Oracle 口令文件:即 oracle密码文件
一:文件路径位置
[oracle@localhost db_1]$ cd $ORACLE_HOME/dbs [oracle@localhost dbs]$ ls dbsorapwPROD1 hc_orcl.dat initneworcl.ora initorcl.ora lkNEWORCL lkPROD1 orapwneworcl spfileorcl.ora tem.dbf hc_neworcl.dat hc_PROD1.dat init.ora initPROD1.ora lkORCL my.dbf orapworcl spfilePROD1.ora [oracle@localhost dbs]$ pwd /u01/app/oracle/product/11.2.0/db_1/dbs [oracle@localhost dbs]$
二、口令文件的命名规则
orapw+sid 如: orapworcl
三、口令文件存放的是sys
主要是存放管理用户的密码信息的
SYS@orcl> select * from v$pwfile_users; USERNAME SYSDB SYSOP SYSAS ------------------------------ ----- ----- ----- SYS TRUE TRUE FALSE SYS@orcl>
四:实验操作
注: remote_login_passwordfile 是静态参数。修改了该值之后,数据库需要重启。
1)当remote_login_passwordfile 是 EXCLUSIVE
没有sqlnet.ora文件 sqlplus sys/oracle as sysdba sqlplus / as sysdba sqlplus sys/oracle@togogo as sysdba 以上均成功
2)当remote_login_passwordfile是 EXCLUSIVE
sqlnet.ora文件参数 SQLNET.AUTHENTICATION_SERVICES=none sqlplus sys/oracle as sysdba 成功 sqlplus / as sysdba 不成功 sqlplus sys/oracle@togogo as sysdba 成功[oracle@localhost dbs]$ clear [oracle@localhost dbs]$ ls dbsorapwPROD1 hc_orcl.dat initneworcl.ora initorcl.ora lkNEWORCL lkPROD1 orapwneworcl spfileorcl.ora tem.dbf hc_neworcl.dat hc_PROD1.dat init.ora initPROD1.ora lkORCL my.dbf orapworcl spfilePROD1.ora [oracle@localhost dbs]$ cd ../network/ [oracle@localhost network]$ ls admin doc install jlib lib log mesg tools trace [oracle@localhost network]$ ca admin/ -bash: ca: command not found [oracle@localhost network]$ ls admin doc install jlib lib log mesg tools trace [oracle@localhost network]$ cd admin/ [oracle@localhost admin]$ ls listener.ora samples shrept.lst sqlnet.ora tnsnames.ora [oracle@localhost admin]$ cat sqlnet.ora ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/))) [oracle@localhost admin]$ vi sqlnet.ora ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/))) SQLNET.AUTHENTICATION_SERVICES=none ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "sqlnet.ora" 4L, 152C written [oracle@localhost admin]$ cat sqlnet.ora ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/))) SQLNET.AUTHENTICATION_SERVICES=none [oracle@localhost admin]$ pwd /u01/app/oracle/product/11.2.0/db_1/network/admin [oracle@localhost admin]$
[oracle@localhost admin]$ rlwrap sqlplus / as sysdba; SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:01:36 2018 Copyright (c) 1982, 2011, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: ERROR: ORA-01017: invalid username/password; logon denied Enter user-name: ERROR: ORA-01017: invalid username/password; logon denied SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus [oracle@localhost admin]$ rlwrap sqlplus sys/oracle as sysdba; SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:02:40 2018 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SYS@orcl>
3)当remote_login_passwordfile是 EXCLUSIVE
4)当remote_login_passwordfile是 none 没有sqlnet.ora文件
5)当remote_login_passwordfile是 none
sqlnet.ora文件参数 SQLNET.AUTHENTICATION_SERVICES=none sqlplus sys/oracle as sysdba 不成功 sqlplus / as sysdba 不成功 sqlplus sys/oracle@togogo as sysdba 不成功
6)当remote_login_passwordfile是 none
五、创建口令文件
orapwd file=口令文件名称 password=用户密码
Creating a Password File with ORAPWD
The syntax of the
ORAPWD
command is as follows:ORAPWD FILE=filename [ENTRIES=numusers] [FORCE={Y|N}] [IGNORECASE={Y|N}]Command arguments are summarized in the following table.
Argument Description FILE
Name to assign to the password file. You must supply a complete path. If you supply only a file name, the file is written to the current directory. ENTRIES
(Optional) Maximum number of entries (user accounts) to permit in the file. FORCE
(Optional) If y
, permits overwriting an existing password file.IGNORECASE
(Optional) If y
, passwords are treated as case-insensitive.There are no spaces permitted around the equal-to (=) character.
The command prompts for the
SYS
password and stores the password in the created password file.The following command creates a password file named
orapworcl
that allows up to 30 privileged users with different passwords.orapwd FILE=orapworcl ENTRIES=30
Sharing and Disabling the Password File
You use the initialization parameter
REMOTE_LOGIN_PASSWORDFILE
to control whether a password file is shared among multiple Oracle Database instances. You can also use this parameter to disable password file authentication. The values recognized forREMOTE_LOGIN_PASSWORDFILE
are:
NONE
: Setting this parameter toNONE
causes Oracle Database to behave as if the password file does not exist. That is, no privileged connections are allowed over nonsecure connections.
EXCLUSIVE
: (The default) AnEXCLUSIVE
password file can be used with only one instance of one database. Only anEXCLUSIVE
file can be modified. Using anEXCLUSIVE
password file enables you to add, modify, and delete users. It also enables you to change theSYS
password with theALTER USER
command.
SHARED
: ASHARED
password file can be used by multiple databases running on the same server, or multiple instances of an Oracle Real Application Clusters (Oracle RAC) database. ASHARED
password file cannot be modified. Therefore, you cannot add users to aSHARED
password file. Any attempt to do so or to change the password ofSYS
or other users with theSYSDBA
orSYSOPER
privileges generates an error. All users needingSYSDBA
orSYSOPER
system privileges must be added to the password file whenREMOTE_LOGIN_PASSWORDFILE
is set toEXCLUSIVE
. After all users are added, you can changeREMOTE_LOGIN_PASSWORDFILE
toSHARED
, and then share the file.This option is useful if you are administering multiple databases or an Oracle RAC database.
If
REMOTE_LOGIN_PASSWORDFILE
is set toEXCLUSIVE
orSHARED
and the password file is missing, this is equivalent to settingREMOTE_LOGIN_PASSWORDFILE
toNONE
.Note:
You cannot change the password forSYS
ifREMOTE_LOGIN_PASSWORDFILE
is set toSHARED
. An error message is issued if you attempt to do so.Keeping Administrator Passwords Synchronized with the Data Dictionary
If you change the
REMOTE_LOGIN_PASSWORDFILE
initialization parameter fromNONE
toEXCLUSIVE
orSHARED
, or if you re-create the password file with a differentSYS
password, then you must ensure that the passwords in the data dictionary and password file for theSYS
user are the same.To synchronize the
SYS
passwords, use theALTER USER
statement to change theSYS
password. TheALTER USER
statement updates and synchronizes both the dictionary and password file passwords.To synchronize the passwords for non-
SYS
users who log in using theSYSDBA
orSYSOPER
privilege, you must revoke and then regrant the privilege to the user, as follows:
Find all users who have been granted the
SYSDBA
privilege.SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSDBA='TRUE';Revoke and then re-grant the
SYSDBA
privilege to these users.REVOKE SYSDBA FROM non-SYS-user; GRANT SYSDBA TO non-SYS-user;Find all users who have been granted the
SYSOPER
privilege.SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != 'SYS' AND SYSOPER='TRUE';Revoke and regrant the
SYSOPER
privilege to these users.REVOKE SYSOPER FROM non-SYS-user; GRANT SYSOPER TO non-SYS-user;
Adding Users to a Password File
When you grant
SYSDBA
orSYSOPER
privileges to a user, that user's name and privilege information are added to the password file. If the server does not have anEXCLUSIVE
password file (that is, if the initialization parameterREMOTE_LOGIN_PASSWORDFILE
isNONE
orSHARED
, or the password file is missing), Oracle Database issues an error if you attempt to grant these privileges.A user's name remains in the password file only as long as that user has at least one of these two privileges. If you revoke both of these privileges, Oracle Database removes the user from the password file.
Creating a Password File and Adding New Users to It
Use the following procedure to create a password and add new users to it:
Follow the instructions for creating a password file as explained in "Creating a Password File with ORAPWD".
Set the
REMOTE_LOGIN_PASSWORDFILE
initialization parameter toEXCLUSIVE
. (This is the default.)Note:
REMOTE_LOGIN_PASSWORDFILE
is a static initialization parameter and therefore cannot be changed without restarting the database.Connect with
SYSDBA
privileges as shown in the following example, and enter theSYS
password when prompted:CONNECT SYS AS SYSDBAStart up the instance and create the database if necessary, or mount and open an existing database.
Create users as necessary. Grant
SYSDBA
orSYSOPER
privileges to yourself and other users as appropriate. See "Granting and Revoking SYSDBA and SYSOPER Privileges", later in this section.
——————————————————————————————————————————————————————————————————
学问:纸上得来终觉浅,绝知此事要躬行
为事:工欲善其事,必先利其器。
态度:道阻且长,行则将至;行而不辍,未来可期
.....................................................................
------- 桃之夭夭,灼灼其华。之子于归,宜其室家。 ---------------
------- 桃之夭夭,有蕡其实。之子于归,宜其家室。 ---------------
------- 桃之夭夭,其叶蓁蓁。之子于归,宜其家人。 ---------------
=====================================================================
* 博客文章部分截图及内容来自于学习的书本及相应培训课程以及网络其他博客,仅做学习讨论之用,不做商业用途。
* 如有侵权,马上联系我,我立马删除对应链接。 * @author Alan -liu * @Email no008@foxmail.com
转载请标注出处! ✧*꧁一品堂.技术学习笔记꧂*✧. ---> https://www.cnblogs.com/ios9/