• Oracle用户密码认证方式


    oracle用户有两种认证方式:

    • 操作系统认证(要求该用户属于本地DBA组,然后通过操作系统认证登录oracle,从而启动数据库)
    • 密码文件认证

    oracle使用哪种认证方式决定在于两个参数:

    1.remote_login_passwordfile=none|exclusive|shared

    • none:不使用密码文件认证。如果选择了这个值,就相当于屏蔽了密码文件的内容了。
    • exclusive:要密码文件认证,自己独占使用(默认值)
    • shared:要密码文件认证,不同实例dba用户可以共享密码文件

    2.位于$ORACLE_HOME/network/admin/sqlnet.ora

    SQLNET.AUTHENTICATION_SERVICES=none|all|nts
    • none:关闭操作系统认证,只能密码认证
    • all:用于linux/unix平台,关闭本机密码文件认证,采用操作系统认证
    • nts:用于windows平台

    测试远程登录的时候密码文件丢失情况

    $ rm -rf $ORACLE_HOME/dbs/orapw$ORACLE_SID
    
    $ sqlplus sys/mypna123@userdata as sysdba
    
    SQL*Plus: Release 10.2.0.4.0 - Production on Tue Sep 12 17:01:15 2017
    
    Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
    
    ERROR:
    ORA-01031: insufficient privileges
    
    
    Enter user-name: 
    
    $ orapwd file=orapw$ORACLE_SID password=mypna123 entries=3
    
    $ sqlplus sys/mypna123@userdata as sysdba
    
    SQL*Plus: Release 10.2.0.4.0 - Production on Tue Sep 12 17:11:18 2017
    
    Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
    
    
    Connected to:
    Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    
    SYS@userdata>

    可以看到默认配置下,丢失密码文件后,不可以远程登录数据库,只可以本地系统认证后登录数据库

    测试remote_login_passwordfile为exclusive,AUTHENTICATION_SERVICES为none的情况

    SYS@userdata>show parameter remote_login_passwordfile;
    
    NAME                     TYPE                   VALUE
    ------------------------------------ --------------------------------- ------------------------------
    remote_login_passwordfile         string                   EXCLUSIVE
    
    $ echo "SQLNET.AUTHENTICATION_SERVICES=NONE" >> $ORACLE_HOME/network/admin/sqlnet.ora
    
    $ sqlplus / as sysdba
    
    SQL*Plus: Release 10.2.0.4.0 - Production on Tue Sep 12 17:21:36 2017
    
    Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
    
    ERROR:
    ORA-01031: insufficient privileges
    
    
    Enter user-name:
     
    $ sqlplus sys/mypna123@userdata as sysdba
    
    SQL*Plus: Release 10.2.0.4.0 - Production on Tue Sep 12 17:21:41 2017
    
    Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
    
    
    Connected to:
    Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    
    SYS@userdata>

     可以看到在remote_login_passwordfile为exclusive,AUTHENTICATION_SERVICES为none的情况下,数据库只能使用密码文件认证方式

    测试remote_login_passwordfile为exclusive,AUTHENTICATION_SERVICES为all的情况

    SYS@userdata>show parameter remote_login_passwordfile;
    
    NAME                     TYPE                   VALUE
    ------------------------------------ --------------------------------- ------------------------------
    remote_login_passwordfile         string                   EXCLUSIVE
    
    $ cat $ORACLE_HOME/network/admin/sqlnet.ora
    SQLNET.AUTHENTICATION_SERVICES=ALL
    
    $ sqlplus sys/mypna123@userdata as sysdba
    
    SQL*Plus: Release 10.2.0.4.0 - Production on Tue Sep 12 23:17:54 2017
    
    Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
    
    ERROR:
    ORA-12641: Authentication service failed to initialize
    
    
    Enter user-name: 
    
    $ sqlplus / as sysdba
    
    SQL*Plus: Release 10.2.0.4.0 - Production on Tue Sep 12 23:18:05 2017
    
    Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
    
    
    Connected to:
    Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    
    SYS@userdata>

     可以看到在remote_login_passwordfile为exclusive,AUTHENTICATION_SERVICES为all的情况下本机登录只支持系统认证,不支持密码文件认证.普通用户和sys用户均不可以本地登录.但是远程登录是不受限制的.

    看有哪些用户是拥有sysdba权限

    SYS@userdata>grant sysdba to scott;
    
    Grant succeeded.
    SYS@userdata>select * from v$pwfile_users;
    
    USERNAME                                 SYSDBA          SYSOPER
    ---------------------------------------- --------------- ---------------
    SYS                                      TRUE            TRUE
    SCOTT                                    TRUE            FALSE
  • 相关阅读:
    Jedis客户端以及redis中的pipeline批量操作
    Redis5.x两种持久化方式以及主从复制配置
    博客园原创文章防剽窃、反爬虫指南(持续更新.....)
    【金主打赏榜】
    Swift LeetCode 目录 | Catalog(每周日更新......)
    [Swift]SkeletonView:在UITableView中使用骨架屏
    【Xcode】加快Xcode编译调试速度
    【Xcode】ITMS-90809:查找UIWebView
    [Swift]PhotoKit-照片框架
    [SourceTree]remote: HTTP Basic: Access denied
  • 原文地址:https://www.cnblogs.com/ilifeilong/p/7511220.html
Copyright © 2020-2023  润新知