The role of Password File in Oracle

zhaozj2021-02-12  215

Before the database is not started, the database built-in user is unable to verify the user name of the SysDBA / Sysoper user in the password file that cannot be verified by the database, allowing the user to verify the user through the password file, log in before the database does not start, start the database if there is no password Document, only by operating system authentication before the database is not started. Using RMAN, many times you need to process the database in Nomount, Mount and other status, so you usually ask SYSDBA privileges if it belongs to the local DBA group. If it is Remote Sysdba login and needs to be authenticated through PasswordFile.

1.Remote_login_passwordfile = None This time the password verification is now verified, the Oracle database does not allow remote SYSDBA / SYSOPER login to be able to start the database start and stop through the remote database: LOCAL:

[Oracle @ Jumper Oracle] $ SQLPLUS "/ as sysdba" SQL * Plus: Release 9.2.0.3.0 - Production On Thu Apr 15 09:58:45 2004 CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved. Connected to: Oracle9i Enterprise Edition Release 9.2.0.3.0 - Production With the Partitioning, OLAP and Oracle Data Mining options JServer Release 9.2.0.3.0 - Production SQL> alter user sys identified by oracle; User altered SQL> show parameter pass. Name Type Value --------------------------------- --------------- Remote_Login_PasswordFile String None

REMOTE:

E: / ORACLE / ORA92 / BIN> SQLPLUS / NOLOGSQL * PLUS: Release 9.2.0.4.0 - Production ON Thursday April 15 09:39:22 2004Copyright (C) 1982, 2002, Oracle Corporation. All Rights Reserved.sql> Connect Sys / Oracle @ hsjf as sysdbaerror: ORA-01017: Invalid UserName / Password; Logon Denied

It is actually not possible to verify password files.

2.Remote_login_passwordfile = Exclusive

SQL> alter system set remote_login_passwordfile = exclusive scope = spfile; System altered SQL> startup force;.. ORACLE instance started Total System Global Area 131142648 bytes Fixed Size 451576 bytes Variable Size 104857600 bytes Database Buffers 25165824 bytes Redo Buffers 667648 bytes Database mounted Database. Opened. SQL> Show Parameter Pass Name Type Value ------------------------------------ ---- ------------------------------------ Remote_login_passwordfile string exclusive SQL> ALTER USER SYS Identified by Oracle; User Altered.Remote:

E: / ORACLE / ORA92 / BIN> SQLPLUS / NOLOGSQL * PLUS: Release 9.2.0.4.0 - Production on Thursday April 15 09:47:11 2004CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.SQL> Connect Sys / Oracle @ HSJF AS SYSDBA is connected. SQL> show useruser is "SYS" SQL>

This is actually verified by password file verification.

3. Further Test If we delete the passwdfile, sysdba / sysoper will not be certified, and you cannot log in to the database.

Server:

SQL>! [Oracle @ Jumper Oracle] $ CD $ ORACLE_HOME / DBS [Oracle @ Jumper DBS] $ LS ORAPWHSJFORAPWHSJF [Oracle @ Jumper DBS] $ mv ORAPWHSJF ORAPWHSJF.BAK [Oracle @ Jumper DBS] $

REMOTE:

E: / ORACLE / ORA92 / BIN> SQLPLUS / NOLOGSQL * PLUS: Release 9.2.0.4.0 - Production on Thursday April 15 09:50:14 2004CopyRight (C) 1982, 2002, Oracle Corporation. All Rights Reserved.SQL> Connect Sys / Oracle @ hsjf as sysdbaerror: ORA-01031: Insufficient Privilegessql>

This is actually impossible to verify the identity through the password file.

4. If the passwdfile is lost, if you use passwdfile, it will not be able to start the database at this time.

SQL> startup force; ORACLE instance started.Total System Global Area 131142648 bytesFixed Size 451576 bytesVariable Size 104857600 bytesDatabase Buffers 25165824 bytesRedo Buffers 667648 bytesORA-01990: error opening password file '/opt/oracle/product/9.2.0/dbs/orapw' ORA-27037: Unable to Obtain File Statuslinux Error: 2: No Such File or DirectoryAdditional Information: 3 At this point, you can resolve the password file through an ORAPWD to resolve the password file.

SQL>! [Oracle @ Jumper Oracle] $ MV $ ORACLE_HOME / DBS / ORAPWHSJF.BAK ORAPWHSJF [Oracle @ Jumper Oracle] $ EXITEXITSQL> ALTER DATABASE OPEN; Database Altered.sql>

Roughly roughly.

5. Remote_login_passwordfile = shared

Let's take a look at the description of the Oracle9i document:

Shared

More Than One Database Can Use a password file. However, The only user recognized by the password file is sys.

It means that multiple databases can share a password file, but only one user: SYS

SQL> SELECT * FROM V $ PWFILE_USERS;

Username sysdb sysop --------------------------------- ----- Sys True True

SQL> Grant Sysdba to Eygle; Grant Sysdba to Eygle * Error At Line 1: ORA-01994: Grant FaNot Add Uses To Public Password File

SQL> Show Parameter Password

Name Type Value --------------------------------- ------------------------------ Remote_Login_PasswordFile String Shared

We see that users cannot add users in the password file.

Many people's questions are: The default name of the password file is ORAPW

How can I share?

In fact, this is what the Oracle database is first looking for ORAPW.

Password file, if the file does not exist, start looking, ORAPW password file

If the password file is named ORAPW, multiple databases can be shared.

Let's take a look at the test:

[Oracle @ Jumper DBS] $ SQLPLUS "/ as sysdba" SQL * Plus: Release 9.2.0.3.0 - Production On Tue Jul 6 09:40:34 2004 Copyright (C) 1982, 2002, Oracle Corporation. All Rights Reserved. Connected to:... Oracle9i Enterprise Edition Release 9.2.0.3.0 - Production With the Partitioning, OLAP and Oracle Data Mining options JServer Release 9.2.0.3.0 - Production SQL> shutdown immediate Database closed Database dismounted ORACLE instance shut down SQL> ! [oracle @ jumper dbs] $ ls hsjf initdw.ora inithsjf.ora init.ora lkHSJF orapwhsjf spfilehsjf.ora [oracle @ jumper dbs] $ mv orapwhsjf orapwhsjf.bak [oracle @ jumper dbs] $ exit exit SQL> startup ORACLE instance started Total System Global Area 235999908 bytes Fixed Size 451236 bytes Variable Size 201326592 bytes Database Buffers 33554432 bytes Redo Buffers 667648 bytes ORA-01990:. error opening password file '/opt/oracle/product/9.2.0/dbs/orapw'-- This is the final file ORA-27037: Unable to Obtain File Status Linux Error: 2: No Such File or Directory Additional Informatio N: 3 We created an ORAPW password file, which can open the database at this time.

SQL>! [ORACLE @ Jumper DBS] $ ls hsjf initdw.ora inithsjf.ora infl.ra lkhsjf orapwhsjf.bak spfilehsjf.ora [Oracle @ Jumper DBS] $ CP ORAPWHSJF.BAK ORAPW [Oracle @ Jumper DBS] $ EXIT EXIT SQL > ALTABASE Open; Database Altered. SQL> Show Parameter Passw Name Type Value ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ - - ---------------------------------------- Remote_login_passwordfile String Shared SQL>

Then you may have such questions, can multiple Exclusive databases can share a password file (ORAPW)?

We continue this experiment:

SQL> Show Parameter Password

Name Type Value --------------------------------- ------------------------------ Remote_Login_PasswordFile String Shared

[Oracle @ Jumper DBS] $ strings ORAPW] / [Zoracle Remote Password FileinternalAb27b53edc5fef418a8f025737a9097a Note that only Internal / Sys password

Remote_login_passwordfile = exclusive

SQL> ALTER System SET Remote_login_passwordfile = Exclusive Scope = SPFILE;

SYSTEM altered.

SQL> Startup force; Oracle Instance Started.

Total System Global Area 235999908 bytesFixed Size 451236 bytesVariable Size 201326592 bytesDatabase Buffers 33554432 bytesRedo Buffers 667648 bytesDatabase mounted.Database opened.SQL>! [Oracle @ jumper bin] $ cd $ ORACLE_HOME / dbs [oracle @ jumper dbs] $ strings orapw] / [ Zoracle Remote Password FileHsjfinternalAb27b53edc5fef418a8f025737a9097a [Oracle @ Jumper DBS] $ EXIXIT

Note that after the Exclusive mode is started, the instance information has been written to the entry order file, which cannot be shared at this time. Of course, if it is used by a single database, it is no problem.

SQL> SELECT * FROM V $ PWFILE_USERS;

Username sysdb sysop --------------------------------- ----- Sys True True

SQL> Grant sysdba to Eygle;

Grant succeeded.

SQL> SELECT * FROM V $ PWFILE_USERS;

Username sysdb sysop --------------------------------- ----- Sys Trueeygle True False

SQL>! [Oracle @ jumper bin] $ cd $ ORACLE_HOME / dbs [oracle @ jumper dbs] $ strings orapw] / [ZORACLE Remote Password fileHSJFINTERNALAB27B53EDC5FEF418A8F025737A9097A> EYGLEB726E09FE21F8E83

Note that the SYSDBA user can be added at this time, and this information can be written to the password file.

In fact, the password file is an SUDO role for other users.

6. Reconstruction Password Documents

If the password file is lost, you can use ORAPWD to rebuild password files, the syntax is as follows:

[Oracle @ Jumper Oracle] $ ORAPWDUSAGE: ORAPWD File =

PASSWORD =

entries =

.

转载请注明原文地址:https://www.9cbs.com/read-6988.html

New Post(0)