一直以来,我记住的一个知识点就是:SQLNET.AUTHENTICATION_SERVICES=(NTS)是使用OS认证的必须条件之一。
今天一个偶然的机会,才知道这个结论是不完全准确的。
在本文的测试中,remote_login_passwordfile的值都为EXCLUSIVE,相关用户所属组也设置正确。
先看windows下的测试:
--设置为NTS,OS验证成功
E:oracleora92in>cat .. etworkadminSQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (NTS)
E:oracleora92in>sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:34:56 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
连接到:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production
sys@ORACLE9I>
--下面把SQLNET.ORA的内容注释掉,OS验证成功
E:oracleora92in>cat .. etworkadminSQLNET.ORA
#SQLNET.AUTHENTICATION_SERVICES= (NTS)
再次登录:
E:oracleora92in>sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:36:09 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
--设置为 NONE,OS验证失败
E:oracleora92in>cat .. etworkadminSQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (NONE)
E:oracleora92in>sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:50:33 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
--设置为ALL,OS验证成功
E:oracleora92in>cat .. etworkadminSQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (ALL)
E:oracleora92in>sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:51:21 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
连接到:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production
sys@ORACLE9I>
登录失败,说明当前设置不允许操作系统认证。
这个例子也说明了:在windows下,SQLNET.AUTHENTICATION_SERVICES必须设置为NTS或者ALL才能使用OS认证。
接着再看看在linux下的情况:
--设置为NTS,OS验证失败
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NTS)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:08:53 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
--注释掉,相当于什么都不设置,OS验证成功
[oracle@primary admin]$ cat sqlnet.ora
#SQLNET.AUTHENTICATION_SERVICES= (NTS)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:06:17 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning and Data Mining options
SQL>
--设置为NONE,OS验证失败
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NONE)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:07:07 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
--随便设置一个值,OS验证失败
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (aaa)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:14:45 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
--设置为ALL,OS验证成功
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (ALL)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:07:54 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning and Data Mining options
SQL>
从以上测试知道:在linux下,在SQLNET.AUTHENTICATION_SERVICES的值设置为ALL,或者不设置的情况下,OS验证才能成功。
从测试可以看出,windows和linux下要实现OS验证,SQLNET.AUTHENTICATION_SERVICES的设置要求是不一样的,甚至是相反的,为什么呢?
我们看看ORACLE对这个设置是怎么解释的:
SQLNET.AUTHENTICATION_SERVICES
Purpose
Use the parameter SQLNET.AUTHENTICATION_SERVICES to enable one or more authentication services. If authentication has been installed, it is recommended that this parameter be set to either none or to one of the authentication methods.
Default
None
Values
Authentication Methods Available with Oracle Net Services:
* none for no authentication methods. A valid username and password can be used to access the database.
* all for all authentication methods
* nts for Windows NT native authentication
Windows NT native authentication
An authentication method that enables a client single login access to a Windows NT server and a database running on the server.
从oracle的解释可以知道,SQLNET.AUTHENTICATION_SERVICES=(NTS)是WINDOWS系统专用的,对linux/UNIX是不适用的。
最后做一个简单的总结:
1、在windows下,SQLNET.AUTHENTICATION_SERVICES必须设置为NTS或者ALL才能使用OS认证;不设置或者设置为其他任何值都不能使用OS认证。
2、在linux下,在SQLNET.AUTHENTICATION_SERVICES的值设置为ALL,或者不设置的情况下,OS验证才能成功;设置为其他任何值都不能使用OS认证。
另外补充一下:
在linux下,设置成SQLNET.AUTHENTICATION_SERVICES=BEQ 也可以使用OS验证。
阅读(2871) | 评论(1) | 转发(0) |