The role of Password File in Oracle

xiaoxiao2021-03-05  26

Before the database is not started, the database built-in user is unable to verify the identity through the database. The user name and password of the Sysdba / Sysoper user are stored in the password file, allowing the user to verify through the password file, and launch the database before the database is not started. If there is no password file, you can only pass the operating system before the database is not started. Using RMAN, you need to process the database in Nomount, Mount and other status, so you usually require SYSDBA privileges, you can authenticate through the local DBA group. If you are remote SYSDBA login, you need to pass PasswordFile authentication.

1.Remote_login_passwordfile = None This time the password verification is now verified, the Oracle database does not allow remote SYSDBA / SYSOPER login to be able to start the database start and stop through the remote database: LOCAL:

[Oracle @ Jumper Oracle] $ SQLPLUS "/ as sysdba"

SQL * Plus: Release 9.2.0.3.0 - Production on Thu Apr 15 09:58:45 2004

CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.

Connected to:

Oracle9i Enterprise Edition Release 9.2.0.3.3.0 - Production

With the partitioning, OLAP AND ORACLE DATA MINING OPTIONS

JServer Release 9.2.0.3.3.0 - PRODUCTION

SQL> ALTER User Sys Identified by Oracle;

User altered.

SQL> Show Parameter Pass

Name Type Value

-------------------------------------------------------------- ----------------

Remote_login_passwordfile string none

REMOTE:

E: / Oracle / ORA92 / BIN> SQLPlus / Nologsql * plus: release 9.2.0.4.0 -

Production on Thursday, April 15 09:39:22 2004CopyRight (C) 1982, 2002, Oracle

Corporation. All Rights Reserved.sql> Connect Sys / Oracle @ hsjf as

Sysdbaerror: ORA-01017: Invalid Username / Password; Logon Denied

It is actually not possible to verify password files.

2.Remote_login_passwordfile = Exclusive

SQL> ALTER System SET Remote_login_passwordfile = Exclusive Scope = SPFILE;

SYSTEM altered.

SQL> Startup force;

Oracle Instance Started.

Total System Global Area 131142648 Bytes

Fixed size 451576 bytes

Variable size 104857600 Bytes

Database buffers 25165824 BYTES

Redo buffers 667648 bytes

Database mounted.

Database opened.

SQL> Show Parameter Pass

Name Type Value --------------------------------- ------------------------------

Remote_login_passwordfile String Exclusive

SQL> ALTER User Sys Identified by Oracle;

User altered.

REMOTE:

E: / Oracle / ORA92 / BIN> SQLPlus / Nologsql * plus: release 9.2.0.4.0 -

Production on Thursday April 15 09:47:11 2004copyright (C) 1982, 2002, Oracle

Corporation. All Rights Reserved.sql> Connect Sys / Oracle @ hsjf as

SYSDBA is connected. SQL> show useruser is "SYS" SQL>

This is actually verified by password file verification.

3. Further Test If we delete the passwdfile, sysdba / sysoper will not be certified, and you cannot log in to the database.

Server:

SQL>! [Oracle @ Jumper Oracle] $ CD $ ORACLE_HOME / DBS [Oracle @ Jumper DBS] $ LS ORAPWHSJFORAPWHSJF [Oracle @ Jumper DBS] $ mv ORAPWHSJF ORAPWHSJF.BAK [Oracle @ Jumper DBS] $

REMOTE:

E: / ORACLE / ORA92 / BIN> SQLPLUS / NOLOGSQL * PLUS: Release 9.2.0.4.0 - Production on Thursday April 15 09:50:14 2004CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.SQL> Connect Sys / Oracle @ hsjf as sysdbaerror: ORA-01031: Insufficient Privilegessql>

This is actually impossible to verify the identity through the password file.

4. If the passwdfile is lost, if you use passwdfile, it will not be able to start the database at this time.

SQL> startup force; ORACLE instance started.Total System Global Area 131142648 bytesFixed Size 451576 bytesVariable Size 104857600 bytesDatabase Buffers 25165824 bytesRedo Buffers 667648 bytesORA-01990: error opening password file '/opt/oracle/product/9.2.0/dbs/orapw' ORA-27037: Unable to Obtain File Statuslinux Error: 2: No Such File or DirectoryAdditional Information: 3

At this point, you can reconstruct the password file through ORAPWD to resolve the restoration of the password file.

SQL>! [Oracle @ Jumper Oracle] $ MV $ ORACLE_HOME / DBS / ORAPWHSJF.BAK ORAPWHSJF [Oracle @ Jumper Oracle] $ EXITEXITSQL> ALTER DATABASE OPEN; Database Altered.sql>

Roughly roughly.

5. Remote_login_passwordfile = shared

Let's take a look at the explanation of the Oracle9i document: Shared

More Than One Database Can Use a password file. However, The only user recognized by the password file is sys.

It means that multiple databases can share a password file, but only one user: SYS

SQL> SELECT * FROM V $ PWFILE_USERS;

Username sysdb sysop --------------------------------- ----- Sys True True

SQL> Grant Sysdba to Eygle; Grant Sysdba to Eygle * Error At Line 1: ORA-01994: Grant FaNot Add Uses To Public Password File

SQL> Show Parameter Password

Name Type Value --------------------------------- ------------------------------ Remote_Login_PasswordFile String Shared

We see that users cannot add users in the password file.

Many people's questions are: the default name of the password file is ORAPW how can you share?

In fact, the Oracle database is first looking for an ORAPW password file. If the file does not exist, then start looking, or the password file of ORAPW is named ORAPW, multiple databases can be shared.

Let's take a look at the test:

[Oracle @ Jumper DBS] $ SQLPLUS "/ as sysdba"

SQL * PLUS: Release 9.2.0.3.0 - Production on Tue Jul 6 09:40:34 2004

CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.

Connected to:

Oracle9i Enterprise Edition Release 9.2.0.3.3.0 - Production

With the partitioning, OLAP AND ORACLE DATA MINING OPTIONS

JServer Release 9.2.0.3.3.0 - PRODUCTION

SQL> Shutdown Immediate

Database closed.

Database dismount.

Oracle Instance Shut Down.

SQL>!

[Oracle @ Jumper DBS] $ LS

Hsjf initdw.ora inithsjf.orain init.ora lkhsjf ORAPWHSJF SPFILEHSJF.ORA

[Oracle @ Jumper DBS] $ mv ORAPWHSJF ORAPWHSJF.BAK

[Oracle @ Jumper DBS] $ EXIT

exit

SQL> Startup

Oracle Instance Started.

Total System Global Area 235999908 Bytes

Fixed size 451236 bytes

Variable size 201326592 bytes

Database buffers 33554432 bytes

Redo buffers 667648 bytes

ORA-01990: Error Opening password file '/opt/oracle/product/9.2.0/dbs/orapw' - this is the last lookup file ORA-27037: Unable to Obtain File Status

Linux Error: 2: No Such File or Directory

AdditionAl Information: 3

We created an ORAPW password file, which can open the database at this time.

SQL>!

[Oracle @ Jumper DBS] $ LS

Hsjf initdw.orainsjf.orain init.ra lkhsjf orapwhsjf.bak spfilehsjf.ora

[Oracle @ Jumper DBS] $ CP ORAPWHSJF.BAK ORAPW

[Oracle @ Jumper DBS] $ EXIT

exit

SQL> ALTABASE OPEN;

Database altered.

SQL> Show Parameter Passw

Name Type Value

----------------------------------- --- ---------------------------

Remote_login_passwordfile String Shared

SQL>

Then you may have such questions, can multiple Exclusive databases can share a password file (ORAPW)?

We continue this experiment:

SQL> Show Parameter Password

Name Type Value --------------------------------- ------------------------------ Remote_Login_PasswordFile String Shared

[Oracle @ Jumper DBS] $ STRINGS ORAPW] / [Zoracle Remote Password FileinternalAb27b53edc5FEF418A8F025737A9097A

Note that the password of INTERNAL / SS is recorded here.

Remote_login_passwordfile = exclusive

SQL> ALTER System SET Remote_login_passwordfile = Exclusive Scope = SPFILE;

SYSTEM altered.

SQL> Startup force; Oracle Instance Started.

Total System Global Area 235999908 bytesFixed Size 451236 bytesVariable Size 201326592 bytesDatabase Buffers 33554432 bytesRedo Buffers 667648 bytesDatabase mounted.Database opened.SQL>! [Oracle @ jumper bin] $ cd $ ORACLE_HOME / dbs [oracle @ jumper dbs] $ strings orapw] / [ Zoracle Remote Password FileHsjfinternalAb27b53edc5fef418a8f025737a9097a [Oracle @ Jumper DBS] $ EXIXIT

Note that the instance name information is written to the entry order file after the Exclusive mode is started.

At this time, if there are other instances to start using this password file, the instance name in the password file is also rewritten. That is, the database only reads the password file during the startup process, and the database is not locked during the running process. This file is similar to the Pfile / SPFile file.

SQL> SELECT * FROM V $ PWFILE_USERS;

Username sysdb sysop --------------------------------- ----- Sys True True

SQL> Grant sysdba to Eygle;

Grant succeeded.

SQL> SELECT * FROM V $ PWFILE_USERS;

Username sysdb sysop --------------------------------- ----- Sys Trueeygle True False

SQL>! [Oracle @ jumper bin] $ cd $ ORACLE_HOME / dbs [oracle @ jumper dbs] $ strings orapw] / [ZORACLE Remote Password fileHSJFINTERNALAB27B53EDC5FEF418A8F025737A9097A> EYGLEB726E09FE21F8E83

Note that the SYSDBA user can be added at this time, and this information can be written to the password file.

Once other SYSDBA users have been added to the password file, this file can no longer be shared by the other Exclusive instances.

In fact, the password file is an SUDO role for other users.

6. Reconstruction Password Documents

If the password file is lost, you can use ORAPWD to rebuild password files, the syntax is as follows:

[Oracle @ Jumper Oracle] $ ORAPWDUSAGE: ORAPWD File = password = Entries =

.

转载请注明原文地址:https://www.9cbs.com/read-34667.html

New Post(0)