oracle 怎么创建口令密码文件
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了oracle 怎么创建口令密码文件相关的知识,希望对你有一定的参考价值。
[oracle@caijidb dbs]$ orapwd file=\'$ORACLE_HOME/dbs/orapcms40\'password=oracle entries=5 force=y;
说明:
●FILE参数指定口令文件存放的全路径及文件名。口令文件的命名也应该遵循Oracle公司指定的规范:orapw,在例子中实例名是orcl
●PASSWORD指定超级用户SYS的密码
●ENTRIES为整数,指定最多有多少用户称为超级用户(SYSDBA)
●FORCE取值为“Y”或者“N”,指定是否强行覆盖已经存在的口令文件
完成上述工作后需要重新设置初始化参数文件中的REMOTE_LOGIN_PASSWORDFILE的值。
因为SPFILE是不可编辑的,所以需要使用现有的SPFILE文件生成一个PFILE文件,编辑其中的REMOTE_LOGIN_PASSWORDFILE的值。然后重新生成一个新的SPFILE文件。
修改SPFILE期间需要关闭数据库,修改完成后再次启动数据库。 参考技术A
刚学的~对口令文件的管理
首先删除口令文件:$ rm $ORACLE_HOME/dbs/orapwdb01
就是先找到你的口令文件,然后删掉它,我的在dbs这个目录下
然后重建口令文件:$ orapwd file=$ORACLE_HOME/dbs/orapwdb01 password=12345 entries=5
表示在$ORACLE_HOME/dbs这个目录下创建新的口令文件,文件名为orapwdb01,新的口令为12345,entries表示添加到该文件中最多特权用户是5
口令文件重建好后需要重启实例才能使用
请多指教
Oracle 口令文件:即 oracle密码文件
一:文件路径位置
[oracle@localhost db_1]$ cd $ORACLE_HOME/dbs [oracle@localhost dbs]$ ls dbsorapwPROD1 hc_orcl.dat initneworcl.ora initorcl.ora lkNEWORCL lkPROD1 orapwneworcl spfileorcl.ora tem.dbf hc_neworcl.dat hc_PROD1.dat init.ora initPROD1.ora lkORCL my.dbf orapworcl spfilePROD1.ora [oracle@localhost dbs]$ pwd /u01/app/oracle/product/11.2.0/db_1/dbs [oracle@localhost dbs]$
二、口令文件的命名规则
orapw+sid 如: orapworcl
三、口令文件存放的是sys
主要是存放管理用户的密码信息的
SYS@orcl> select * from v$pwfile_users; USERNAME SYSDB SYSOP SYSAS ------------------------------ ----- ----- ----- SYS TRUE TRUE FALSE SYS@orcl>
四:实验操作
注: remote_login_passwordfile 是静态参数。修改了该值之后,数据库需要重启。
1)当remote_login_passwordfile 是 EXCLUSIVE
没有sqlnet.ora文件 sqlplus sys/oracle as sysdba sqlplus / as sysdba sqlplus sys/oracle@togogo as sysdba 以上均成功
2)当remote_login_passwordfile是 EXCLUSIVE
sqlnet.ora文件参数 SQLNET.AUTHENTICATION_SERVICES=none sqlplus sys/oracle as sysdba 成功 sqlplus / as sysdba 不成功 sqlplus sys/oracle@togogo as sysdba 成功[oracle@localhost dbs]$ clear [oracle@localhost dbs]$ ls dbsorapwPROD1 hc_orcl.dat initneworcl.ora initorcl.ora lkNEWORCL lkPROD1 orapwneworcl spfileorcl.ora tem.dbf hc_neworcl.dat hc_PROD1.dat init.ora initPROD1.ora lkORCL my.dbf orapworcl spfilePROD1.ora [oracle@localhost dbs]$ cd ../network/ [oracle@localhost network]$ ls admin doc install jlib lib log mesg tools trace [oracle@localhost network]$ ca admin/ -bash: ca: command not found [oracle@localhost network]$ ls admin doc install jlib lib log mesg tools trace [oracle@localhost network]$ cd admin/ [oracle@localhost admin]$ ls listener.ora samples shrept.lst sqlnet.ora tnsnames.ora [oracle@localhost admin]$ cat sqlnet.ora ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/))) [oracle@localhost admin]$ vi sqlnet.ora ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/))) SQLNET.AUTHENTICATION_SERVICES=none ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "sqlnet.ora" 4L, 152C written [oracle@localhost admin]$ cat sqlnet.ora ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=$ORACLE_BASE/admin/$ORACLE_SID/wallet/))) SQLNET.AUTHENTICATION_SERVICES=none [oracle@localhost admin]$ pwd /u01/app/oracle/product/11.2.0/db_1/network/admin [oracle@localhost admin]$
[oracle@localhost admin]$ rlwrap sqlplus / as sysdba; SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:01:36 2018 Copyright (c) 1982, 2011, Oracle. All rights reserved. ERROR: ORA-01031: insufficient privileges Enter user-name: ERROR: ORA-01017: invalid username/password; logon denied Enter user-name: ERROR: ORA-01017: invalid username/password; logon denied SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus [oracle@localhost admin]$ rlwrap sqlplus sys/oracle as sysdba; SQL*Plus: Release 11.2.0.3.0 Production on Sat Jun 23 16:02:40 2018 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SYS@orcl>
3)当remote_login_passwordfile是 EXCLUSIVE
4)当remote_login_passwordfile是 none 没有sqlnet.ora文件
5)当remote_login_passwordfile是 none
sqlnet.ora文件参数 SQLNET.AUTHENTICATION_SERVICES=none sqlplus sys/oracle as sysdba 不成功 sqlplus / as sysdba 不成功 sqlplus sys/oracle@togogo as sysdba 不成功
6)当remote_login_passwordfile是 none
五、创建口令文件
orapwd file=口令文件名称 password=用户密码
Creating a Password File with ORAPWD
The syntax of the
ORAPWD
command is as follows:ORAPWD FILE=filename [ENTRIES=numusers] [FORCE={Y|N}] [IGNORECASE={Y|N}]Command arguments are summarized in the following table.
Argument Description FILE
Name to assign to the password file. You must supply a complete path. If you supply only a file name, the file is written to the current directory. ENTRIES
(Optional) Maximum number of entries (user accounts) to permit in the file. FORCE
(Optional) If y
, permits overwriting an existing password file.IGNORECASE
(Optional) If y
, passwords are treated as case-insensitive.There are no spaces permitted around the equal-to (=) character.
The command prompts for the
SYS
password and stores the password in the created password file.The following command creates a password file named
orapworcl
that allows up to 30 privileged users with different passwords.orapwd FILE=orapworcl ENTRIES=30
Sharing and Disabling the Password File
You use the initialization parameter
REMOTE_LOGIN_PASSWORDFILE
to control whether a password file is shared among multiple Oracle Database instances. You can also use this parameter to disable password file authentication. The values recognized forREMOTE_LOGIN_PASSWORDFILE
are:
NONE
: Setting this parameter toNONE
causes Oracle Database to behave as if the password file does not exist. That is, no privileged connections are allowed over nonsecure connections.
EXCLUSIVE
: (The default) AnEXCLUSIVE
password file can be used with only one instance of one database. Only anEXCLUSIVE
file can be modified. Using anEXCLUSIVE
password file enables you to add, modify, and delete users. It also enables you to change theSYS
password with theALTER USER
command.
SHARED
: ASHARED
password file can be used by multiple databases running on the same server, or multiple instances of an Oracle Real Application Clusters (Oracle RAC) database. ASHARED
password file cannot be modified. Therefore, you cannot add users to aSHARED
password file. Any attempt to do so or to change the password ofSYS
or other users with theSYSDBA
orSYSOPER
privileges generates an error. All users needingSYSDBA
orSYSOPER
system privileges must be added to the password file whenREMOTE_LOGIN_PASSWORDFILE
is set toEXCLUSIVE
. After all users are added, you can changeREMOTE_LOGIN_PASSWORDFILE
toSHARED
, and then share the file.This option is useful if you are administering multiple databases or an Oracle RAC database.
If
REMOTE_LOGIN_PASSWORDFILE
is set toEXCLUSIVE
orSHARED
and the password file is missing, this is equivalent to settingREMOTE_LOGIN_PASSWORDFILE
toNONE
.Note:
You cannot change the password forSYS
ifREMOTE_LOGIN_PASSWORDFILE
is set toSHARED
. An error message is issued if you attempt to do so.Keeping Administrator Passwords Synchronized with the Data Dictionary
If you change the
REMOTE_LOGIN_PASSWORDFILE
initialization parameter fromNONE
toEXCLUSIVE
orSHARED
, or if you re-create the password file with a differentSYS
password, then you must ensure that the passwords in the data dictionary and password file for theSYS
user are the same.To synchronize the
SYS
passwords, use theALTER USER
statement to change theSYS
password. TheALTER USER
statement updates and synchronizes both the dictionary and password file passwords.To synchronize the passwords for non-
SYS
users who log in using theSYSDBA
orSYSOPER
privilege, you must revoke and then regrant the privilege to the user, as follows:
Find all users who have been granted the
SYSDBA
privilege.SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != \'SYS\' AND SYSDBA=\'TRUE\';Revoke and then re-grant the
SYSDBA
privilege to these users.REVOKE SYSDBA FROM non-SYS-user; GRANT SYSDBA TO non-SYS-user;Find all users who have been granted the
SYSOPER
privilege.SELECT USERNAME FROM V$PWFILE_USERS WHERE USERNAME != \'SYS\' AND SYSOPER=\'TRUE\';Revoke and regrant the
SYSOPER
privilege to these users.REVOKE SYSOPER FROM non-SYS-user; GRANT SYSOPER TO non-SYS-user;
Adding Users to a Password File
When you grant
SYSDBA
orSYSOPER
privileges to a user, that user\'s name and privilege information are added to the password file. If the server does not have anEXCLUSIVE
password file (that is, if the initialization parameterREMOTE_LOGIN_PASSWORDFILE
isNONE
orSHARED
, or the password file is missing), Oracle Database issues an error if you attempt to grant these privileges.A user\'s name remains in the password file only as long as that user has at least one of these two privileges. If you revoke both of these privileges, Oracle Database removes the user from the password file.
Creating a Password File and Adding New Users to It
Use the following procedure to create a password and add new users to it:
Follow the instructions for creating a password file as explained in "Creating a Password File with ORAPWD".
Set the
REMOTE_LOGIN_PASSWORDFILE
initialization parameter toEXCLUSIVE
. (This is the default.)Note:
REMOTE_LOGIN_PASSWORDFILE
is a static initialization parameter and therefore cannot be changed without restarting the database.Connect with
SYSDBA
privileges as shown in the following example, and enter theSYS
password when prompted:CONNECT SYS AS SYSDBAStart up the instance and create the database if necessary, or mount and open an existing database.
Create users as necessary. Grant
SYSDBA
orSYSOPER
privileges to yourself and other users as appropriate. See "Granting and Revoking SYSDBA and SYSOPER Privileges", later in this section.
——————————————————————————————————————————————————————————————————
以上是关于oracle 怎么创建口令密码文件的主要内容,如果未能解决你的问题,请参考以下文章