Before the database is not started, the database built-in user is unable to verify the identity through the database. The user name and password of the Sysdba / Sysoper user are stored in the password file, allowing the user to verify through the password file, and launch the database before the database is not started. If there is no password file, you can only pass the operating system before the database is not started. Using RMAN, you need to process the database in Nomount, Mount and other status, so you usually require SYSDBA privileges, you can authenticate through the local DBA group. If you are remote SYSDBA login, you need to pass PasswordFile authentication.
1.Remote_login_passwordfile = None This time the password verification is now verified, the Oracle database does not allow remote SYSDBA / SYSOPER login to be able to start the database start and stop through the remote database: LOCAL:
[Oracle @ Jumper Oracle] $ SQLPLUS "/ as sysdba"
SQL * Plus: Release 9.2.0.3.0 - Production on Thu Apr 15 09:58:45 2004
CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.3.3.0 - Production
With the partitioning, OLAP AND ORACLE DATA MINING OPTIONS
JServer Release 9.2.0.3.3.0 - PRODUCTION
SQL> ALTER User Sys Identified by Oracle;
User altered.
SQL> Show Parameter Pass
Name Type Value
-------------------------------------------------------------- ----------------
Remote_login_passwordfile string none
REMOTE:
E: / Oracle / ORA92 / BIN> SQLPlus / Nologsql * plus: release 9.2.0.4.0 -
Production on Thursday, April 15 09:39:22 2004CopyRight (C) 1982, 2002, Oracle
Corporation. All Rights Reserved.sql> Connect Sys / Oracle @ hsjf as
Sysdbaerror: ORA-01017: Invalid Username / Password; Logon Denied
It is actually not possible to verify password files.
2.Remote_login_passwordfile = Exclusive
SQL> ALTER System SET Remote_login_passwordfile = Exclusive Scope = SPFILE;
SYSTEM altered.
SQL> Startup force;
Oracle Instance Started.
Total System Global Area 131142648 Bytes
Fixed size 451576 bytes
Variable size 104857600 Bytes
Database buffers 25165824 BYTES
Redo buffers 667648 bytes
Database mounted.
Database opened.
SQL> Show Parameter Pass
Name Type Value --------------------------------- ------------------------------
Remote_login_passwordfile String Exclusive
SQL> ALTER User Sys Identified by Oracle;
User altered.
REMOTE:
E: / Oracle / ORA92 / BIN> SQLPlus / Nologsql * plus: release 9.2.0.4.0 -
Production on Thursday April 15 09:47:11 2004copyright (C) 1982, 2002, Oracle
Corporation. All Rights Reserved.sql> Connect Sys / Oracle @ hsjf as
SYSDBA is connected. SQL> show useruser is "SYS" SQL>
This is actually verified by password file verification.
3. Further Test If we delete the passwdfile, sysdba / sysoper will not be certified, and you cannot log in to the database.
Server:
SQL>! [Oracle @ Jumper Oracle] $ CD $ ORACLE_HOME / DBS [Oracle @ Jumper DBS] $ LS ORAPWHSJFORAPWHSJF [Oracle @ Jumper DBS] $ mv ORAPWHSJF ORAPWHSJF.BAK [Oracle @ Jumper DBS] $
REMOTE:
E: / ORACLE / ORA92 / BIN> SQLPLUS / NOLOGSQL * PLUS: Release 9.2.0.4.0 - Production on Thursday April 15 09:50:14 2004CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.SQL> Connect Sys / Oracle @ hsjf as sysdbaerror: ORA-01031: Insufficient Privilegessql>
This is actually impossible to verify the identity through the password file.
4. If the passwdfile is lost, if you use passwdfile, it will not be able to start the database at this time.
SQL> startup force; ORACLE instance started.Total System Global Area 131142648 bytesFixed Size 451576 bytesVariable Size 104857600 bytesDatabase Buffers 25165824 bytesRedo Buffers 667648 bytesORA-01990: error opening password file '/opt/oracle/product/9.2.0/dbs/orapw' ORA-27037: Unable to Obtain File Statuslinux Error: 2: No Such File or DirectoryAdditional Information: 3
At this point, you can reconstruct the password file through ORAPWD to resolve the restoration of the password file.
SQL>! [Oracle @ Jumper Oracle] $ MV $ ORACLE_HOME / DBS / ORAPWHSJF.BAK ORAPWHSJF [Oracle @ Jumper Oracle] $ EXITEXITSQL> ALTER DATABASE OPEN; Database Altered.sql>
Roughly roughly.
5. Remote_login_passwordfile = shared
Let's take a look at the explanation of the Oracle9i document: Shared
More Than One Database Can Use a password file. However, The only user recognized by the password file is sys.
It means that multiple databases can share a password file, but only one user: SYS
SQL> SELECT * FROM V $ PWFILE_USERS;
Username sysdb sysop --------------------------------- ----- Sys True True
SQL> Grant Sysdba to Eygle; Grant Sysdba to Eygle * Error At Line 1: ORA-01994: Grant FaNot Add Uses To Public Password File
SQL> Show Parameter Password
Name Type Value --------------------------------- ------------------------------ Remote_Login_PasswordFile String Shared
We see that users cannot add users in the password file.
Many people's questions are: the default name of the password file is ORAPW
In fact, the Oracle database is first looking for an ORAPW
Let's take a look at the test:
[Oracle @ Jumper DBS] $ SQLPLUS "/ as sysdba"
SQL * PLUS: Release 9.2.0.3.0 - Production on Tue Jul 6 09:40:34 2004
CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.3.3.0 - Production
With the partitioning, OLAP AND ORACLE DATA MINING OPTIONS
JServer Release 9.2.0.3.3.0 - PRODUCTION
SQL> Shutdown Immediate
Database closed.
Database dismount.
Oracle Instance Shut Down.
SQL>!
[Oracle @ Jumper DBS] $ LS
Hsjf initdw.ora inithsjf.orain init.ora lkhsjf ORAPWHSJF SPFILEHSJF.ORA
[Oracle @ Jumper DBS] $ mv ORAPWHSJF ORAPWHSJF.BAK
[Oracle @ Jumper DBS] $ EXIT
exit
SQL> Startup
Oracle Instance Started.
Total System Global Area 235999908 Bytes
Fixed size 451236 bytes
Variable size 201326592 bytes
Database buffers 33554432 bytes
Redo buffers 667648 bytes
ORA-01990: Error Opening password file '/opt/oracle/product/9.2.0/dbs/orapw' - this is the last lookup file ORA-27037: Unable to Obtain File Status
Linux Error: 2: No Such File or Directory
AdditionAl Information: 3
We created an ORAPW password file, which can open the database at this time.
SQL>!
[Oracle @ Jumper DBS] $ LS
Hsjf initdw.orainsjf.orain init.ra lkhsjf orapwhsjf.bak spfilehsjf.ora
[Oracle @ Jumper DBS] $ CP ORAPWHSJF.BAK ORAPW
[Oracle @ Jumper DBS] $ EXIT
exit
SQL> ALTABASE OPEN;
Database altered.
SQL> Show Parameter Passw
Name Type Value
----------------------------------- --- ---------------------------
Remote_login_passwordfile String Shared
SQL>
Then you may have such questions, can multiple Exclusive databases can share a password file (ORAPW)?
We continue this experiment:
SQL> Show Parameter Password
Name Type Value --------------------------------- ------------------------------ Remote_Login_PasswordFile String Shared
[Oracle @ Jumper DBS] $ STRINGS ORAPW] / [Zoracle Remote Password FileinternalAb27b53edc5FEF418A8F025737A9097A
Note that the password of INTERNAL / SS is recorded here.
Remote_login_passwordfile = exclusive
SQL> ALTER System SET Remote_login_passwordfile = Exclusive Scope = SPFILE;
SYSTEM altered.
SQL> Startup force; Oracle Instance Started.
Total System Global Area 235999908 bytesFixed Size 451236 bytesVariable Size 201326592 bytesDatabase Buffers 33554432 bytesRedo Buffers 667648 bytesDatabase mounted.Database opened.SQL>! [Oracle @ jumper bin] $ cd $ ORACLE_HOME / dbs [oracle @ jumper dbs] $ strings orapw] / [ Zoracle Remote Password FileHsjfinternalAb27b53edc5fef418a8f025737a9097a [Oracle @ Jumper DBS] $ EXIXIT
Note that the instance name information is written to the entry order file after the Exclusive mode is started.
At this time, if there are other instances to start using this password file, the instance name in the password file is also rewritten. That is, the database only reads the password file during the startup process, and the database is not locked during the running process. This file is similar to the Pfile / SPFile file.
SQL> SELECT * FROM V $ PWFILE_USERS;
Username sysdb sysop --------------------------------- ----- Sys True True
SQL> Grant sysdba to Eygle;
Grant succeeded.
SQL> SELECT * FROM V $ PWFILE_USERS;
Username sysdb sysop --------------------------------- ----- Sys Trueeygle True False
SQL>! [Oracle @ jumper bin] $ cd $ ORACLE_HOME / dbs [oracle @ jumper dbs] $ strings orapw] / [ZORACLE Remote Password fileHSJFINTERNALAB27B53EDC5FEF418A8F025737A9097A> EYGLEB726E09FE21F8E83
Note that the SYSDBA user can be added at this time, and this information can be written to the password file.
Once other SYSDBA users have been added to the password file, this file can no longer be shared by the other Exclusive instances.
In fact, the password file is an SUDO role for other users.
6. Reconstruction Password Documents
If the password file is lost, you can use ORAPWD to rebuild password files, the syntax is as follows:
[Oracle @ Jumper Oracle] $ ORAPWDUSAGE: ORAPWD File =
.