Shulou(Shulou.com)06/01 Report--

There are the following ways to change the password of an oracle user:

Ordinary user

(1) modify it through alter user syntax, which is also the most common way:

(2) the second way is to modify it through the password command:

From a security point of view, it is recommended that you change the user's password in a second way, which can prevent the disclosure of plaintext passwords.

Sys user

In addition, do not use password and alter user to modify the sys user password. The main reasons are as follows:

(1) when the REMOTE_LOGIN_PASSWORDFILE parameter is set to shared, when we use alter user to modify the sys password, we will report

ORA-28046: Password change for SYS disallowed error.

The tests are as follows:

(2) most internal recursive SQL uses SYS users. Therefore, if you try to change this password using the ALTER USER statement while the database is open, it may result in a deadlock.

Therefore, for sys users, we need to use orapwd to make modifications:

[oracle@orcl dbs] $orapwd file='orapworcl' entries=5 force=y note that there can be no spaces around the equal sign.

For orapwd instructions, refer to the official website as follows:

ArgumentDescriptionFILEName to assign to the password file. You must supply a complete path. If you supply only a file name, the file is written to the current directory.ENTRIES (Optional) Maximum number of entries (user accounts) to permit in the file.FORCE (Optional) If y, permits overwriting an existing password file.IGNORECASE (Optional) If y, passwords are treated as case-insensitive.

FILE

This argument sets the name of the password file being created. You must specify the full path name for the file. This argument is mandatory.

The file name required for the password file is operating system specific. Some operating systems require the password file to adhere to a specific format and be located in a specific directory. Other operating systems allow the use of environment variables to specify the name and location of the password file.

Table 1-1 lists the required name and location for the password file on the UNIX, Linux, and Windows platforms. For other platforms, consult your platform-specific documentation.

Table 1-1 Required Password File Name and Location on UNIX, Linux, and Windows

PlatformRequired NameRequired Location)

UNIX and Linux

Orapw ORACLE_SID

ORACLE_HOME / dbs

Windows

PWD ORACLE_SID .ora

ORACLE_HOME\ database

For example, for a database instance with the SID orcldw, the password file must be named orapworcldw on Linux and PWDorcldw.ora on Windows.

In an Oracle Real Application Clusters environment on a platform that requires an environment variable to be set to the path of the password file, the environment variable for each instance must point to the same password file.

Caution:

It is critically important to the security of your system that you protect your password file and the environment variables that identify the location of the password file. Any user with access to these could potentially compromise the security of the connection.ENTRIES

This argument specifies the number of entries that you require the password file to accept. This number corresponds to the number of distinct users allowed to connect to the database as SYSDBA or SYSOPER. The actual number of allowable entries can be higher than the number of users, because the ORAPWD utility continues to assign password entries until an operating system block is filled. For example, if your operating system block size is 512 bytes, it holds four password entries. The number of password entries allocated is always a multiple of four.

Entries can be reused as users are added to and removed from the password file. If you intend to specify REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE, and to allow the granting of SYSDBA and SYSOPER privileges to users, this argument is required.

Caution:

When you exceed the allocated number of password entries, you must create a new password file. To avoid this necessity, allocate more entries than you think you will ever need.FORCE

This argument, if set to Y, enables you to overwrite an existing password file. An error is returned if a password file of the same name already exists and this argument is omitted or set to N.

IGNORECASE

If this argument is set to y, passwords are case-insensitive. That is, case is ignored when comparing the password that the user supplies during login with the password in the password file.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.