在数据库没有启动之前,数据库内建用户是无法通过数据库来验证身份的
口令文件中存放sysdba/sysoper用户的用户名及口令
允许用户通过口令文件验证,在数据库未启动之前登陆
从而启动数据库
如果没有口令文件,在数据库未启动之前就只能通过操作系统认证.
使用Rman,很多时候需要在nomount,mount等状态对数据库进行处理
所以通常要求sysdba权限如果属于本地DBA组,可以通过操作系统认证登陆
如果是远程sysdba登陆,需要通过passwordfile认证.
1.remote_login_passwordfile = NONE
此时停用口令文件验证,Oracle数据库不允许远程SYSDBA/SYSOPER身份登录
无法通过远程进行数据库起停等操作管理
local:
[oracle@hhu ~]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 09:24:13 2016 Copyright (c) 1982, 2013, Oracle. All rights reserved. Connected to an idle instance. SYS@ORCL> startup ORACLE instance started. Total System Global Area 1653518336 bytes Fixed Size 2253784 bytes Variable Size 1006636072 bytes Database Buffers 637534208 bytes Redo Buffers 7094272 bytes Database mounted. Database opened. SYS@ORCL> show parameter pass NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ remote_login_passwordfile string NONE
remote:
[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:25:50 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
此处实际上是无法通过口令文件验证
2.remote_login_passwordfile = exclusive
SYS@ORCL> alter system set remote_login_passwordfile=exclusive scope=spfile;
System altered.
SYS@ORCL> startup force;
ORACLE instance started.
Total System Global Area 1653518336 bytes
Fixed Size 2253784 bytes
Variable Size 1006636072 bytes
Database Buffers 637534208 bytes
Redo Buffers 7094272 bytes
Database mounted.
Database opened.
SYS@ORCL> show parameter pass
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile string EXCLUSIVE
remote:
[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:27:51 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SYS@hr>
这实际上就是通过口令文件验证登录的
3.进一步测试
如果此时我们删除passwdfile,sysdba/sysoper将无法认证,也就无法登陆数据库
Server:
[oracle@hhu dbs]$ mv orapwORCL orapwORCL.bk
Remote:
[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:29:03 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
这实际上就是无法通过口令文件验证身份
4.如果丢失了passwdfile
如果一开始是远程登录的,在登录过程中使用passwdfile却意外丢失,此时将不能重启数据库
[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:48:11 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@hhu dbs]$ mv orapwORCL orapwORCL.bk
SYS@hr> startup force;
ORA-01017: invalid username/password; logon denied
[oracle@hhu dbs]$ mv orapwORCL.bk orapwORCL
SYS@hr> startup force;
ORA-03135: connection lost contact
SYS@hr> conn sys/oracle@hr as sysdba
Connected to an idle instance.
SYS@hr> startup force;
ORACLE instance started.
Total System Global Area 1653518336 bytes
Fixed Size 2253784 bytes
Variable Size 1006636072 bytes
Database Buffers 637534208 bytes
Redo Buffers 7094272 bytes
Database mounted.
Database opened.
又可以正常使用了
大致就是如此.
参考博客:http://www.eygle.com/archives/2004/06/passwordfile.html