oracle passwdfile-pl
password file(密码文件):验证拥有sysdba权限的用户登录时的密码校验;
******************************************************
Oracle的验证机制:
1.密码验证
2.操作系统验证
3.数据库验证
2.操作系统验证
如果一个用户,能够正常登录,那么不再需要数据库验证,就能够登录数据库的这种情况
称之为操作系统验证;
一种以sysdba身份,登录数据库,需要该用户属于dba组即可;
另外一种是普通数据库用户的操作系统验证;
a.验证sysdba权限用户的操作系统验证
--创建一个新用户newora:
# useradd newora
# id newora
uid=778(newora) gid=778(newora) groups=778(newora)
--添加一个附加组dba
# usermod -a -G dba newora
# id newora
uid=778(newora) gid=778(newora) groups=778(newora),1100(dba)
--设置系统用户密码
# passwd newora
Changing password for user newora.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
--需要设置对应的环境变量
# su - newora
$ sqlplus / as sysdba
-bash: sqlplus: command not found
# cp /home/oracle/.bash_profile /home/newora/.bash_profile
cp: overwrite `/home/newora/.bash_profile'? y
--注意:第一,用户肯定要属于dba组;
第二,设定用户的对应权限
# su - newora
$ sqlplus / as sysdba
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SYS@orcl11g>
b.普通的数据库用户,也能实现操作系统验证
--首先,查看操作系统认证的前缀
SYS@orcl11g> show parameter os_authent_prefix
NAME TYPE VALUE
------------------------------------ ----------- --------
os_authent_prefix string ops$
# useradd ora
# usermod -a -G oinstall ora
# id ora
uid=779(ora) gid=779(ora) groups=779(ora),1000(oinstall)
# passwd ora
Changing password for user ora.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
# cp /home/oracle/.bash_profile/home/ora/.bash_profile
cp: overwrite `/home/ora/.bash_profile'? y
--创建一个数据库用户:
SYS@orcl11g> create user "OPS$ORA" identified externally
2default tablespace users temporary tablespace temp
3quota unlimited on users;
User created.
SYS@orcl11g> grant create session to "OPS$ORA";
Grant succeeded.
$ su - ora
Password:
$ sqlplus /nolog
SQL*Plus: Release 11.2.0.3.0 Production on Sun Jun 16 14:07:12 2013
Copyright (c) 1982, 2011, Oracle.All rights reserved.
@> conn /
Connected.
OPS$ORA@orcl11g> show user;
USER is "OPS$ORA"
OPS$ORA@orcl11g>
注意:
SYS@orcl11g> show parameter os_authent
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
os_authent_prefix string ops$
remote_os_authent boolean FALSE
remote_os_authent: 远程操作系统验证
SYS@orcl11g> alter system set remote_os_authent=true scope=spfile;
System altered.
服务器端地址:192.168.3.253
ora:oracle
客户端地址:192.168.3.109
ora:123
$ sqlplus /nolog
SQL*Plus: Release 11.2.0.3.0 Production on Tue Jun 11 18:55:37 2013
Copyright (c) 1982, 2011, Oracle.All rights reserved.
@> conn /@orcl253
Connected.
OPS$ORA@orcl253>
***********************************************************
密码文件验证
密码文件存在的位置:
$ORACLE_HOME/dbs
密码文件的命名规则:
orapw
密码文件的文件类型以内容:
$ file orapworcl11g
orapworcl11g: data
$ strings orapworcl11g
]\[Z
ORACLE Remote Password file
INTERNAL
87C5F4BF47942D0E
e^D_
4CCF4A082AD3F312
SCOTT
F894844C34402B67
密码文件存在的意义:
保存超级用户(sysdba)的用户名和口令
超级用户的密码审核不能依赖于数据库内部。
超级用户,具有启动数据库的能力。如果数据库没有启动,就无法验证。
网络使用sys用户登录数据库,要用到密码文件:
$ sqlplus sys/oracle@172.16.254.254:1521/orcl11g.neves.com as sysdba
SYS@172.16.254.254:1521/orcl11g.neves.com>
密码文件丢了:
$ rm -f orapworcl11g
$ sqlplus sys/oracle@172.16.254.254:1521/orcl11g.neves.com as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Mon Sep 23 14:41:22 2013
Copyright (c) 1982, 2011, Oracle.All rights reserved.
ERROR:
ORA-01031: insufficient privileges
密码文件重建:
$ orapwd file=$ORACLE_HOME/dbs/orapworcl11g password=Oracle321
$ ls orapworcl11g
orapworcl11g
$ strings orapworcl11g
]\[Z
ORACLE Remote Password file
INTERNAL
8CA787CEFE8024B2
IY}d
41981DB57414C1B4
2n F
修改sys用户密码两种方式:
1.重建密码文件
2.数据库内部
alter user sys identified by "Oracle123";
页:
[1]