许多人都知道,在数据库没有正式启动前,数据库的内建用户是无法通过数据库来验证身份的,但口令文件中存放sysdba/sysoper用户的用户名及口令却允许用户通过口令文件验来证,它可以在数据库未启动之前登陆,然后再启动数据库。
(假如没有口令文件,在数据库未启动之前就只能通过操作系统认证)
在我们使用Rman时,许多情况下需要在nomount,mount等状态下对数据库进行处理,因此这就要求sysdba权限如果属于本地DBA组,才可以通过操作系统认证登陆。
(假如是远程sysdba登陆,需要通过passwordfile认证)
1.remote_login_passwordfile = NONE
在此处我们需要停用口令文件验证,因为Oracle不允许远程SYSDBA/SYSOPER身份登录。
local:
[oracle@jumper oracle]$ sqlplus "/ as sysdba"
SQL*Plus: Release 9.2.0.3.0 - Production on Thu Apr 15 09:58:45 2004
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.3.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.3.0 - Production
SQL> alter user sys identified by oracle;
User altered.
SQL> show parameter pass
NAME TYPE VALUE
--------------------- ----------- ------------------------------
remote_login_passwordfile string NONE
remote:
E:\Oracle\ora92\bin>sqlplus /nologSQL*Plus: Release 9.2.0.4.0 -
Production on 星期四 4月 15 09:39:22 2004Copyright (c) 1982, 2002, Oracle
Corporation. All rights reserved.SQL> connect sys/oracle@hsjf as
sysdbaERROR:ORA-01017: invalid username/password; logon denied
大家可以发现,此处是无法通过口令文件验证的。
2.remote_login_passwordfile = exclusive
SQL> alter system set remote_login_passwordfile=exclusive scope=spfile;
System altered.
SQL> startup force;
ORACLE instance started.
Total System Global Area 131142648 bytes
Fixed Size 451576 bytes
Variable Size 104857600 bytes
Database Buffers 25165824 bytes
Redo Buffers 667648 bytes
Database mounted.
Database opened.
SQL> show parameter pass
NAME TYPE VALUE
------------------------------ ----------- --------------
remote_login_passwordfile string EXCLUSIVE
SQL> alter user sys identified by oracle;
User altered.
remote:
E:\Oracle\ora92\bin>sqlplus /nologSQL*Plus: Release 9.2.0.4.0 -
Production on 星期四 4月 15 09:47:11 2004Copyright (c) 1982, 2002, Oracle
Corporation. All rights reserved.SQL> connect sys/oracle@hsjf as
sysdba已连接。SQL> show userUSER 为"SYS"SQL>
此处等同于通过口令文件验证登录。
