oracle: 浅谈sqlnet.ora文件的作用，及SQLNET.AUTHENTICATION_SERVICES设置

关于sqlnet.ora的说明：

*****************************************************FROM ORACLE11G DOCS*************************************

The sqlnet.ora file is the profile configuration file. It resides on the client machines and the database server. Profiles are stored and implemented using this file. The database server can be configured with access control parameters in the sqlnet.ora file. These parameters specify whether clients are allowed or denied access based on the protocol.

The sqlnet.ora file enables you to do the following:

• Specify the client domain to append to unqualified names

• Prioritize naming methods

• Enable logging and tracing features

• Route connections through specific processes

• Configure parameters for external naming

• Configure Oracle Advanced Security

• Use protocol-specific parameters to restrict access to the database

By default, the sqlnet.ora file is located in the ORACLE_HOME/network/admin directory. The sqlnet.ora file can also be stored in the directory specified by the TNS_ADMIN environment variable.

*****************************************************************************************************************************

从描述中看出，该文件是控制客户端访问数据库服务器的，可以设定多种参数进行访问控制。而在这里作为初学者接触到的最早参数是 sqlnet.authentication_services，说明如下：

************************************************FROM ORACLE11G DOCS******************************************************

SQLNET.AUTHENTICATION_SERVICES

Purpose

To enable one or more authentication services. If authentication has been installed, then it is recommended that this parameter be set to either none or to one of the authentication methods.

Default

None

Note:

When installing the database with Database Configuration Assistant (DBCA), this parameter may be set to nts in the sqlnet.ora file.

Values

• Authentication Methods Available with Oracle Net Services:

  • none for no authentication methods, including Microsoft Windows native operating system authentication. When SQLNET.AUTHENTICATION_SERVICES is set to none, a valid user name and password can be used to access the database.

  • all for all authentication methods.

  • nts for Microsoft Windows native operating system authentication.

• Authentication Methods Available with Oracle Advanced Security:

  • kerberos5 for Kerberos authentication.

  • radius for RADIUS authentication.

  • tcps for SSL authentication.

**********************************************************************************************************************************

从参数的说明可以了解到提供两种服务，net服务和高级安全服务。高级安全服务参数这里不讨论了，讨论一下 none all nts三个参数的作用。

设定sqlnet.authentication_services：

• none：作用是不允许通过os系统用户登录数据库，需要提供用户名及密码；
• all：作用是允许所有的登录方式；
• nts：作用是windows的本地操作系统用户认证；

注：需要说明的是据试验该用户名和密码是指具有sysdba权限的用户；在linux上若用系统用户oracle登录数据库需要设定为all或是注销该字段；

注：linux上默认是没有该文件的，可以手动创建，参考$ORACLE_HOME/network/admin/samples/sqlnet.ora内容，并将之设定在$ORACLE_HOME/network/admin/目录下。

[oracle@centos admin]$ pwd
/oracle/11g/network/admin
[oracle@centos admin]$ cat sqlnet.ora
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.

#SQLNET.AUTHENTICATION_SERVICES = (none)
[oracle@centos admin]$

我是从windows上copy过去的，对于linux来讲一般不指定该字段就能使oracle系统用户登录数据库了。