用os的oracle用户登录sysdba时,默认不需要输入密码,随便输入个密码都可以登录oracle数据库。登录验证是在sqlnet.ora文件中有个AUTHENTICATION_SERVICES参数控制的,但对这个参数缺有歧义,在 samples/sqlnet.ora 文件中:
#sqlnet.authentication_services # # Syntax: A single value or a list from {beq, none, all, kerberos5, # radius, nts} # Default: NONE # # Enables one or more authentication services. If # Oracle Advanced Security has been installed with Kerberos5 # support, using (beq, kerberos5) would enable authentication via # Kerberos. # #sqlnet.authentication_services=(beq, kerberos5)
这里说默认是NONE,但在Oracle官方文档:
https://docs.oracle.com/cd/E11882_01/network.112/e10835/sqlnet.htm#NETRF199
中说默认是ALL,实际验证也默认是ALL。此时用任何密码都可以登录sysdba:
[oracle@rhel69 admin]$ sqlplus ignored_username/ignored_password AS SYSDBA SQL*Plus: Release 11.2.0.4.0 Production on Mon May 11 11:43:36 2020 Copyright (c) 1982, 2013, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production With the Partitioning, Automatic Storage Management, OLAP, Data Mining and Real Application Testing options SQL>
但只限于sysdba,system不以sysdba登录也不行。如果需要验证oracle的用户密码,需要显式设置:
SQLNET.AUTHENTICATION_SERVICES= (NONE)
