技术标签: Oracle修改密码文件
密码文件作用:
密码文件用于dba用户的登录认证。
dba用户:具备sysdba和sysoper权限的用户,即oracle的sys和system用户。
本地登录:
1)操作系统认证:
[oracle@localhost ~]$ sqlplus "/as sysdba"
[oracle@localhost ~]$ sqlplus / as sysdba
[oracle@localhost ~]$ sqlplus sys/tiger as sysdba
2)密码文件认证:
[oracle@localhost ~]$ sqlplus sys/tiger@rezin as sysdba
远程密码文件登录:
[oracle@localhost ~]$ sqlplus sys/[email protected]:1521/orcl as sysdba
密码文件位置:
linux/unix:[oracle@localhost ~]$ ls $ORACLE_HOME/dbs/orapw$ORACLE_SID
/u01/oracle/10g/dbs/orapworcl
/u01/oracle/10g/dbs/orapwrezin
windows:$ORACLE_HOME/oradate/orapw$ORACLE_SID
密码文件查找顺序:
1)opapw
2)orapw
以上两个都查找不到,验证失败。
密码文件认证还是OS认证:
1)参数文件:remote_login_passwordfile=none|exclusive|shared
none:不使用密码文件认证
exclusive:使用密码文件认证,自己独占使用(默认)
shared:使用密码文件认证,不同实例dba用户可以共享密码文件(asm下必须使用)
2)$ORACLE_HOME/network/admin/sqlnet.ora文件下:
SQLNET.AUTHENTICATION_SERVICES =none|all|nts(linux下默认没有设置)
none:关闭OS认证,只能密码文件认证
all:linux平台关闭本机密码文件认证,采用操作系统认证,但是远程(异机)可以密码文件认证
nts:windows下使用(桶linux下all)
练习:
1)配置:remote_login_passwordfile=exclusive
SQLNET.AUTHENTICATION_SERVICES =none
结果:可以密码文件认证(本地/远超),不可以操作系统认证
[oracle@localhost ~]$ sqlplus sys/tiger as sysdba(本地密码文件登录)
[oracle@localhost ~]$ sqlplus sys/tiger@rezin as sysdba(本地密码文件登录)
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:39 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
???:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> exit
? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options ??
[oracle@localhost ~]$ sqlplus / as sysdba(OS认证)
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:00:51 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
或
[oracle@localhost ~]$ sqlplus "/as sysdba"(OS认证)
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:01:04 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
2)配置:remote_login_passwordfile=exclusive
SQLNET.AUTHENTICATION_SERVICES =all
结果:本机密码文件认证不可用,但是远程密码文件认证可用,本机OS认证可用
[oracle@localhost ~]$ sqlplus "/as sysdba"(本机OS认证登录成功)
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:45:35 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
[oracle@localhost ~]$ sqlplus sys/tiger@orcl as sysdba(本机密码文件认证失败)
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 19:46:52 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
C: >sqlplus sys/[email protected]:1521/orcl as sysdba(远程密码文件登录成功)
SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 11:58:38 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
[oracle@localhost ~]$ sqlplus scott/tiger(普通用户本地OS登录成功)
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:01:57 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
[oracle@localhost ~]$ sqlplus scott/tiger@orcl(登录失败)
[oracle@localhost ~]$ sqlplus scott/t (登录失败)
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 20:02:52 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
密码文件管理:
密码文件建立:orapwd命令用法(不建议使用)
[oracle@localhost ~]$ orapwd
Usage: orapwd file= password= entries= force=
where
file - name of password file (mand), -->创建密码文件名字:orapw
password - password for SYS (mand), -->sys用户密码
entries - maximum number of distinct DBA and -->可以有多少个sysdba和sysoper用户可以放到密码文件里边去(采用二进制方式,即输入1表示最少存放4个,去除重复的)
force - whether to overwrite existing file (opt), -->oracle 10g后新加的参数,用法:force=n或force=y,表示密码文件存在是否覆盖,10g之前只能删除原有的密码文件,再创建。
OPERs (opt),
There are no spaces around the equal-to (=) character.
例如:[oracle@localhost ~]$orapwd file=orapworcl password=rezin entries=1 force=y
密码文件修改:例如修改sys用户密码或授予sysdba、sysoper权限
orapwd重建密码文件:不建议使用,可能会让其他sys用户不能登录
alter user sys identified by
grant sysdba|sysoper to ;
revoke sysdba|sysoper from
查看密码文件内容:strings指令查看二进制文件内容。
[oracle@localhost dbs]$ strings orapworcl
]\[Z
ORACLE Remote Password file
INTERNAL
9D9FF9FDAFB17385
E6BAA2164C375C09
sysdba和sysoper具体区别:查看官方文档
通过system_privilege_map视图查看系统权限:
SQL> select * from system_privilege_map
2 where name like '%SYS%';
PRIVILEGE NAME PROPERTY
---------- ---------------------------------------- ----------------------------------------------------------
-3 ALTER SYSTEM 0
-4 AUDIT SYSTEM 0
-83 SYSDBA 0
-84 SYSOPER 0
查看用户系统权限通过密码文件视图v$pwfile_user查看:
SQL> select * from v$pwfile_users;
USERNAME SYSDB SYSOP
------------------------------ ----- -----
SYS TRUE TRUE
通过以上查询可以知道,sys用户登录方式既可以通过as sysdba登录schema显示‘SYS’,也可以通过as sysoper登录schema显示‘PUBLIC’。
LAST验证:需要配合参数文件知识练习
1、按照组合:
1)remote_login_passwordfile=none sqlnet.authentication_services=none
2)remote_login_passwordfile=exclusive sqlnet.authentication_services=none
3)remote_login_passwordfile=none sqlnet.authentication_services=all
如果是win,请你把all改为nts
4)remote_login_passwordfile=exclusive sqlnet.authentication_services=all
分别测试:
本机:sqlplus / as sysdba
sqlplus sys/ as sysdba
sqlplus sys/@ as sysdba
远程:sqlplus sys/@ as sysdba
sqlplus sys/@ip:port/ as sysdba
测试哪些组合可以登录成功,哪些不能登录成功。
总结出如果关闭OS验证;如何关闭密码文件验证;如何关闭本地密码文件验证;如何关闭远程密码文件验证。
2、修改remote_login_passwordfile=shated然后使用alter user sys identified by ;修改密码,测试能否修改成功。
不允许修改
3、如果sys密码丢失或不对,你如何做?
alter user sys identified by tiger;修改密码
4、sysdba、sysoper区别在哪,普通用户如何使用密码文件已sysdba或sysoper登录。
答案:
1)remote_login_passwordfile=none sqlnet.authentication_services=none
关闭密码文件认证,关闭OS认证。
本机:sqlplus / as sysdba
[oracle@localhost dbs]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:06:22 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
本机:sqlplus sys/tiger as sysdba
[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:14:24 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
本机:sqlplus sys/tiger@orcl as sysdba
[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:15:39 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
远程:sqlplus sys/tiger@orcl as sysdba
C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:16:11 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS: 无法解析指定的连接标识符
请输入用户名:
远程:sqlplus sys/[email protected]:1521/orcl as sysdba
C:\Users\WCWEN>sqlplus sys/[email protected]:1521/orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:17:35 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
请输入用户名:
2)remote_login_passwordfile=exclusive sqlnet.authentication_services=none
关闭OS认证,只能使用密码文件认证,自己独占使用。
本机:sqlplus / as sysdba
[oracle@localhost dbs]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:38:23 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
本机: sqlplus sys/ as sysdba
[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:39:24 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
本机: sqlplus sys/@ as sysdba
[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:41:00 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
远程:sqlplus sys/@ as sysdba
C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:41:52 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS: 无法解析指定的连接标识符
请输入用户名:
远程: sqlplus sys/@ip:port/ as sysdba
C:\Users\WCWEN>sqlplus sys/[email protected]:1521/orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 14:44:07 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
3)remote_login_passwordfile=none sqlnet.authentication_services=all
关闭密码文件认证,采用OS认证。
本机:sqlplus / as sysdba
[oracle@localhost dbs]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:22:24 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
本机:sqlplus sys/tiger as sysdba
[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:23:10 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
本机:sqlplus sys/tiger@orcl as sysdba
[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sun Mar 15 08:24:01 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
远程:sqlplus sys/tiger@orcl as sysdba
C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:24:47 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS: 无法解析指定的连接标识符
请输入用户名:
远程:sqlplus sys/[email protected]:1521/orcl as sysdba
C:\Users\WCWEN>sqlplus sys/[email protected]:1521/orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期日 3月 15 00:25:33 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
请输入用户名:
4)remote_login_passwordfile=exclusive sqlnet.authentication_services=all
linux平台关闭本机密码文件认证,采用OS认证,但是远程(异机)可以密码文件认证,自己独占使用。
本机:sqlplus / as sysdba
[oracle@localhost dbs]$ sql / as sysdba
[uniread] Loaded history (12 lines)
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:57:20 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
本机: sqlplus sys/ as sysdba
[oracle@localhost dbs]$ sqlplus sys/tiger as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 22:59:16 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
本机:sqlplus sys/@ as sysdba
[oracle@localhost dbs]$ sqlplus sys/tiger@orcl as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Mar 14 23:00:44 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize
Enter user-name:
远程:sqlplus sys/@ as sysdba
C:\Users\WCWEN>sqlplus sys/tiger@orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:01:18 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-12154: TNS: 无法解析指定的连接标识符
请输入用户名:
远程:sqlplus sys/@ip:prot/ as sysdba
C:\Users\WCWEN>sqlplus sys/[email protected]:1521/orcl as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on 星期六 3月 14 15:02:56 2015
Copyright (c) 1982, 2010, Oracle. All rights reserved.
连接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
http://www.cnblogs.com/wcwen1990/p/4337422.html
文章浏览阅读1.7k次,点赞6次,收藏3次。作者 | 程序员客栈来源 | ID:proginnwx根据中国互联网络信息中心(CNNIC)近日发布第 44 次《中国互联网络发展状况统计报告》。截至 2019 年 06 月,中国网民规模为 8.54 亿,较 2018 年底增加 2598 万。网上外卖用户规模达 4.21 亿,较 2018 年底增长 1516 万;网络视频用户规模达 7.59 亿,较 2018 年底增长 3391 万;我..._2020年薪酬数据报告
文章浏览阅读1.3w次,点赞78次,收藏73次。轻舟低代码平台,NASL是其中的关键,也是最大的差异化。回头看Gartner的定义,也有LCAP(低代码平台)和CADP(无代码平台)之分,前者对开发完整性、应用独立性、逻辑完备性、可接入可集成等都有要求,所以说,NASL的实现使得轻舟低代码更符合这一理念。说到框架,大家首先想到肯定是是react,springboot这种被广泛使用的前后端框架,低代码框架本质上跟他们类似,差别在于,低代码框架通常支持从前后端到数据库的全栈模型实现,而且封装程度更高。_网易nasl语言
文章浏览阅读1.2k次。A2B系统的EEPROM自启动如何做,本文来告诉你_a2b技术学习
文章浏览阅读2.2k次。编写程序并编译后出现如上图报错,大致意思为:编译器安装无效,所以编译器无法运行编译器,请检查编译器路径有没有正确配置,并且给出了个修改步骤,最后说设置的路径没有找到编译器文件。。。解决方法:S1:首先我们要确定我们下载安装Code Blocks是带有编译器版本的,就是带有MinGW的版本:下载地址:http://www.codeblocks.org/downloads/26S2:然后给软件指定MinGW的所在路径:菜单栏Settings -> Compil..._codeblocks编译器无效
文章浏览阅读475次。点击上方“Python大本营”,选择“置顶公众号”Python大本营 IT人的职业提升平台来源:pypl编程榜一直以来Python长期霸占编程语言排行榜前三位,其简洁,功能强大的特性..._python好游戏代码
文章浏览阅读2.4k次。服务器安装Ubuntu1604报错报错内容:kernel panic - not syncing attempted to kill the idle taskrandom: fast init donerandom: crng init done错误原因:使用了错误的安装镜像,CPU位宽64位使用了i386的安装镜像,切换amd64安装镜像后无报错..._random: fast init done
文章浏览阅读330次。PHP -- 文件包含、文件上传漏洞PHP -- 文件包含、文件上传漏洞文件包含文件引入漏洞,是由一个动态页面编译时引入另一个文件的操作。文件引入本身是没有问题,它是用于统一页面风格,减少代码冗余的一种技术。但是在特定的场景下就会形成漏洞jsp:include指令和include动作,其中include动作用于引入动态文件php:include(),include_once(),require()..._php文件上传4漏洞
文章浏览阅读406次。SSL 是需要申请证书的,key和PEM文件要放到服务器路径。然后NGINX下要进行443端口和80端口的绑定。server { listen 80; server_name ietaiji.com www.ietaiji.com; root "D:/aaa/WWW/ietaiji"; index index.html_nginx 和 http无法同时启动
文章浏览阅读1.3w次,点赞9次,收藏60次。service与systemctl关系梳理开机启动梳理_linux service
文章浏览阅读194次。在数据中心里,光模块毫不起眼,当我们在高谈阔论各种数据中心高大上技术时,很少提及到光模块。不过,光模块却是数据中心的必需品,哪个数据中心也离不开光模块,而且需要的数量还不少,一块48端口网络设备就需要48个光模块,而一台框式网络设备通常有数百个端口,这些端口如果都使用上就需要数百个光模块,这样算起来数据中心需要的光模块数量是惊人的。数据中心在进行网络投资..._光模块 占 数据中心 成本
文章浏览阅读596次,点赞2次,收藏3次。SocketChannel简述及demoJAVA NIO之SocketChannel1. 简述2. 特点3. 解决问题4. demo功能5. 工作原理6. 代码示例7. 涉及知识扩充JAVA NIO之SocketChannel1. 简述NIO(Non-blocking I/O,在Java领域,也称为New I/O),是一种同步非阻塞的I/O模型,也是I/O多路复用的基础,已经被越来..._niosocketchannel
文章浏览阅读3.8k次。场景在docker下使用tzselect设置时间,最后提示编辑profile追加TZ='Asia/Shanghai'; export TZvim/etc/profilesource /etc/profile发现时区正确了,但时间和宿主机相差几分钟....使用 ntpdate cn.pool.ntp.org同步时间提示ntpdate[534]: step-systime: Operation not permitted使用 ntpdate ntp.s..._step-systime: operation not permitted