我的测试环境是:
RedHat Linux as5.3+ORACLE11gr2
sqlnet.ora中配了一个认证(SQLNET.AUTHENTICATION_SERVICES)
[oracle@ocm ~]$ cd $ORACLE_HOME/network/admin
vi sqlnet.ora(具体内容如下:)
SQLNET.AUTHENTICATION_SERVICES=(all)
根据官方文档对ALL解释是:all for all authentication methods,是指所有的认证,那应包括操作系统认证,用户名密码认证。一会我们来一一验证!!!
那么我现在来测试一下:
我的监听是:
[oracle@ocm ~]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 02-MAY-2013 11:36:19
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 01-MAY-2013 18:11:19
Uptime 0 days 17 hr. 25 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0/network/admin/listener.ora
Listener Log File /u01/app/oracle/diag/tnslsnr/ocm/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ocm.example.com)(PORT=1521)))
Services Summary...
Service "oca" has 1 instance(s).
Instance "ocm", status READY, has 1 handler(s) for this service...
Service "ocm" has 1 instance(s).
Instance "ocm", status READY, has 1 handler(s) for this service...
Service "ocp" has 1 instance(s).
Instance "ocm", status READY, has 1 handler(s) for this service...
The command completed successfully
我的tnsnames.ora是:
vi tnsnames.ora
gyj =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ocm)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = ocm)
)
)
1.第一种测试:操作系统认证,OK!可以登录数据库!
[oracle@ocm ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 2 11:40:15 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
2.第二种测试:不走监听的用户名密码认证,OK!可以登录数据库!
[oracle@ocm ~]$ sqlplus gyj/gyj
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 2 11:41:16 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
gyj@OCM>
3.第三种测试,走监听的用户密码认证,报错了!,不可以登录数据库!
[oracle@ocm ~]$ sqlplus gyj/gyj@gyj
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 2 11:48:18 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
那我来试试tsnping,这个没问题呀!
[oracle@ocm ~]$ tnsping gyj
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 02-MAY-2013 11:48:50
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/11.2.0/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = ocm)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = ocm)))
OK (10 msec)
那我把sqlnet.ora中的认证这行注释掉
[oracle@ocm admin]$ vi sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES=(all)
再用走监听的用户密码认证,OK!可以登录数据库!
[oracle@ocm ~]$ sqlplus gyj/gyj@gyj
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 2 11:46:27 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
gyj@OCM>
要讨论诉话题就是:ALL怎么理解?为啥走监听的用户密码认证,就不行呢?还需要配什么呢?对于 sqlnet.ora的知识点很多注意点,我们这里就讨论认证ALL的用法?
我再来测试一下,我把LINUX端的作为数据库服务器,把windows端的作为数据库客户端:
这样的环境,我要用WINDOWS端的oracle客户端去连远端的LINUX上的数据库服务器,只能用走监听的用户密码来连接数据库:
好,那我在window端,配置sqlnet.ora的,直接把sqlnet.ora给重命名为sqlnet.ora.bak,使之不起作用:
D:\oracle\product\10.2.0\client_1\NETWORK\ADMIN
客户端成功登录远端的数据库
OK,成功登录数据库了,对于sqlnet.ora在服务器端我无须任何配置(对我现在讨论的问题来说,因为sqlnet.ora是个复杂的东东,所以我这里只讨论认证,并且是all),对于认证是在客户端控制,说白了是自已控制自己的。。。
接下来,我再windows这里再修重命名回 sqlnet.ora.bak ---->sqlnet.ora,并添加内容:
好我再从客户端登录一把,看是否报错:
果然报错了。。。。。
其实这个问题跟平台无关,主要是想了解一下这个ALL,到底内部是干嘛的。。。从英语翻译上来说ALL是所有认证,难道走监听的用户名密码就不属于这个范围之内吗?
莫非Oracle用sqlnet.ora中的认证SQLNET.AUTHENTICATION_SERVICES= (ALL),用这个设置来控制远程客户端连接的数据库吗?????
还是另有其它配置??????