验证方式:操作系统验证方式
口令文件验证方式(防止系统管理员误操作你的数据库)
================
1:操作系统验证方式
================
[oracle@localhost ~]$ sqlplus
SQL*Plus: Release 11.2.0.3.0 Production on Sun Dec 30 16:58:46 2001
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Enter user-name: / as sysdba
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> show user
USER is "SYS"
特点:不需要加密码,直接可以以sysdba的身份登录,只要能进入你的操作系统,就能以dba身份登录到你的oracle
用途:当你即是系统管理员,又是oracle DBA时,可以采用这种方法
如果你是DBA,但不是系统管理员时,不能用这种验证方法,因为其他人只要能进入你的系统就能登录你的ORACLE;
SQL> conn system/oracle -------dba有sys和system,不写as sysdba默认是以一般用户身份登录
Connected.
SQL> shutdown
ORA-01031: insufficient privileges ------没有关闭数据库的权限
SQL> conn system/oracle as sysdba ---------以DBA的身份登录
Connected.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> conn scott/tiger -----普通用户没有关闭数据库的权限
Connected.
SQL> shutdown immediate
ORA-01031: insufficient privileges
SQL> conn system/oracle as sysdba
Connected.
SQL> grant sysdba to scott; ---------给scott授予dba的权限
Grant succeeded.
SQL> conn scott/tiger
Connected.
SQL> shutdown immediate
ORA-01031: insufficient privileges
SQL> conn scott/tiger as sysdba ----------scott以dba的身份登录后可以关闭数据库
Connected.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
================
2:口令文件验证方式
================
口令文件
使用orapwd工具生成口令文件
在参数文件中改:
set remote_login_passwordfile=exclusive
windows ORACLE_HOME/Database/pwdoracl.ora(pwd+sid.ora)
linux ORACLE_HOME/dbs/orapworacl(orapw+sid)
1:
SQL> show parameter remote
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_dependencies_mode string TIMESTAMP
remote_listener string
remote_login_passwordfile string EXCLUSIVE
remote_os_authent boolean FALSE
remote_os_roles boolean FALSE
result_cache_remote_expiration integer 0
2:
如果remote_login_passwordfile的值不是EXCLUSIVE,那么需要手动改为EXCLUSIVE;
[oracle@ooo ~]$ cd $ORACLE_HOME
[oracle@ooo 11.2.0]$ cd dbs/
[oracle@ooo dbs]$ ls
aaspfileorcl.ora init.ora lkORCL orapworcl000
hc_orcl.dat initorcl.ora orapworcl spfileorcl.ora
[oracle@ooo dbs]$ vim initorcl.ora -------将excluesive写入到启动库第一步读到的参数文件中
*.remote_login_passwordfile='EXCLUSIVE'
3:
[oracle@chen dbs]$ orapwd file=/u01/app/oracle/product/11.2.0/dbs/orapworcl password=test
[oracle@chen dbs]$ ls
hc_oracl.dat initoracl.ora orapworacl spfileoracl.ora
init.ora lkORCL orapworcl -----------生成密码文件
[oracle@chen ~]$ rlwrap sqlplus
SQL*Plus: Release 11.2.0.3.0 Production on Fri Jun 6 15:19:31 2014
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Enter user-name: sys/aaaaaa as sysdba ---------输入任意口令都能进入?如何解决?
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> show user
USER is "SYS"
4:解决办法
[oracle@ooo admin]$ pwd
/u01/app/oracle/product/11.2.0/network/admin
[oracle@ooo admin]$ vim sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NONE) ----------添加这一行,登录时不是系统验证,而是oracle验证登录(防止系统管理员登录你的数据库),注释这一行又变化系统验证方式
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
ADR_BASE = /u01/app/oracle
[oracle@localhost ~]$ rlwrap sqlplus
Enter user-name: / as sysdba
ERROR:
ORA-01031: insufficient privileges --------系统验证方式没有通过,需要口令
Enter user-name: sys/aaaaa as sysdba
ERROR:
ORA-01017: invalid username/password; logon denied --------密码输入错误登录不上
[oracle@localhost ~]$ rlwrap sqlplus
Enter user-name: sys/test as sysdba ----------密码正确,登录成功
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
|
|手机版|小黑屋|重庆思庄Oracle、Redhat认证学习论坛
( 渝ICP备12004239号-4 )
发表于 2023-9-26 23:13:28
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
支持
反对