• Oracle 口令文件:即 oracle密码文件



    一:文件路径位置

    image

    [oracle@localhost db_1]$ cd $ORACLE_HOME/dbs
    [oracle@localhost dbs]$ ls
    dbsorapwPROD1   hc_orcl.dat   initneworcl.ora  initorcl.ora   lkNEWORCL  lkPROD1  orapwneworcl  spfileorcl.ora   tem.dbf
    hc_neworcl.dat  hc_PROD1.dat  init.ora         initPROD1.ora  lkORCL     my.dbf   orapworcl     spfilePROD1.ora
    [oracle@localhost dbs]$ pwd
    /u01/app/oracle/product/11.2.0/db_1/dbs
    [oracle@localhost dbs]$




    二、口令文件的命名规则

    orapw+sid
    如:
    orapworcl

    image


    三、口令文件存放的是sys

    主要是存放管理用户的密码信息的

    select *from v$pwfile_users;
    SYS@orcl> select * from v$pwfile_users;
    
    USERNAME                       SYSDB SYSOP SYSAS
    ------------------------------ ----- ----- -----
    SYS                            TRUE  TRUE  FALSE
    
    SYS@orcl>



    四:实验操作

    imageimage


    注: remote_login_passwordfile 是静态参数。修改了该值之后,数据库需要重启。

    imageimageimage






    1)当remote_login_passwordfile  是 EXCLUSIVE

    没有sqlnet.ora文件
       sqlplus sys/oracle as sysdba
        sqlplus / as sysdba
        sqlplus sys/oracle@togogo as sysdba
        以上均成功

       


      2)当remote_login_passwordfile是 EXCLUSIVE

        sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=none
    
        sqlplus sys/oracle as sysdba  成功
       sqlplus / as sysdba           不成功
       sqlplus sys/oracle@togogo as sysdba   成功
    [oracle@localhost dbs]$ clear
    
    [oracle@localhost dbs]$ ls
    dbsorapwPROD1   hc_orcl.dat   initneworcl.ora  initorcl.ora   lkNEWORCL  lkPROD1  orapwneworcl  spfileorcl.ora   tem.dbf
    hc_neworcl.dat  hc_PROD1.dat  init.ora         initPROD1.ora  lkORCL     my.dbf   orapworcl     spfilePROD1.ora
    [oracle@localhost dbs]$ cd ../network/
    [oracle@localhost network]$ ls
    admin  doc  install  jlib  lib  log  mesg  tools  trace
    [oracle@localhost network]$ ca admin/
    -bash: ca: command not found
    [oracle@localhost network]$ ls
    admin  doc  install  jlib  lib  log  mesg  tools  trace
    [oracle@localhost network]$ cd admin/
    [oracle@localhost admin]$ ls
    listener.ora  samples  shrept.lst  sqlnet.ora  tnsnames.ora
    [oracle@localhost admin]$ cat sqlnet.ora
    ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/)))
    [oracle@localhost admin]$ vi sqlnet.ora
    
    
    
    
    
    
    
    
    
    
    
    ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/)))
    SQLNET.AUTHENTICATION_SERVICES=none
    
    
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    ~
    "sqlnet.ora" 4L, 152C written
    [oracle@localhost admin]$ cat sqlnet.ora
    ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/)))
    SQLNET.AUTHENTICATION_SERVICES=none
    
    
    [oracle@localhost admin]$ pwd
    /u01/app/oracle/product/11.2.0/db_1/network/admin
    [oracle@localhost admin]$


    [oracle@localhost admin]$ rlwrap sqlplus / as sysdba;
    
    SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:01:36 2018
    
    Copyright (c) 1982, 2011, Oracle.  All rights reserved.
    
    ERROR:
    ORA-01031: insufficient privileges
    
    
    Enter user-name:
    ERROR:
    ORA-01017: invalid username/password; logon denied
    
    
    Enter user-name:
    ERROR:
    ORA-01017: invalid username/password; logon denied
    
    
    SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus
    [oracle@localhost admin]$ rlwrap sqlplus sys/oracle as sysdba;
    
    SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:02:40 2018
    
    Copyright (c) 1982, 2011, Oracle.  All rights reserved.
    
    
    Connected to:
    Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    
    SYS@orcl>


      

       3)当remote_login_passwordfile是 EXCLUSIVE

       sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=all
    
        sqlplus sys/oracle as sysdba  成功
       sqlplus / as sysdba           成功
       sqlplus sys/oracle@togogo as sysdba   不成功



       4)当remote_login_passwordfile是 none     没有sqlnet.ora文件


       

       sqlplus sys/oracle as sysdba  成功
       sqlplus / as sysdba           成功
       sqlplus sys/oracle@togogo as sysdba   不成功



      5)当remote_login_passwordfile是 none


       sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=none
    
       sqlplus sys/oracle as sysdba  不成功
       sqlplus / as sysdba           不成功
       sqlplus sys/oracle@togogo as sysdba   不成功


      


       6)当remote_login_passwordfile是 none

       sqlnet.ora文件参数     SQLNET.AUTHENTICATION_SERVICES=all
    
        sqlplus sys/oracle as sysdba  成功
       sqlplus / as sysdba           成功
       sqlplus sys/oracle@togogo as sysdba   不成功


    五、创建口令文件

     

     orapwd file=口令文件名称 password=用户密码


    Creating a Password File with ORAPWD

    The syntax of the ORAPWD command is as follows:

    ORAPWD FILE=filename [ENTRIES=numusers] [FORCE={Y|N}] [IGNORECASE={Y|N}]
    

    Command arguments are summarized in the following table.

    Argument Description
    FILE Name to assign to the password file. You must supply a complete path. If you supply only a file name, the file is written to the current directory.
    ENTRIES (Optional) Maximum number of entries (user accounts) to permit in the file.
    FORCE (Optional) If y, permits overwriting an existing password file.
    IGNORECASE (Optional) If y, passwords are treated as case-insensitive.

    There are no spaces permitted around the equal-to (=) character.

    The command prompts for the SYS password and stores the password in the created password file.

    Example

    The following command creates a password file named orapworcl that allows up to 30 privileged users with different passwords.

    orapwd FILE=orapworcl ENTRIES=30
    


    Sharing and Disabling the Password File

    You use the initialization parameter REMOTE_LOGIN_PASSWORDFILE to control whether a password file is shared among multiple Oracle Database instances. You can also use this parameter to disable password file authentication. The values recognized for REMOTE_LOGIN_PASSWORDFILE are:

    • NONE: Setting this parameter to NONE causes Oracle Database to behave as if the password file does not exist. That is, no privileged connections are allowed over nonsecure connections.

    • EXCLUSIVE: (The default) An EXCLUSIVE password file can be used with only one instance of one database. Only an EXCLUSIVE file can be modified. Using an EXCLUSIVE password file enables you to add, modify, and delete users. It also enables you to change the SYS password with the ALTER USER command.

    • SHARED: A SHARED password file can be used by multiple databases running on the same server, or multiple instances of an Oracle Real Application Clusters (Oracle RAC) database. A SHARED password file cannot be modified. Therefore, you cannot add users to a SHARED password file. Any attempt to do so or to change the password of SYS or other users with the SYSDBA or SYSOPER privileges generates an error. All users needing SYSDBA or SYSOPERsystem privileges must be added to the password file when REMOTE_LOGIN_PASSWORDFILE is set to EXCLUSIVE. After all users are added, you can changeREMOTE_LOGIN_PASSWORDFILE to SHARED, and then share the file.

      This option is useful if you are administering multiple databases or an Oracle RAC database.

    If REMOTE_LOGIN_PASSWORDFILE is set to EXCLUSIVE or SHARED and the password file is missing, this is equivalent to setting REMOTE_LOGIN_PASSWORDFILE to NONE.

    Note:

    You cannot change the password for SYS if REMOTE_LOGIN_PASSWORDFILE is set to SHARED. An error message is issued if you attempt to do so.

    Keeping Administrator Passwords Synchronized with the Data Dictionary

    If you change the REMOTE_LOGIN_PASSWORDFILE initialization parameter from NONE to EXCLUSIVE or SHARED, or if you re-create the password file with a different SYSpassword, then you must ensure that the passwords in the data dictionary and password file for the SYS user are the same.

    To synchronize the SYS passwords, use the ALTER USER statement to change the SYS password. The ALTER USER statement updates and synchronizes both the dictionary and password file passwords.

    To synchronize the passwords for non-SYS users who log in using the SYSDBA or SYSOPER privilege, you must revoke and then regrant the privilege to the user, as follows:

    1. Find all users who have been granted the SYSDBA privilege.

      SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSDBA='TRUE';
      
    2. Revoke and then re-grant the SYSDBA privilege to these users.

      REVOKE SYSDBA FROM non-SYS-user;
      GRANT SYSDBA TO non-SYS-user;
      
    3. Find all users who have been granted the SYSOPER privilege.

      SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSOPER='TRUE';
      
    4. Revoke and regrant the SYSOPER privilege to these users.

      REVOKE SYSOPER FROM non-SYS-user;
      GRANT SYSOPER TO non-SYS-user;


    Adding Users to a Password File

    When you grant SYSDBA or SYSOPER privileges to a user, that user's name and privilege information are added to the password file. If the server does not have an EXCLUSIVE password file (that is, if the initialization parameter REMOTE_LOGIN_PASSWORDFILE is NONE or SHARED, or the password file is missing), Oracle Database issues an error if you attempt to grant these privileges.

    A user's name remains in the password file only as long as that user has at least one of these two privileges. If you revoke both of these privileges, Oracle Database removes the user from the password file.

    Creating a Password File and Adding New Users to It

    Use the following procedure to create a password and add new users to it:

    1. Follow the instructions for creating a password file as explained in "Creating a Password File with ORAPWD".

    2. Set the REMOTE_LOGIN_PASSWORDFILE initialization parameter to EXCLUSIVE. (This is the default.)

      Note:

      REMOTE_LOGIN_PASSWORDFILE is a static initialization parameter and therefore cannot be changed without restarting the database.
    3. Connect with SYSDBA privileges as shown in the following example, and enter the SYS password when prompted:

      CONNECT SYS AS SYSDBA
      
    4. Start up the instance and create the database if necessary, or mount and open an existing database.

    5. Create users as necessary. Grant SYSDBA or SYSOPER privileges to yourself and other users as appropriate. See "Granting and Revoking SYSDBA and SYSOPER Privileges", later in this section.






    ——————————————————————————————————————————————————————————————————

  • 相关阅读:
    【.NET Core项目实战统一认证平台】第三章 网关篇数据库存储配置(1)
    【.NET Core项目实战统一认证平台】第六章 网关篇自定义客户端授权
    【.NET Core项目实战统一认证平台】第四章 网关篇数据库存储配置(2)
    软件工程实践2019第二次作业
    SDN上机第二次作业
    软件工程2019第三次作业
    起落落落落的前端程序员体验【软件工程第5次作业】
    SDN初体验(软件定义网络实验一)
    软件工程实践2019第一次作业
    原型设计展示【与莫多的初次合作】
  • 原文地址:https://www.cnblogs.com/ios9/p/9216983.html
Copyright © 2020-2023  润新知