Shulou(Shulou.com)05/31 Report--

What this article shares to you is about how to discuss the REMOTE_LOGIN_PASSWORDFILE parameters. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Password files are password verification files that are only used to restrict users with sysdba or sysoper privileges from connecting to the database remotely. If there is no password file or the password file is missing, users with sysdba or sysoper privileges will not be able to log in and return an error:

[oracle@home2 dbs] $mv orapwthinkbase orapwthinkbase.bak

[oracle@home1 ~] $sqlplus sys/oracle@thinkbase as sysdba

SQL*Plus: Release 11.2.0.3.0 Production on Wed Sep 20 16:39:39 2017

Copyright (c) 1982, 2011, Oracle. All rights reserved.

ERROR:

ORA-01031: insufficient privileges

Recreate or restore the password file before the user can reconnect:

[oracle@home2 dbs] $mv orapwthinkbase.bak orapwthinkbase

[oracle@home1 ~] $sqlplus sys/oracle@thinkbase as sysdba

SQL*Plus: Release 11.2.0.3.0 Production on Wed Sep 2017: 06:28 2017

Copyright (c) 1982, 2011, Oracle. All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.3.0-Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SYS@thinkbase >

The REMOTE_LOGIN_PASSWORDFILE parameter is a restriction on the use of password files. The parameters of the REMOTE_LOGIN_PASSWORDFILE parameter are discussed below.

REMOTE_LOGIN_PASSWORDFILE = NONE

When the REMOTE_LOGIN_PASSWORDFILE parameter is NONE, the password file is disabled and the user cannot log in to the database remotely as an administrator-level user, as follows:

SYS@thinkbase > show parameter pass

NAME TYPE VALUE

-

Remote_login_passwordfile string EXCLUSIVE

SYS@thinkbase > alter system set remote_login_passwordfile=NONE scope=spfile

System altered.

SYS@thinkbase > startup force

ORACLE instance started.

Total System Global Area 941600768 bytes

Fixed Size 1348860 bytes

Variable Size 549456644 bytes

Database Buffers 385875968 bytes

Redo Buffers 4919296 bytes

Database mounted.

Database opened.

SYS@thinkbase > show parameter pass

NAME TYPE VALUE

-

Remote_login_passwordfile string NONE

[oracle@home1 ~] $sqlplus sys/oracle@thinkbase as sysdba

SQL*Plus: Release 11.2.0.3.0 Production on Wed Sep 2017: 10:01 2017

Copyright (c) 1982, 2011, Oracle. All rights reserved.

ERROR:

ORA-01017: invalid username/password; logon denied

You need to notice that setting the REMOTE_LOGIN_PASSWORDFILE parameter to NONE is different from the error returned when the user logs in when the password file is missing. In fact, "ORA-01017: invalid username/password; logon denied" means that the password file is disabled.

REMOTE_LOGIN_PASSWORDFILE = EXCLUSIVE (system default)

Under this parameter, the database can add users at the system administrator level, and you can use the alter user command to change the password of the sys user, and record such changes in the password file.

SYS@thinkbase > show parameter pass

NAME TYPE VALUE

-

Remote_login_passwordfile string NONE

SYS@thinkbase > grant sysdba to hr

Grant sysdba to hr

*

ERROR at line 1:

ORA-01994: GRANT failed: password file missing or disabled

SYS@thinkbase > alter system set remote_login_passwordfile=exclusive scope=spfile

System altered.

SYS@thinkbase > startup force

ORACLE instance started.

Total System Global Area 941600768 bytes

Fixed Size 1348860 bytes

Variable Size 549456644 bytes

Database Buffers 385875968 bytes

Redo Buffers 4919296 bytes

Database mounted.

Database opened.

SYS@thinkbase > show parameter pass

NAME TYPE VALUE

-

Remote_login_passwordfile string EXCLUSIVE

SYS@thinkbase > grant sysdba to hr

Grant succeeded.

SYS@thinkbase > alter user sys identified by oracle123

User altered.

REMOTE_LOGIN_PASSWORDFILE = SHARED

The SHARED parameter allows multiple databases to share a password file, but only one user can be identified: SYS. However, the password file under the SHARED parameter cannot be modified. That is, you cannot add a user at the system administrator level or write to a password file.

SYS@thinkbase > show parameter pass

NAME TYPE VALUE

-

Remote_login_passwordfile string EXCLUSIVE

SYS@thinkbase > alter system set remote_login_passwordfile=shared scope=spfile

System altered.

SYS@thinkbase > startup force

ORACLE instance started.

Total System Global Area 941600768 bytes

Fixed Size 1348860 bytes

Variable Size 549456644 bytes

Database Buffers 385875968 bytes

Redo Buffers 4919296 bytes

Database mounted.

Database opened.

SYS@thinkbase > show parameter pass

NAME TYPE VALUE

-

Remote_login_passwordfile string SHARED

SYS@thinkbase > grant sysdba to sh

Grant sysdba to sh

*

ERROR at line 1:

ORA-01999: password file cannot be updated in SHARED mode

SYS@thinkbase > alter user sys identified by oracle

Alter user sys identified by oracle

*

ERROR at line 1:

ORA-28046: Password change for SYS disallowed

At the same time, oracle suggests that if you want to add administrator-level privileges to users and use shared mode, it is best to first set administrator privileges in exclusive mode, and then modify the REMOTE_LOGIN_PASSWORDFILE parameters to shared shared password files.

Summary of the experiment:

1. Password files are similar to parameter files and are used only when logging in or when there is information to write or modify. At other times, even if lost, it will not affect the operation of the database.

two。 Due to the above characteristics, the password file is not usually backed up during backup. If you lose it, you can use the following statement to recreate the password file:

[oracle@home2 dbs] $orapwd

Usage: orapwd file= entries= force= ignorecase= nosysdba=

Where

File-name of password file (required)

Password-password for SYS will be prompted if not specified at command line

Entries-maximum number of distinct DBA (optional)

Force-whether to overwrite existing file (optional)

Ignorecase-passwords are case-insensitive (optional)

Nosysdba-whether to shut out the SYSDBA logon (optional Database Vault only).

There must be no spaces around the equal-to (=) character.

The above is how to discuss the REMOTE_LOGIN_PASSWORDFILE parameters, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.