Oracle中password file的作用及说明

简介: 在数据库没有启动之前,数据库内建用户是无法通过数据库来验证身份的口令文件中存放sysdba/sysoper用户的用户名及口令允许用户通过口令文件验证,在数据库未启动之前登陆从而启动数据库如果没有口令文件,在数据库未启动之前就只能通过操作系统认证.

在数据库没有启动之前,数据库内建用户是无法通过数据库来验证身份的

口令文件中存放sysdba/sysoper用户的用户名及口令
允许用户通过口令文件验证,在数据库未启动之前登陆
从而启动数据库

如果没有口令文件,在数据库未启动之前就只能通过操作系统认证.

使用Rman,很多时候需要在nomount,mount等状态对数据库进行处理
所以通常要求sysdba权限如果属于本地DBA组,可以通过操作系统认证登陆
如果是远程sysdba登陆,需要通过passwordfile认证.

1.remote_login_passwordfile = NONE

此时停用口令文件验证,Oracle数据库不允许远程SYSDBA/SYSOPER身份登录
无法通过远程进行数据库起停等操作管理


local:

[oracle@hhu ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 09:24:13 2016
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to an idle instance.

SYS@ORCL> startup
ORACLE instance started.

Total System Global Area 1653518336 bytes
Fixed Size		    2253784 bytes
Variable Size		 1006636072 bytes
Database Buffers	  637534208 bytes
Redo Buffers		    7094272 bytes
Database mounted.
Database opened.
SYS@ORCL> show parameter pass

NAME				     TYPE	 VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile	     string	 NONE

remote:

[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:25:50 2016
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied

此处实际上是无法通过口令文件验证

2.remote_login_passwordfile = exclusive


SYS@ORCL> alter system set remote_login_passwordfile=exclusive scope=spfile;
System altered.
SYS@ORCL> startup force;
ORACLE instance started.
Total System Global Area 1653518336 bytes
Fixed Size    2253784 bytes
Variable Size 1006636072 bytes
Database Buffers  637534208 bytes
Redo Buffers    7094272 bytes
Database mounted.
Database opened.
SYS@ORCL> show parameter pass


NAME                                     TYPE        VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile       string       EXCLUSIVE



 

remote:

 

[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba


SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:27:51 2016


Copyright (c) 1982, 2013, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SYS@hr> 



这实际上就是通过口令文件验证登录的

3.进一步测试

如果此时我们删除passwdfile,sysdba/sysoper将无法认证,也就无法登陆数据库

Server:

 

[oracle@hhu dbs]$ mv orapwORCL orapwORCL.bk



Remote:

 [oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba


SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:29:03 2016


Copyright (c) 1982, 2013, Oracle.  All rights reserved.


ERROR:
ORA-01017: invalid username/password; logon denied



这实际上就是无法通过口令文件验证身份

 

4.如果丢失了passwdfile

如果一开始是远程登录的,在登录过程中使用passwdfile却意外丢失,此时将不能重启数据库

 

[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba


SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:48:11 2016


Copyright (c) 1982, 2013, Oracle.  All rights reserved.




Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options


模拟密码文件丢失
[oracle@hhu dbs]$ mv orapwORCL orapwORCL.bk

重启数据库
SYS@hr> startup force;
ORA-01017: invalid username/password; logon denied

将密码文件恢复回来,再次重启

[oracle@hhu dbs]$ mv orapwORCL.bk orapwORCL

SYS@hr> startup force;
ORA-03135: connection lost contact
SYS@hr> conn sys/oracle@hr as sysdba
Connected to an idle instance.
SYS@hr> startup force;
ORACLE instance started.


Total System Global Area 1653518336 bytes
Fixed Size    2253784 bytes
Variable Size 1006636072 bytes
Database Buffers  637534208 bytes
Redo Buffers    7094272 bytes
Database mounted.
Database opened.

又可以正常使用了



大致就是如此.

参考博客:http://www.eygle.com/archives/2004/06/passwordfile.html

相关文章
|
Oracle 关系型数据库 Apache