分类: Oracle
2012-10-16 14:41:25
官方文档Administrator's Guide---->
Administrator's Guide---->
一、密码文件
作用:主要进行DBA权限的身份认证
DBA用户:具有sysdba,sysoper角色的用户被称为dba用户。
默认情况下sysdba角色中存在sys用户,sysoper角色中存在system用户
user_role_privs 查看用户具有的角色
user_sys_privs 查看用户具有的权限
查看密码文件视图,可以得到哪些用户为sysdba,哪些用户为sysoper
select * from v$pwfile_users;
二、Oracle的两种认证方式;
1.使用与操作系统集成的身份验证
2.使用Oracle数据库的密码文件进行身份认证
Note:
Operating system authentication takes precedence over password file authentication. Specifically, if you are a member of the OSDBA or OSOPER group for the operating system, and you connect as SYSDBA or SYSOPER, you will be connected with associated administrative privileges regardless of the username/password that you specify.
If you are not in the OSDBA or OSOPER groups, and you are not in the password file, then attempting to connect as SYSDBA or as SYSOPER fails
三、密码文件的位置
Linux下的存放位置:$ORACLE_HOME/dbs/orapw$ORACLE_SID
即:$ORACLE_HOME/dbs/orapw
密码文件的启用:
1.remote_login_passwordfile = none | exclusive |shared
none : 不使用密码文件认证
exclusive :要密码文件认证,自己独占使用(默认值)
shared :要密码文件认证,不同实例dba用户可以共享密码文件
2. $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = none | all | ntf(windows)
none : 表示关闭操作系统认证,只能密码认证
all : 用于linux或unix平台,关闭本机密码文件认证,采用操作系统认证,但远程主机使用密码文件认证
ntf : 用于windows平台
SQLNET.AUTHENTICATION_SERVICESPurpose
Use the parameter SQLNET.AUTHENTICATION_SERVICES to enable one or more authentication services. If authentication has been installed, it is recommended that this parameter be set to either none or to one of the authentication methods.
Default
None
Values
Authentication Methods Available with Oracle Net Services:
none for no authentication methods. A valid username and password can be used to access the database.
all for all authentication methods
nts for
Authentication Methods Available with Oracle Advanced Security:
kerberos5 for Kerberos authentication
radius for RADIUS authentication
dcegssapi for DCE GSSAPI authentication
Example
SQLNET.AUTHENTICATION_SERVICES=(kerberos5)
