DB administrator认证方式（REMOTE_LOGIN_PASSWORDFILE）

最新推荐文章于 2021-12-27 17:45:10 发布

原创最新推荐文章于 2021-12-27 17:45:10 发布 · 986 阅读

0 ·

CC 4.0 BY-SA版权

ORA-DBA 专栏收录该内容

22 篇文章

订阅专栏

Oracle数据库的REMOTE_LOGIN_PASSWORDFILE参数影响着管理员的认证方式。NONE模式下仅支持OS认证本地登录；EXCLUSIVE模式允许OS认证及密码文件中的用户登录，并可修改密码文件；SHARED模式为只读，适用于多数据库或RAC环境。启用OS认证需创建OS账户并加入OSDBA或OSOPER组，创建数据库用户时用户ID需与OS一致，同时设置REMOTE_OS_AUTHENT为TRUE和OS_AUTHENT_PREFIX为空。

先OS 认证＋远程密码认证　
1.REMOTE_LOGIN_PASSWORDFILE =None (没密码文件，只能OS 认证本地登录)
NONE: Setting this parameter to NONE causes Oracle Database to behave as if the password file does not exist. That is, no privileged connections are allowed over nonsecure connections. Therefore, privileged users must be authenticated by the operating system.

2.REMOTE_LOGIN_PASSWORDFILE =EXCLUSIVE(有密码文件，能OS 认证本地登录，在密码文件中的用户也能登录, default)
EXCLUSIVE: (The default) An EXCLUSIVE password file can be used with only one instance of one database. Only an EXCLUSIVE file can be modified. Using an EXCLUSIVE password file enables you to add, modify, and delete users. It also enables you to change the SYS password with the ALTER USER command.

3.REMOTE_LOGIN_PASSWORDFILE =SHARED (只读模式的exclusive)

A SHARED password file can be used by multiple databases running on the same server, or multiple instances of a RAC database. A SHARED password file cannot be modified. This means that you cannot add users to a SHARED password file. Any attempt to do so or to change the password of SYS or other users with the SYSDBA or SYSOPER privileges generates an error. All users needing SYSDBA or SYSOPER system privileges must be added to the password file when REMOTE_LOGIN_PASSWORDFILE is set to EXCLUSIVE. After all users are added, you can change REMOTE_LOGIN_PASSWORDFILE to SHARED, and then share the file. This option is useful if you are administering multiple databases or a RAC database.

PS.
1.If you want to use OS Authentication, you must enable operating system authentication of an administrative user:
Create an operating system account for the user.
Add the account to the OSDBA or OSOPER operating system defined groups.
The at the command line you can access the database as "CONNECT / AS SYSDBA"
2.If you want to create users in the database, that's a different story. The user id must be the same on the OS layer as it will be in the database. Then you connect to the database with the SYSDBA system privilege. but you must set REMOTE_OS_AUTHENT initialization parameter to TRUE and set OS_AUTHENT_PREFIX to "".