為什么80%的碼農都做不了架構師？>>> ??

--==============================

-- Oracle 密碼文件

--==============================

/*

一、密碼文件

??? 作用：主要進行DBA權限的身份認證

??? DBA用戶：具有sysdba，sysoper權限的用戶被稱為dba用戶。默認情況下sysdba角色中存在sys用戶，sysoper角色中存在system用戶

???

二、Oracle的兩種認證方式；

??? 1.使用與操作系統集成的身份驗證

??? 2.使用Oracle數據庫的密碼文件進行身份認證

?

三、密碼文件的位置

??? Linux下的存放位置：$ORACLE_HOME/dbs/orapw$ORACLE_SID

????????????????? 即：ORACLE_HOME/dbs/orapw<sid>

??? Windows下的存放位置:$ORACLE_HOME/database/PW%ORACLE_SID%.ora

?

??? 密碼文件查找的順序

??? --->orapw<sid>--->orapw--->Failure

?

??? 兩種認證方式：類型與SQL server中的windows認證和SQL server認證

??? 決定在兩個參數中

??? 1.remote_login_passwordfile = none | exclusive |shared? 位于$ORACLE_HOME/dbs/spfile$ORACLE_SID.ora參數文件中

??? ?? none : 不使用密碼文件認證

??? ?? exclusive :要密碼文件認證，自己獨占使用(默認值)

??? ?? shared ：要密碼文件認證，不同實例dba用戶可以共享密碼文件

??? ??

??? 2. $ORACLE_HOME/network/admin/sqlnet.ora?

??? ?? SQLNET.AUTHENTICATION_SERVICES = none | all | ntf(windows)

??? ?? none : 表示關閉操作系統認證，只能密碼認證

??? ?? all : 用于linux或unix平臺，關閉本機密碼文件認證，采用操作系統認證，但遠程<異機>可以使用密碼文件認證

??? ?? nts : 用于windows平臺

??? ??

??? 不同的組合

??? ? 1?????????? 2

??? none????????? none????? sys用戶無論是本機還是遠程均不可用

??

??? 判斷當前使用的是操作系統認證還是密碼認證

???

四、演示：

??? 1.在sqlnet.ora 中追加SQLNET.AUTHENTICATION_SERVICES = none? */

??? [oracle@robinson ~]$ sqlplus / as sysdba /*登陸失敗*/

?

??? SQL*Plus: Release 10.2.0.1.0 - Production on Fri Apr 9 10:41:28 2010

?

??? Copyright (c) 1982, 2005, Oracle.? All rights reserved.

?

??? ERROR:

??? ORA-01031: insufficient privileges

??? Enter user-name:

??? --------------------------------------------------------------------------------

??? [oracle@robinson ~]$ sqlplus sys/redhat as sysdba /*使用密碼文件認證，登陸成功*/

?

??? SQL*Plus: Release 10.2.0.1.0 - Production on Fri Apr 9 10:42:35 2010

?

??? Copyright (c) 1982, 2005, Oracle.? All rights reserved.

?

?

??? Connected to:

??? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

??? With the Partitioning, OLAP and Data Mining options

?

??? SQL>

??? --=================================================================================

???

??? 2.將SQLNET.AUTHENTICATION_SERVICES的值改為all

?

??? [oracle@robinson admin]$ sqlplus / as sysdba /*采用本機認證可以登陸*/

?

??? SQL*Plus: Release 10.2.0.1.0 - Production on Fri Apr 9 10:46:55 2010

?

??? Copyright (c) 1982, 2005, Oracle.? All rights reserved.

?

?

??? Connected to:

??? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

??? With the Partitioning, OLAP and Data Mining options

?

??? SQL>

??? --------------------------------------------------------------------------------------

??? [oracle@robinson admin]$ sqlplus sys/redhat@orcl as sysdba /*使用密碼文件登陸認證失敗*/

?

??? SQL*Plus: Release 10.2.0.1.0 - Production on Fri Apr 9 10:48:35 2010

?

??? Copyright (c) 1982, 2005, Oracle.? All rights reserved.

?

??? ERROR:

??? ORA-12641: Authentication service failed to initialize

?

??? Enter user-name:

?

??? --注：此時可以使用遠程登陸。?

?

??? --使用#符號將新增的SQLNET.AUTHENTICATION_SERVICES行注釋掉恢復到缺省值

?

??? /*

五、密碼文件的建立：orapwd? */

??? [oracle@robinson ~]$ orapwd

??? Usage: orapwd file=<fname> password=<password> entries=<users> force=<y/n>

?

??? ? where

?????? file - name of password file (mand),? /*密碼文件的名字orapw<sid>*/

?????? password - password for SYS (mand),?? /*sys用戶的密碼*/

?????? entries - maximum number of distinct DBA and? /*可以有多少個sysdba,sysoper權限用戶放到密碼文件中去，去掉重復記錄*/

????????????????????????????????????????????? ? /*注意entries中存放的個數但不是實際個數，這個是二進制數據*/??

?????? force - whether to overwrite existing file (opt), /*10g新增的參數，默認值為n ,y表示允許覆蓋*/

??? OPERs (opt),

??? ? There are no spaces around the equal-to (=) character.

??? ?

??? --修改密碼：

??? [oracle@robinson ~]$ cd $ORACLE_HOME/dbs

??? [oracle@robinson dbs]$ ll orapworcl

??? -rw-r----- 1 oracle oinstall 1536 Apr? 7 15:50 orapworcl

??? [oracle@robinson dbs]$ orapwd file=orapworcl password=oracle force=y

??? [oracle@robinson dbs]$ sqlplus sys/oracle@orcl as sysdba

?

??? SQL*Plus: Release 10.2.0.1.0 - Production on Fri Apr 9 11:34:09 2010

?

??? Copyright (c) 1982, 2005, Oracle.? All rights reserved.

?

?

??? Connected to:

??? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

??? With the Partitioning, OLAP and Data Mining options

?

??? SQL>??

??? --將密碼改回原來的密碼

??? [oracle@robinson dbs]$ orapwd file=orapworcl password=redhat

?

??? OPW-00005: File with same name exists - please delete or rename

??? [oracle@robinson dbs]$ orapwd file=orapworcl password=redhat force=y

??? [oracle@robinson dbs]$ rm orapworcl? /*刪除密碼文件*/

??? [oracle@robinson dbs]$ orapwd file=orapworcl password=redhat /*重建密碼文件*/

?

??? --演示將entries 改為，然后將多個用戶設置為sysdba或sysoper

??? [oracle@robinson dbs]$ orapwd file=orapworcl password=redhat entries=1

??? [oracle@robinson dbs]$ strings orapworcl

??? ]/[Z

??? ORACLE Remote Password file

??? INTERNAL

??? F7AC0C5E9C3C37AB

??? E100B964899CDDDF

?

??? --創建PL/SQL 增加個新用戶

??? SQL> begin

??? ? 2? for i in 1..20 loop

??? ? 3? execute immediate 'create user u'||i||' identified by u'||i||'';

??? ? 4? end loop;

??? ? 5? end;

??? ? 6? /

??? --將新用戶賦予sysdba角色

??? PL/SQL procedure successfully completed.

?

??? SQL> begin

??? ? 2? for i in 1..20 loop

??? ? 3? execute immediate 'grant sysdba to u'||i||'';

??? ? 4? end loop;

??? ? 5? end;

??? ? 6? /

??? begin? /*得到和密碼文件相關的錯誤提示*/

??? *

??? ERROR at line 1:

??? ORA-01996: GRANT failed: password file '' is full

??? ORA-06512: at line 3

?

??? --再次查看orapworcl發現多出了行，即當設置為的時候多出了個用戶。原因是該密碼文件是二進制文件，按矩陣計算可存放多少

??? [oracle@robinson dbs]$ strings orapworcl

??? ]/[Z

??? ORACLE Remote Password file

??? INTERNAL

??? F7AC0C5E9C3C37AB

??? E100B964899CDDDF

??? 3E81B724A296E296

??? 668509DF9DD36B43

??? 9CE6AF1E3F609FFC

??? 7E19965085C9ED47

?

?

??? --注意不要輕易刪掉密碼文件，這樣會將其他賬戶的信息也刪除

?

??? /*

六、導致密碼文件內容修改的幾種方式：

??? 1.使用orapwd建立，修改密碼文件，不建議使用

??? 2.使用alter user sys identified by <>

??? 3.使用grant sysdba to <> 或grant sysoper to <> 或revoke sysdba |sysoper from <>

?

七、查看密碼文件內容 */

?

??? [oracle@robinson dbs]$ strings orapworcl

??? ]/[Z

??? ORACLE Remote Password file

??? INTERNAL

??? F7AC0C5E9C3C37AB

??? E100B964899CDDDF

?

??? --當sys密碼不記得可以使用OS系統身份認證登陸到sqlplus,再使用alter user修改密碼

??? SQL> alter user sys identified by oracle;

?

??? User altered

??? --再次查看密碼文件與上一次對比，已經發生變化

??? SQL> ho strings orapworcl

??? ]/[Z

??? ORACLE Remote Password file

??? INTERNAL

??? AB27B53EDC5FEF41

??? 8A8F025737A9097A

?

?

??? --通過授予權限來修改密碼，密碼文件中多出了scott的信息

??? SQL> grant sysdba to scott;

?

??? Grant succeeded.

?

??? SQL> ho strings orapworcl

??? ]/[Z

??? ORACLE Remote Password file

??? INTERNAL

??? AB27B53EDC5FEF41

??? 8A8F025737A9097A

??? SCOTT

??? F894844C34402B67

?

?

??? --注意此處中登陸后，顯示的賬戶信息還是sys,而不是scott,但此時的scott已經具備了sys權限

??? [oracle@robinson dbs]$ sqlplus scott/tiger@orcl as sysdba

?

??? SQL*Plus: Release 10.2.0.1.0 - Production on Fri Apr 9 11:56:09 2010

?

??? Copyright (c) 1982, 2005, Oracle.? All rights reserved.

?

?

??? Connected to:

??? Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

??? With the Partitioning, OLAP and Data Mining options

?

??? SQL> show user

??? USER is "SYS"

?

??? /*

八、sysdba 與sysoper的區別*/

??? SQL> select * from system_privilege_map where name like '%SYS%';

?

??? ?PRIVILEGE NAME?????????????????????????????????????? PROPERTY

??? ---------- ---------------------------------------- ----------

?????????? -3 ALTER SYSTEM?????????????????????????????????????

?????????? -4 AUDIT SYSTEM?????????????????????????????????????

?????? ?? -83 SYSDBA???????????????????????????????????????????

?????? ?? -84 SYSOPER??????????????????????????????????????????

?????? ??

??? --下面的鏈接是兩者不同的權限說明? ??

??? http://download.oracle.com/docs/cd/B19306_01/server.102/b14231/dba.htm#sthref137

??? The manner in which you are authorized to use these privileges depends upon the method of authentication that you use.

?

??? When you connect with SYSDBA or SYSOPER privileges, you connect with a default schema,

??? not with the schema that is generally associated with your username.

??? For SYSDBA this schema is SYS; for SYSOPER the schema is PUBLIC.

??? --兩者的schema不同

??? SQL> show user

??? USER is "SYS"

??? SQL> conn / as sysoper

??? Connected.

??? SQL> show user

??? USER is "PUBLIC"

?

??? --查看密碼文件視圖，可以得到哪些用戶為sysdba,哪些用戶為sysoper

??? SQL> select * from v$pwfile_users;

?

??? USERNAME?????????????????????? SYSDB SYSOP

??? ------------------------------ ----- -----

??? SYS??????????????????????????? TRUE? TRUE

??? SCOTT????????????????????????? TRUE? FALSE

??? USER1????????????????????????? FALSE TRUE

??? --下面演示了使用不同的角色來登陸

??? SQL> conn scott/tiger@orcl as sysdba

??? Connected.

??? SQL> conn scott/tiger@orcl as sysoper? /*scott的sysop列為false*/

??? ERROR:

??? ORA-01031: insufficient privileges

?

?

??? Warning: You are no longer connected to ORACLE.

??? SQL> conn user1/user1@orcl as sysdba

??? ERROR:

??? ORA-01031: insufficient privileges

?

?

??? SQL> conn user1/user1 as sysoper

??? Connected.

??? /*

九、更多 */

Oracle 數據庫實例啟動關閉過程

?

Oracle 10g SGA 的自動化管理

?

使用OEM,SQL*Plus,iSQL*Plus 管理Oracle實例

?

Oracle實例和Oracle數據庫(Oracle體系結構)

?

SQL 基礎-->常用函數

?

SQL基礎-->過濾和排序

?

SQL 基礎-->SELECT 查詢

?

?

原文鏈接： http://blog.csdn.net/robinson_0612/article/details/5611672

轉載于:https://my.oschina.net/dtec/blog/47379

總結

以上是生活随笔為你收集整理的Oracle 密码文件的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。