重庆思庄Oracle、Redhat认证学习论坛

标题: Oracle 密码验证方式 [打印本页]

作者: mahan 时间: 2023-9-26 23:13
标题: Oracle 密码验证方式
验证方式：操作系统验证方式
            口令文件验证方式（防止系统管理员误操作你的数据库）

================
1:操作系统验证方式
================

[oracle@localhost ~]$ sqlplus
SQL*Plus: Release 11.2.0.3.0 Production on Sun Dec 30 16:58:46 2001
Copyright (c) 1982, 2011, Oracle.  All rights reserved.

Enter user-name: / as sysdba

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> show user
USER is "SYS"

特点：不需要加密码，直接可以以sysdba的身份登录，只要能进入你的操作系统，就能以dba身份登录到你的oracle

用途：当你即是系统管理员，又是oracle DBA时，可以采用这种方法
      如果你是DBA，但不是系统管理员时，不能用这种验证方法，因为其他人只要能进入你的系统就能登录你的ORACLE；

SQL> conn system/oracle    -------dba有sys和system,不写as sysdba默认是以一般用户身份登录
Connected.

SQL> shutdown
ORA-01031: insufficient privileges ------没有关闭数据库的权限

SQL> conn system/oracle as sysdba ---------以DBA的身份登录
Connected.

SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.

SQL> conn scott/tiger -----普通用户没有关闭数据库的权限
Connected.

SQL> shutdown immediate
ORA-01031: insufficient privileges

SQL> conn system/oracle as sysdba
Connected.

SQL> grant sysdba to scott;             ---------给scott授予dba的权限
Grant succeeded.

SQL> conn scott/tiger
Connected.

SQL> shutdown immediate
ORA-01031: insufficient privileges

SQL> conn scott/tiger as sysdba       ----------scott以dba的身份登录后可以关闭数据库
Connected.

SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.

================
2：口令文件验证方式
================
口令文件
      使用orapwd工具生成口令文件
      在参数文件中改：
      set remote_login_passwordfile=exclusive

      windows ORACLE_HOME/Database/pwdoracl.ora(pwd+sid.ora)
      linux    ORACLE_HOME/dbs/orapworacl(orapw+sid)

1：
SQL> show parameter remote
NAME    TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_dependencies_mode    string TIMESTAMP
remote_listener    string
remote_login_passwordfile    string EXCLUSIVE
remote_os_authent    boolean FALSE
remote_os_roles    boolean FALSE
result_cache_remote_expiration    integer 0

2：
如果remote_login_passwordfile的值不是EXCLUSIVE,那么需要手动改为EXCLUSIVE;

[oracle@ooo ~]$ cd $ORACLE_HOME

[oracle@ooo 11.2.0]$ cd dbs/

[oracle@ooo dbs]$ ls
aaspfileorcl.ora  init.ora    lkORCL    orapworcl000
hc_orcl.dat    initorcl.ora  orapworcl  spfileorcl.ora

[oracle@ooo dbs]$ vim initorcl.ora    -------将excluesive写入到启动库第一步读到的参数文件中
*.remote_login_passwordfile='EXCLUSIVE'

3：
[oracle@chen dbs]$ orapwd file=/u01/app/oracle/product/11.2.0/dbs/orapworcl password=test

[oracle@chen dbs]$ ls
hc_oracl.dat  initoracl.ora  orapworacl  spfileoracl.ora
init.ora    lkORCL       orapworcl             -----------生成密码文件

[oracle@chen ~]$ rlwrap sqlplus
SQL*Plus: Release 11.2.0.3.0 Production on Fri Jun 6 15:19:31 2014
Copyright (c) 1982, 2011, Oracle.  All rights reserved.

Enter user-name: sys/aaaaaa as sysdba                ---------输入任意口令都能进入？如何解决？

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> show user
USER is "SYS"

4：解决办法
[oracle@ooo admin]$ pwd
/u01/app/oracle/product/11.2.0/network/admin

[oracle@ooo admin]$ vim sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NONE)    ----------添加这一行，登录时不是系统验证,而是oracle验证登录（防止系统管理员登录你的数据库），注释这一行又变化系统验证方式
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

ADR_BASE = /u01/app/oracle

[oracle@localhost ~]$ rlwrap sqlplus

Enter user-name: / as sysdba
ERROR:
ORA-01031: insufficient privileges    --------系统验证方式没有通过，需要口令

Enter user-name: sys/aaaaa as sysdba
ERROR:
ORA-01017: invalid username/password; logon denied --------密码输入错误登录不上

[oracle@localhost ~]$ rlwrap sqlplus

Enter user-name: sys/test as sysdba                ----------密码正确，登录成功

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

欢迎光临重庆思庄Oracle、Redhat认证学习论坛 (http://bbs.cqsztech.com/)