysdba to u'||i||'';
4 end loop;
5 end;
6 /
begin
/*得到和密码文件相关的错误提示*/
*
ERROR at line 1:
ORA-01996:GRANT failed: passwordfile''
is full
ORA-06512: at line 3
--再次查看orapworcl发现多出了行,即当设置为的时候多出了个用户。原因是该密码文件是二进制文件,按矩阵计算可存放多少
[oracle@robinson dbs]$ strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
F7AC0C5E9C3C37AB
E100B964899CDDDF
3E81B724A296E296
668509DF9DD36B43
9CE6AF1E3F609FFC
7E19965085C9ED47
--注意不要轻易删掉密码文件,这样会将其他账户的信息也删除
/*
六、导致密码文件内容修改的几种方式:
1.使用orapwd建立,修改密码文件,不建议使用
2.使用alter user sys identified by <>
3.使用grant sysdba to <>或grant sysoper to <>或revoke
sysdba |sysoper from <>
七、查看密码文件内容 */
[oracle@robinson dbs]$ strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
F7AC0C5E9C3C37AB
E100B964899CDDDF
--当sys密码不记得可以使用OS系统身份认证登陆到sqlplus,再使用alter
user修改密码
SQL>
alter user sys identified
by oracle;
User altered
--再次查看密码文件与上一次对比,已经发生变化
SQL> ho strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
--通过授予权限来修改密码,密码文件中多出了scott的信息
SQL>
grant sysdba to scott;
Grant succeeded.
SQL> ho strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
SCOTT
F894844C34402B67
--注意此处中登陆后,显示的账户信息还是sys,而不是scott,但此时的scott已经具备了sys权限
[oracle@robinson dbs]$ sqlplus scott/tiger@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 11:56:09
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0- Production
With the Partitioning, OLAPand Data Mining options
SQL> show
user
USER
is "SYS"
/*
八、sysdba与sysoper的区别*/
SQL>
select * from system_privilege_map where name
like '%SYS%';
PRIVILEGE NAME PROPERTY
---------- ---------------------------------------- ----------
-3
ALTER SYSTEM 0
-4 AUDIT SYSTEM 0
-83 SYSDBA 0
-84 SYSOPER 0
--下面的链接是两者不同的权限说明 http://download.oracle.com/docs/cd/B19306_01/server.102/b14231/dba.htm#sthref137 The manner in which you are authorizedto
use these privileges depends upon the methodof authentication that youuse.
When you connect
with SYSDBA or SYSOPER privileges, you connec twith a
default schema,
not with the schema that
is generally associated
with your username.
For SYSDBA this
schemai s SYS;
for SYSOPER the schema is
PUBLIC.
--两者的schema不同
SQL> show
user
USER
is "SYS"
SQL> conn
/as sysoper
Connected.
SQL> show
user
USER
is "PUBLIC"
--查看密码文件视图,可以得到哪些用户为sysdba,哪些用户为sysoper
SQL>
select* from v$pwfile_users;
USERNAME SYSDB SYSOP
------------------------------ ----- -----
SYS TRUE TRUE
SCOTT TRUE FALSE
USER1 FALSE TRUE
--下面演示了使用不同的角色来登陆
SQL> conn scott/tiger@orclas sysdba
Connected.
SQL> conn scott/tiger@orclas sysoper /*scott的sysop列为false*/
ERROR:
ORA-01031: insufficient privileges
Warning: You are
no longer connected to ORACLE.
SQL> conn user1/user1@orclas sysdba
ERROR:
ORA-01031: insufficient privileges
SQL> conn user1/user1as sysoper
Connected.
文章转自:http://blog.csdn.net/leshami/article/details/5611672
作用:主要进行DBA权限的身份认证
DBA用户:具有sysdba,sysoper权限的用户被称为dba用户。默认情况下sysdba角色中存在sys用户,sysoper角色中存在system用户
二、Oracle的两种认证方式;
1.使用与操作系统集成的身份验证
2.使用Oracle数据库的密码文件进行身份认证
三、密码文件的位置
Linux下的存放位置:$ORACLE_HOME/dbs/orapw$ORACLE_SID
即:ORACLE_HOME/dbs/orapw<sid>
Windows下的存放位置:$ORACLE_HOME/database/PWD%ORACLE_SID%.ora
密码文件查找的顺序
--->orapw<sid>--->orapw--->Failure
两种认证方式:类似于SQL server中的windows认证和SQL
server认证
决定在两个参数中
1.remote_login_passwordfile = none | exclusive |shared 位于$ORACLE_HOME/dbs/spfile$ORACLE_SID.ora参数文件中
none :
不使用密码文件认证
exclusive :要密码文件认证,自己独占使用(默认值),10G已经将其等同于shared了
shared
:要密码文件认证,不同实例dba用户可以共享密码文件
2. $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = none | all | ntf(windows)
none :
表示关闭操作系统认证,只能密码认证
all :
用于linux或unix平台,关闭本机密码文件认证,采用操作系统认证,但远程<异机>可以使用密码文件认证
nts :
用于windows平台
不同的组合
1 2
none none sys用户无论是本机还是远程均不可用
四、演示:
1.在sqlnet.ora中追加SQLNET.AUTHENTICATION_SERVICES = none
[oracle@robinson ~]$ sqlplus /as sysdba
/*登陆失败*/
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 10:41:28
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
--------------------------------------------------------------------------------
[oracle@robinson ~]$ sqlplus sys/redhatas sysdba
/*使用密码文件认证,登陆成功*/
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 10:42:35
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0- Production
With the Partitioning, OLAPand Data Mining options
SQL>
--=================================================================================
2.将SQLNET.AUTHENTICATION_SERVICES的值改为all
[oracle@robinson admin]$ sqlplus /as sysdba
/*采用本机认证可以登陆*/
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 10:46:55
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0- Production
With the Partitioning, OLAPand Data Mining options
SQL>
--------------------------------------------------------------------------------------
[oracle@robinson admin]$ sqlplus sys/redhat@orclas sysdba/*使用密码文件登陆认证失败*/
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 10:48:35
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authenticationservice failedto initialize
Enter user-name:
--注:此时可以使用远程登陆。
--使用#符号将新增的SQLNET.AUTHENTICATION_SERVICES行注释掉恢复到缺省值
/*
五、密码文件的建立:orapwd */
[oracle@robinson ~]$ orapwd
Usage: orapwd
file=<fname> password=<password> entries=<users> force=<y/n>
where
file
- name of passwordfile
(mand), /*密码文件的名字orapw<sid>*/
password - password
for SYS (mand), /*sys用户的密码*/
entries - maximum number
of distinct DBA and /*可以有多少个sysdba,sysoper权限用户放到密码文件中去,去掉重复记录*/
/*注意entries中存放的个数但不是实际个数,这个是二进制数据*/
force - whether
to overwrite existingfile
(opt),/*10g新增的参数,默认值为n ,y表示允许覆盖*/
OPERs (opt),
There are no spaces around the equal-to(=)character.
--修改密码:
[oracle@robinson ~]$ cd $ORACLE_HOME/dbs
[oracle@robinson dbs]$ ll orapworcl
-rw-r----- 1 oracle oinstall 1536 Apr 7 15:50 orapworcl
[oracle@robinson dbs]$ orapwd file=orapworcl password=oracle force=y
[oracle@robinson dbs]$ sqlplus sys/oracle@orclas sysdba
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 11:34:09
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0- Production
With the Partitioning, OLAPand Data Mining options
SQL>
--将密码改回原来的密码
[oracle@robinson dbs]$ orapwd file=orapworcl password=redhat
OPW-00005:Filewith same
name exists
- pleasedeleteor rename
[oracle@robinson dbs]$ orapwd file=orapworcl password=redhat force=y
[oracle@robinson dbs]$ rm orapworcl
/*删除密码文件*/
[oracle@robinson dbs]$ orapwd file=orapworcl password=redhat/*重建密码文件*/
--演示将entries改为,然后将多个用户设置为sysdba或sysoper
[oracle@robinson dbs]$ orapwd file=orapworcl password=redhat entries=1
[oracle@robinson dbs]$ strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
F7AC0C5E9C3C37AB
E100B964899CDDDF
--创建PL/SQL增加个新用户
SQL>
begin
2 for iin 1..20 loop
3 execute immediate'create user u'||i||' identified by u'||i||'';
4 end loop;
5 end;
6 /
--将新用户赋予sysdba角色
PL/SQL
procedure successfully completed.
SQL>
begin
2 for iin 1..20 loop
3 execute immediate'grant sysdba to u'||i||'';
4 end loop;
5 end;
6 /
begin
/*得到和密码文件相关的错误提示*/
*
ERROR at line 1:
ORA-01996:GRANT failed: passwordfile''
is full
ORA-06512: at line 3
--再次查看orapworcl发现多出了行,即当设置为的时候多出了个用户。原因是该密码文件是二进制文件,按矩阵计算可存放多少
[oracle@robinson dbs]$ strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
F7AC0C5E9C3C37AB
E100B964899CDDDF
3E81B724A296E296
668509DF9DD36B43
9CE6AF1E3F609FFC
7E19965085C9ED47
--注意不要轻易删掉密码文件,这样会将其他账户的信息也删除
/*
六、导致密码文件内容修改的几种方式:
1.使用orapwd建立,修改密码文件,不建议使用
2.使用alter user sys identified by <>
3.使用grant sysdba to <>或grant sysoper to <>或revoke
sysdba |sysoper from <>
七、查看密码文件内容 */
[oracle@robinson dbs]$ strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
F7AC0C5E9C3C37AB
E100B964899CDDDF
--当sys密码不记得可以使用OS系统身份认证登陆到sqlplus,再使用alter
user修改密码
SQL>
alter user sys identified
by oracle;
User altered
--再次查看密码文件与上一次对比,已经发生变化
SQL> ho strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
--通过授予权限来修改密码,密码文件中多出了scott的信息
SQL>
grant sysdba to scott;
Grant succeeded.
SQL> ho strings orapworcl
]/[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
SCOTT
F894844C34402B67
--注意此处中登陆后,显示的账户信息还是sys,而不是scott,但此时的scott已经具备了sys权限
[oracle@robinson dbs]$ sqlplus scott/tiger@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0- Productionon Fri Apr 9 11:56:09
2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0- Production
With the Partitioning, OLAPand Data Mining options
SQL> show
user
USER
is "SYS"
/*
八、sysdba与sysoper的区别*/
SQL>
select * from system_privilege_map where name
like '%SYS%';
PRIVILEGE NAME PROPERTY
---------- ---------------------------------------- ----------
-3
ALTER SYSTEM 0
-4 AUDIT SYSTEM 0
-83 SYSDBA 0
-84 SYSOPER 0
--下面的链接是两者不同的权限说明 http://download.oracle.com/docs/cd/B19306_01/server.102/b14231/dba.htm#sthref137 The manner in which you are authorizedto
use these privileges depends upon the methodof authentication that youuse.
When you connect
with SYSDBA or SYSOPER privileges, you connec twith a
default schema,
not with the schema that
is generally associated
with your username.
For SYSDBA this
schemai s SYS;
for SYSOPER the schema is
PUBLIC.
--两者的schema不同
SQL> show
user
USER
is "SYS"
SQL> conn
/as sysoper
Connected.
SQL> show
user
USER
is "PUBLIC"
--查看密码文件视图,可以得到哪些用户为sysdba,哪些用户为sysoper
SQL>
select* from v$pwfile_users;
USERNAME SYSDB SYSOP
------------------------------ ----- -----
SYS TRUE TRUE
SCOTT TRUE FALSE
USER1 FALSE TRUE
--下面演示了使用不同的角色来登陆
SQL> conn scott/tiger@orclas sysdba
Connected.
SQL> conn scott/tiger@orclas sysoper /*scott的sysop列为false*/
ERROR:
ORA-01031: insufficient privileges
Warning: You are
no longer connected to ORACLE.
SQL> conn user1/user1@orclas sysdba
ERROR:
ORA-01031: insufficient privileges
SQL> conn user1/user1as sysoper
Connected.
文章转自:http://blog.csdn.net/leshami/article/details/5611672
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Oracle 密码文件
- Oracle密码文件使用与维护技巧
- /etc/shadow文件各段意义详解 上次更改密码期限计算
- Oracle的tnsnames.ora 监听配置文件详解
- Oracle控制文件详解
- Oracle密码文件使用与维护技巧
- Oracle OS认证与口令文件认证详解
- oracle 密码文件文件
- ORACLE创建密码文件
- oracle密码文件
- Oracle OS认证与口令文件认证详解
- Oracle静默安装文件 db_install.rsp 详解
- Oracle 密码文件
- oracle adg突然报密码文件错误
- oracle数据库文件中的导入/导出(imp/exp命令)详解
- Oracle 密码文件
- 详解oracle中网络配置三个文件
- Oracle 密码文件
- Oracle OS认证 口令文件 密码丢失处理
- Oracle重设密码文件