【2017/4/14】oracle10g的密码文件管理

oracle10g的密码文件管理

参考：http://www.cnblogs.com/moonfans/p/3852015.html

 查看监听是否正常

[oracle@mygod1 ~]$ lsnrctl status   

Listener Parameter File   /software/app/oracle/product/10.2.0/db_1/network/admin/listener.ora
Listener Log File         /software/app/oracle/product/10.2.0/db_1/network/log/listener.log
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=mygod1)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC0)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
Service "orcl_XPT" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
The command completed successfully

[oracle@mygod1 ~]$ 

sys用户在连接数据库时必须以sysdba or sysoper方式，sys用户要想连接数据库必须使用口令文件

SQL> select * from v$pwfile_users;


USERNAME       SYSDB SYSOP
------------------------------ ----- -----
SYS       TRUE  TRUE


SQL> 

由于目前存在口令文件，所以我可以远程登录成功

[oracle@mygod1 ~]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID
/software/app/oracle/product/10.2.0/db_1/dbs/orapworcl

[oracle@mygod1 ~]$ sqlplus sys/redhat$orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Apr 11 23:51:20 2017
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options


SQL> 

口令文件丢失可以自己生成

[oracle@mygod1 ~]$ orapwd file=$ORACLE_HOME/dbs/orapw$ORACLE_SID password=redhat force=y
[oracle@mygod1 ~]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID
/software/app/oracle/product/10.2.0/db_1/dbs/orapworcl
[oracle@mygod1 ~]$ 

禁止远程登录remote_login_passwordfile=NONE

SQL> show parameter remote;


NAME     TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_archive_enable     stringtrue
remote_dependencies_mode     stringTIMESTAMP
remote_listener     string
remote_login_passwordfile     stringEXCLUSIVE
remote_os_authent     booleanFALSE
remote_os_roles     booleanFALSE
SQL> 

SQL> alter system set remote_login_passwordfile=NONE scope=spfile;


System altered.


SQL> shutdown immediate
ORA-01109: database not open




Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.


Total System Global Area  595591168 bytes
Fixed Size    2022600 bytes
Variable Size  176161592 bytes
Database Buffers  415236096 bytes
Redo Buffers    2170880 bytes
Database mounted.
Database opened.
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba


SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:21:19 2017


Copyright (c) 1982, 2005, Oracle.  All rights reserved.


ERROR:
ORA-01017: invalid username/password; logon denied         此时远程登录失败。




Enter user-name: 

允许远程登录但是不可以修改sys用户密码 remote_login_passwordfile=shared 

[oracle@mygod1 ~]$ sqlplus / as sysdba

SQL>  alter system set remote_login_passwordfile=shared scope=spfile;


System altered.


SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.


Total System Global Area  595591168 bytes
Fixed Size    2022600 bytes
Variable Size  180355896 bytes
Database Buffers  411041792 bytes
Redo Buffers    2170880 bytes
Database mounted.
Database opened.
SQL> 

[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba


SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:26:39 2017


Copyright (c) 1982, 2005, Oracle.  All rights reserved.




Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options



SQL> alter user sys identified by tiger;
alter user sys identified by tiger
*
ERROR at line 1:
ORA-28046: Password change for SYS disallowed




SQL> 

允许远程登录并可以修改sys用户密码 remote_login_passwordfile=exclusive 

[oracle@mygod1 ~]$ sqlplus / as sysdba

SQL> alter system set remote_login_passwordfile=exclusive scope=spfile;


System altered.


SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.


Total System Global Area  595591168 bytes
Fixed Size    2022600 bytes
Variable Size  184550200 bytes
Database Buffers  406847488 bytes
Redo Buffers    2170880 bytes
Database mounted.
Database opened.
SQL> 

[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba


SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:32:22 2017


Copyright (c) 1982, 2005, Oracle.  All rights reserved.




Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options


SQL> alter user sys identified by tiger;


User altered.


SQL> 

关闭os登录，但支持远程登录sqlnet.authentication_services=none

[oracle@mygod1 ~]$ grep auth /$ORACLE_HOME/network/admin/samples/sqlnet.ora
#    bvasudev   02/07/97 - Change sqlnet.authentication_services documentation
#names.authority_required = False
#     _authority_required             _auto_refresh*                  
#sqlnet.authentication_services
# Enables one or more authentication services.  If
# support, using (beq, kerberos5) would enable authentication via
#sqlnet.authentication_services=(beq, kerberos5)
#sqlnet.authentication_kerberos5_service
#sqlnet.authentication_kerberos5_service=acme
#sqlnet.radius_authentication = localhost
#sqlnet.radius_authentication_port = 1654
#sqlnet.radius_authentication_interface = DefaultRadiusInterface
#ssl_client_authentication
# The ssl_client_authentication parameter controls whether the client 
# is authenticated using SSL. This parameter should be set to FALSE if
# authentication (DH_anon) or if using other non-SSL authentication
#Purpose: Indicates the time interval within which database authentication
#         authentication within the given time period, then the database
[oracle@mygod1 ~]$ 

[oracle@mygod1 ~]$ echo "sqlnet.authentication_services=none" >/$ORACLE_HOME/network/admin/sqlnet.ora
[oracle@mygod1 ~]$ sqlplus / as sysdba


SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:38:44 2017


Copyright (c) 1982, 2005, Oracle.  All rights reserved.


ERROR:
ORA-01031: insufficient privileges




Enter user-name: 
[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba


SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:38:56 2017


Copyright (c) 1982, 2005, Oracle.  All rights reserved.




Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options


SQL> 

打开os登录，但不支持远程登录sqlnet.authentication_services=all

[oracle@mygod1 ~]$ echo "sqlnet.authentication_services=all" >/$ORACLE_HOME/network/admin/sqlnet.ora
[oracle@mygod1 ~]$ sqlplus / as sysdba


SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:40:25 2017


Copyright (c) 1982, 2005, Oracle.  All rights reserved.




Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options


SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
[oracle@mygod1 ~]$ sqlplus sys/redhat@orcl as sysdba


SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 12 00:40:30 2017


Copyright (c) 1982, 2005, Oracle.  All rights reserved.


ERROR:
ORA-12641: Authentication service failed to initialize




Enter user-name: