Before the database is not started, the database built-in user is unable to verify the identity through the database.
The user name and password of the Sysdba / Sysoper user are stored in the password file, allowing the user to verify through the password file, and launch the database before the database is not started.
If there is no password file, you can only authenticate by operating system before the database is not started.
Using RMAN, you need to process the database in Nomount, Mount and other status, so you usually require SYSDBA privileges if you belong to a local DBA group, you can log in to log in to the remote SYSDBA. You need to pass PasswordFile.
1.Remote_login_passwordfile = none
At this time, the password verification is deactivated, and the Oracle database does not allow remote SYSDBA / SYSOPER login to be able to operate the database from remote and stop.
Local:
[Oracle @ Jumper Oracle] $ SQLPLUS "/ as sysdba"
SQL * Plus: Release 9.2.0.3.0 - Production on Thu Apr 15 09:58:45 2004
CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.
Connected to: Oracle9i Enterprise Edition Release 9.2.0.3.0 - Productionwith The Partitioning, OLAP AND ORACLE DATA MINING OPTIONSJSERVER Release 9.2.0.3.0 - Production
SQL> ALTER User Sys Identified by Oracle;
User altered.
SQL> Show Parameter Pass
Name Type Value --------------------------------- --------------- Remote_Login_PasswordFile String None
REMOTE:
E: / ORACLE / ORA92 / BIN> SQLPLUS / NOLOGSQL * PLUS: Release 9.2.0.4.0 - Production ON Thursday April 15 09:39:22 2004Copyright (C) 1982, 2002, Oracle Corporation. All Rights Reserved.sql> Connect Sys / Oracle @ hsjf as sysdbaerror: ORA-01017: Invalid UserName / Password; Logon Denied
It is actually not possible to verify password files.
2.Remote_login_passwordfile = Exclusive
SQL> ALTER System SET Remote_login_passwordfile = Exclusive Scope = SPFILE;
SYSTEM altered.
SQL> Startup force; Oracle Instance Started.
Total System Global Area 131142648 bytesFixed Size 451576 bytesVariable Size 104857600 bytesDatabase Buffers 25165824 bytesRedo Buffers 667648 bytesDatabase mounted.Database opened.SQL> show parameter pass
Name Type Value --------------------------------- ---------------------------- Remote_login_passwordfile string exclusiveSQL> ALTER USER SYS Identified by Oracle; User Altered.
REMOTE:
E: / ORACLE / ORA92 / BIN> SQLPLUS / NOLOGSQL * PLUS: Release 9.2.0.4.0 - Production on Thursday April 15 09:47:11 2004CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.SQL> Connect Sys / Oracle @ HSJF AS SYSDBA is connected. SQL> show useruser is "SYS" SQL>
This is actually verified by password file verification.
3. Further test
If we delete the passwdfile, Sysdba / Sysoper will not be able to log in to the database.
Server:
SQL>! [Oracle @ Jumper Oracle] $ CD $ ORACLE_HOME / DBS [Oracle @ Jumper DBS] $ LS ORAPWHSJFORAPWHSJF [Oracle @ Jumper DBS] $ mv ORAPWHSJF ORAPWHSJF.BAK [Oracle @ Jumper DBS] $
REMOTE:
E: / Oracle / ORA92 / BIN> SQLPLUS / NOLOG
SQL * Plus: Release 9.2.0.4.0 - Production on Thursday April 15 09:50:14 2004
CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.
SQL> Connect Sys / Oracle @ hsjf as sysdbaerror: ORA-01031: Insufficient Privileges
SQL>
This is actually impossible to verify the identity through the password file.
4. If you lose Passwdfile
If you use passwdfile, you will not be able to start the database at this time.
SQL> Startup force; Oracle Instance Started.
Total System Global Area 131142648 bytesFixed Size 451576 bytesVariable Size 104857600 bytesDatabase Buffers 25165824 bytesRedo Buffers 667648 bytesORA-01990: error opening password file '/opt/oracle/product/9.2.0/dbs/orapw'ORA-27037: unable to obtain file statusLinux Error: 2: No Such File OR DirectoryAdditional Information: 3
At this point, you can reconstruct the password file through ORAPWD to resolve the restoration of the password file.
SQL>! [Oracle @ Jumper Oracle] $ MV $ ORACLE_HOME / DBS / ORAPWHSJF.BAK ORAPWHSJF [Oracle @ Jumper Oracle] $ EXIXITEXIT
SQL> ALTABASE OPEN;
Database altered.
SQL>
Roughly roughly.
5. Remote_login_passwordfile = shared
Let's take a look at the description of the Oracle9i document:
Shared
More Than One Database Can Use a password file. However, The only user recognized by the password file is sys.
It means that multiple databases can share a password file, but only one user: SYS
SQL> SELECT * FROM V $ PWFILE_USERS;
Username sysdb sysop --------------------------------- ----- Sys True True
SQL> Grant Sysdba to Eygle; Grant Sysdba to Eygle * Error At Line 1: ORA-01994: Grant FaNot Add Uses To Public Password File
SQL> Show Parameter Password
Name Type Value --------------------------------- ------------------------------ Remote_Login_PasswordFile String Shared
We see that users cannot add users in the password file.
Many people's questions are: the default name of the password file is ORAPW
In fact, the Oracle database is first looking for an ORAPW
Let's take a look at the test:
[Oracle @ Jumper DBS] $ SQLPLUS "/ as sysdba"
SQL * PLUS: Release 9.2.0.3.0 - Production on Tue Jul 6 09:40:34 2004
CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.
Connected to: Oracle9i Enterprise Edition Release 9.2.0.3.0 - Productionwith The Partitioning, OLAP AND ORACLE DATA MINING OPTIONSJSERVER Release 9.2.0.3.0 - Production
SQL> shutdown immediateDatabase closed.Database dismounted.ORACLE instance shut down.SQL>! [Oracle @ jumper dbs] $ lshsjf initdw.ora inithsjf.ora init.ora lkHSJF orapwhsjf spfilehsjf.ora [oracle @ jumper dbs] $ mv orapwhsjf orapwhsjf. Bak [Oracle @ Jumper DBS] $ EXIXIXIT
SQL> StartupoPoracle Instance Started.
Total System Global Area 235999908 bytesFixed Size 451236 bytesVariable Size 201326592 bytesDatabase Buffers 33554432 bytesRedo Buffers 667648 bytesORA-01990: error opening password file '/opt/oracle/product/9.2.0/dbs/orapw'-- This is the final look of the document ORA -27037: Unable to Obtain File Statuslinux Error: 2: No Such File or DirectoryAdditional Information: 3 We create an ORAPW password file, you can open the database at this time.
SQL>! [ORACLE @ Jumper DBS] $ lshsjf initdw.orainsjf.ora infl.ra lkhsjf orapwhsjf.bak spfilehsjf.ora [Oracle @ Jumper DBS] $ CP ORAPWHSJF.BAK ORAPW [Oracle @ Jumper DBS] $ EXIXIT
SQL> ALTABASE OPEN;
Database altered.
SQL> Show Parameter Passw
Name Type Value --------------------------------- ------------------------------ Remote_Login_PasswordFile String Sharedsql>
Then you may have such questions, can multiple Exclusive databases can share a password file (ORAPW)?
We continue this experiment:
SQL> Show Parameter PasswordName Type Value ----------------------------------------------------------- ---- ---------------------------- Remote_Login_PasswordFile String Shared
[Oracle @ Jumper DBS] $ STRINGS ORAPW] / [Zoracle Remote Password FileinternalAb27b53edc5FEF418A8F025737A9097A
Note that the password of INTERNAL / SS is recorded here.
Remote_login_passwordfile = exclusive
SQL> ALTER System SET Remote_login_passwordfile = Exclusive Scope = SPFILE; System Altered.
SQL> Startup force; Oracle Instance Started.
Total system global area 235999908 bytesfixed size 451236 bytesvariable size 201326592 bytesdatabase buffers 33554432 BYTESREDO BUFFERS 667648 BYTESDATABASE MOUNTED.DATABASE OPENED.SQL>!
[Oracle @ jumper bin] $ cd $ ORACLE_HOME / dbs [oracle @ jumper dbs] $ strings orapw] / [ZORACLE Remote Password fileHSJFINTERNALAB27B53EDC5FEF418A8F025737A9097A [oracle @ jumper dbs] $ exitexit note here, after starting in EXCLUSIVE mode, the instance name information is written Entrance order file.
At this time, if any other instance is started in Exclusive mode, you can still use this password file, the instance name in the password file is also overwritten.
That is, the database only reads the password file during the startup process, and the file is not locked during the running process, similar to the PFile / SPFile file.
SQL> Select * from v $ pwfile_users; username sysdb sysop --------------------------------- --Sys True True
SQL> Grant sysdba to Eygle;
Grant succeeded.
SQL> SELECT * FROM V $ PWFILE_USERS;
Username sysdb sysop --------------------------------- ----- Sys Trueeygle True False
SQL>! [Oracle @ jumper bin] $ cd $ ORACLE_HOME / dbs [oracle @ jumper dbs] $ strings orapw] / [ZORACLE Remote Password fileHSJFINTERNALAB27B53EDC5FEF418A8F025737A9097A> EYGLEB726E09FE21F8E83
Note that the SYSDBA user can be added at this time, and this information can be written to the password file.
Once other SYSDBA users have been added to the password file, this file can no longer be shared by the other Exclusive instances.
In fact, the password file is an SUDO role for other users.
6. Reconstruction Password Documents
If the password file is lost, you can use ORAPWD to rebuild password files, the syntax is as follows:
[Oracle @ jumper oracle] $ orapwdUsage: orapwd file =
