2. IT
    3. oracle10g的密码文件管理

    oracle10g的密码文件管理

    xiaoxiao2021-04-17  55

    oracle10g的密码文件管理

    参考:http://www.cnblogs.com/moonfans/p/3852015.html

     查看监听是否正常

    [oracle@mygod1 ~]$ lsnrctl status   

    Listener Parameter File   /software/app/oracle/product/10.2.0/db_1/network/admin/listener.ora Listener Log File         /software/app/oracle/product/10.2.0/db_1/network/log/listener.log Listening Endpoints Summary...   (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=mygod1)(PORT=1521)))   (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC0))) Services Summary... Service "PLSExtProc" has 1 instance(s).   Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service... Service "orcl" has 1 instance(s).   Instance "orcl", status READY, has 1 handler(s) for this service... Service "orclXDB" has 1 instance(s).   Instance "orcl", status READY, has 1 handler(s) for this service... Service "orcl_XPT" has 1 instance(s).   Instance "orcl", status READY, has 1 handler(s) for this service... The command completed successfully

    [oracle@mygod1 ~]$ 

     

     

    sys用户在连接数据库时必须以sysdba or sysoper方式,sys用户要想连接数据库必须使用口令文件

    SQL> select * from v$pwfile_users; USERNAME       SYSDB SYSOP ------------------------------ ----- ----- SYS       TRUE  TRUE SQL> 

    由于目前存在口令文件,所以我可以远程登录成功

    [oracle@mygod1 ~]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID /software/app/oracle/product/10.2.0/db_1/dbs/orapworcl

    [oracle@mygod1 ~]$ sqlplus sys/redhat$orcl as sysdba SQL*Plus: Release 10.2.0.1.0 - Production on Tue Apr 11 23:51:20 2017 Copyright (c) 1982, 2005, Oracle.  All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options SQL> 

     

    口令文件丢失可以自己生成

    [oracle@mygod1 ~]$ orapwd file=$ORACLE_HOME/dbs/orapw$ORACLE_SID password=redhat force=y [oracle@mygod1 ~]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID /software/app/oracle/product/10.2.0/db_1/dbs/orapworcl [oracle@mygod1 ~]$ 

     

    禁止远程登录remote_login_passwordfile=NONE

    SQL> show parameter remote; NAME     TYPE VALUE ------------------------------------ ----------- ------------------------------ remote_archive_enable     string true remote_dependencies_mode     string TIMESTAMP remote_listener     string remote_login_passwordfile     string EXCLUSIVE remote_os_authent     boolean FALSE remote_os_roles     boolean FALSE SQL> 

     

    SQL> alter system set remote_login_passwordfile=NONE scope=spfile; System altered. SQL> shutdown immediate ORA-01109: database not open Database dismounted. ORACLE instance shut down. SQL> startup ORACLE instance started. Total System Global Area  595591168 bytes Fixed Size    2022600 bytes Variable Size  176161592 bytes Database Buffers  415236096 bytes Redo Buffers    2170880 bytes Database mounted. Database opened. SQL> exit Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options [oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:21:19 2017 Copyright (c) 1982, 2005, Oracle.  All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied         此时远程登录失败。 Enter user-name: 

     

    允许远程登录但是不可以修改sys用户密码 remote_login_passwordfile=shared 

    [oracle@mygod1 ~]$ sqlplus / as sysdba SQL>  alter system set remote_login_passwordfile=shared scope=spfile; System altered. SQL> shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. SQL> startup ORACLE instance started. Total System Global Area  595591168 bytes Fixed Size    2022600 bytes Variable Size  180355896 bytes Database Buffers  411041792 bytes Redo Buffers    2170880 bytes Database mounted. Database opened. SQL> 

    [oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:26:39 2017 Copyright (c) 1982, 2005, Oracle.  All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options SQL> alter user sys identified by tiger; alter user sys identified by tiger * ERROR at line 1: ORA-28046: Password change for SYS disallowed SQL> 

     

     

    允许远程登录并可以修改sys用户密码 remote_login_passwordfile=exclusive 

    [oracle@mygod1 ~]$ sqlplus / as sysdba SQL> alter system set remote_login_passwordfile=exclusive scope=spfile; System altered. SQL> shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. SQL> startup ORACLE instance started. Total System Global Area  595591168 bytes Fixed Size    2022600 bytes Variable Size  184550200 bytes Database Buffers  406847488 bytes Redo Buffers    2170880 bytes Database mounted. Database opened. SQL> 

     

     

    [oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:32:22 2017 Copyright (c) 1982, 2005, Oracle.  All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options SQL> alter user sys identified by tiger; User altered. SQL> 

     

    关闭os登录,但支持远程登录sqlnet.authentication_services=none

    [oracle@mygod1 ~]$ grep auth /$ORACLE_HOME/network/admin/samples/sqlnet.ora #    bvasudev   02/07/97 - Change sqlnet.authentication_services documentation #names.authority_required = False #     _authority_required             _auto_refresh*                   #sqlnet.authentication_services # Enables one or more authentication services.  If # support, using (beq, kerberos5) would enable authentication via #sqlnet.authentication_services=(beq, kerberos5) #sqlnet.authentication_kerberos5_service #sqlnet.authentication_kerberos5_service=acme #sqlnet.radius_authentication = localhost #sqlnet.radius_authentication_port = 1654 #sqlnet.radius_authentication_interface = DefaultRadiusInterface #ssl_client_authentication # The ssl_client_authentication parameter controls whether the client  # is authenticated using SSL. This parameter should be set to FALSE if # authentication (DH_anon) or if using other non-SSL authentication #Purpose: Indicates the time interval within which database authentication #         authentication within the given time period, then the database [oracle@mygod1 ~]$ 

     

    [oracle@mygod1 ~]$ echo "sqlnet.authentication_services=none" >/$ORACLE_HOME/network/admin/sqlnet.ora [oracle@mygod1 ~]$ sqlplus / as sysdba SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:38:44 2017 Copyright (c) 1982, 2005, Oracle.  All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name:  [oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:38:56 2017 Copyright (c) 1982, 2005, Oracle.  All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options SQL> 

     

     

     

    打开os登录,但不支持远程登录sqlnet.authentication_services=all

    [oracle@mygod1 ~]$ echo "sqlnet.authentication_services=all" >/$ORACLE_HOME/network/admin/sqlnet.ora [oracle@mygod1 ~]$ sqlplus / as sysdba SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:40:25 2017 Copyright (c) 1982, 2005, Oracle.  All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options SQL> exit Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production With the Partitioning, OLAP and Data Mining options [oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:40:30 2017 Copyright (c) 1982, 2005, Oracle.  All rights reserved. ERROR: ORA-12641: Authentication service failed to initialize Enter user-name: 

     

     

     

     

     

    转载请注明原文地址: https://ju.6miu.com/read-673239.html

    技术

    最新回复(0)