Wednesday, November 28, 2012

0 Oracle Password File

Long time ago, when os authentication is not that safe. Oracle have to create its own password file for its own security. The result of its is password file.
Password file is only used to authenticate for SYSDBA,SYSOPER and SYSASM. Not for the normal user.
password file location: $ORACLE_HOME/dbs/orapw$ORACLE_SID
image

orapwd is the utility to build the password file.

REMOTE_LOGIN_PASSWORDFILE

  • EXCLUSIVE : Can login remotely as SYSDBA/SYSOPER and grant those permission to others
  • SHARED : Can login remotely as SYSDBA/SYSOPER but can not grant those permission to others
  • NONE: Can NOT login remotely as SYSDBA/SYSOPER . Has to login locally to get the SYSDBA/SYSOPER  and user must be in the DBA GORUPs ( OSDBA or OSOPER )

image

User connect from remote

User must have the SYSDBA/SYSOPER permission and must have password in the password file. REMOTE_LOGIN_PASSWORD_FILE must be EXCLUSIVE or SHARED.

User connect from local

Check if user is the member of OSDBA or OSOPER. If user is OSDBA or OSOPER, no password require. If user is not the member of OSDBA/OSOPER, check the password file.

$ORACLE_HOME/rdbms/lib.config.cs

lib.config.cs is the file configure which local group allow to login locally as SYSDBA/SYSOPER. To change the group needs to recompile the file.

image

0 comments:

Post a Comment

 

SQL Panda Copyright © 2011 - |- Template created by O Pregador - |- Powered by Blogger Templates