Oracle dba是指拥有sysdab,sysoper权限登录的用户默认为sys,system
Sysdba > sys > root
Sysoper > system >sudo
dba用户身份认证:操作系统身份认证,密码文件认证
[oracle@localhost ~]$ id oracle
uid=500(oracle) gid=500(oinstall) groups=500(oinstall),501(dba)
[oracle@localhost ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Mar 22 03:38:59 2017
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 630501376 bytes
Fixed Size 2215984 bytes
Variable Size 465571792 bytes
Database Buffers 155189248 bytes
Redo Buffers 7524352 bytes
Database mounted.
Database opened.
SQL> show user;
USER is "SYS"
删除密码文件
[oracle@localhost admin]$ cd $ORACLE_HOME/dbs
[oracle@localhost dbs]$ ls
ctl.txt init.ora lkORCL spfile
hc_orcl.dat initorcl.ora orapworcl spfileorcl.ora
[oracle@localhost dbs]$ rm -rf orapworcl
使用密码文件就会报错
[oracle@localhost ~]$ sqlplus sys/oracle@orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Mar 22 03:50:28 2017
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
重建密码命令
[oracle@localhost dbs]$ orapwd file=orapworcl password=oracle entries=1
[oracle@localhost dbs]$
密码文件重建后,就可以正常登录,远程登录确实需要密码文件
[oracle@localhost ~]$ sqlplus sys/oracle@orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Mar 22 04:04:25 2017
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
密码文件认证还是操作系统认证决定
remote_login_passwordfile=none||exclusive|shared
none--不适用密码文件
execlusive--密码文件认证,自己独有使用;默认使用execlusive
share--密码文件认证,不同实例dba用户可以共享密码文件
$ORACLE_HOME/network/admin/sqlnet.ora
操作系统
SQLNET.AUTHENTICATION_SERVICES=none|all
none:关闭os认证,只能密码文件认证
all:关闭本地密码文件认证,采用操作系统认证,但是远程(异机)可以
--了解nts(windows)
组合remote_login_passwordfile和SQLNET.AUTHENTICATION_SERVICES=none|all
修改sqlnet.ora的SQLNET.AUTHENTICATION_SERVICES改为none,关闭本地连接,故使用sqlplus / as sysdba会报错,使用密码登录没有报错
[oracle@localhost admin]$ cat sqlnet.ora
# sqlnet.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/n
etwork/admin/sqlnet.ora# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.AUTHENTICATION_SERVICES=none
ADR_BASE = /u01/app/oracle
[oracle@localhost admin]$
[oracle@localhost ~]$ sqlplus sys/oracle@orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Mar 22 04:04:25 2017
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 -
64bit ProductionWith the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@localhost ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Mar 22 05:06:20 2017
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
[oracle@localhost ~]$ sqlplus sys/oracle@orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Mar 22 05:09:34 2017
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
将其修改为all,关闭本地密码登录,可以使用os认证
[oracle@localhost admin]$ cat sqlnet.ora
# sqlnet.ora Network Configuration File: /u01/app/oracle/product/11.2.0/db_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.AUTHENTICATION_SERVICES=all
ADR_BASE = /u01/app/oracle
[oracle@localhost admin]$
[oracle@localhost ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Mar 22 05:15:11 2017
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@localhost ~]$ sqlplus sys/oracle@orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Wed Mar 22 05:15:22 2017
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
密码丢失
重建命令:orapwd file=orapworcl password=oracle entries=1
[oracle@localhost admin]$ orapwd
Usage: orapwd file=<fname> entries=<users> force=<y/n> ignorecase=<y/n> nosysd
ba=<y/n>
where
file - name of password file (required),
password - password for SYS will be prompted if not specified at command l
ine,
entries - maximum number of distinct DBA (optional),
force - whether to overwrite existing file (optional),
ignorecase - passwords are case-insensitive (optional),
nosysdba - whether to shut out the SYSDBA logon (optional Database Vault o
nly).
There must be no spaces around the equal-to (=) character.
file:密码文件名称orapw<<sid>
password:sys的密码
entries-->可以有多个sysdba,sysoperr权限用户放到密码文件中
force-->强制
entries:了解就可以
密码文件修改
sys密码修改
sysdba sysoper权限用户新增
使用命令行修改,密码文件修改
alter user sys identified by "";
SQL> alter user sys identified by oracle;
User altered.
[oracle@localhost dbs]$ strings orapworcl
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
BoY9
fa/C
SQL> alter user sys identified by dragon;
User altered.
[oracle@localhost dbs]$ strings orapworcl
]\[Z
ORACLE Remote Password file
INTERNAL
906B20769668AC39
4B68E3F33DE31745
o&tfW#\G
[oracle@localhost dbs]$
授权回收sysdba或者sysoper权限,修改密码文件
grant /remove sysdba/sysoper to u
