- 相關(guān)推薦
oracle sysdba級(jí)用戶的認(rèn)證方式
經(jīng)過(guò)系統(tǒng)化的實(shí)訓(xùn),讓這部分人群能夠迅速掌握Oracle最新的核心技術(shù),并能勝任企業(yè)大型數(shù)據(jù)庫(kù)管理、維護(hù)、開(kāi)發(fā)工作。下面是小編整理的關(guān)于oracle sysdba級(jí)用戶的認(rèn)證方式,歡迎大家參考!
Oracle對(duì)于普通賬戶和超級(jí)管理員(指sysdba和sysoper)的認(rèn)證機(jī)制不一樣,前者是通過(guò)數(shù)據(jù)字典,后者主要是通過(guò)操作系統(tǒng)驗(yàn)證和密碼文件驗(yàn)證。因此一般提到操作系統(tǒng)認(rèn)證或密碼文件認(rèn)證,針對(duì)的都是超級(jí)管理員的認(rèn)證。
操作系統(tǒng)認(rèn)證
對(duì)于操作系統(tǒng)認(rèn)證,其實(shí)蠻簡(jiǎn)單的,只需要將該用戶添加到dba(針對(duì)sysdba權(quán)限)或oper(針對(duì)sysoper權(quán)限)組中,就可以使用 "sqlplus / as sysdba"方式登陸
在Linux環(huán)境下,可通過(guò)以下命令添加屬組:usermod -g dba test -->>test是用戶名
能否使用操作系統(tǒng)身份認(rèn)證,取決于$ORACLE_HOME/network/admin/sqlnet.ora中SQLNET.AUTHENTICATION_SERVICES的取值。
SQLNET.AUTHENTICATION_SERVICES = none | all | ntf(windows)
none : 表示關(guān)閉操作系統(tǒng)認(rèn)證,只能密碼認(rèn)證。
all : 操作系統(tǒng)認(rèn)證和密碼認(rèn)證均可。
nts : 用于windows平臺(tái)。
當(dāng) SQLNET.AUTHENTICATION_SERVICES = none時(shí),會(huì)報(bào)以下錯(cuò)誤:
[oracle@node1 admin]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Fri Jan 9 23:14:18 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
若用密碼登陸則沒(méi)有問(wèn)題
[oracle@node1 admin]$ sqlplus sys/oracle as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Fri Jan 9 23:17:31 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
SQL>
密碼文件認(rèn)證
這種方式在實(shí)際環(huán)境中較為普遍,利用的是orapwd工具創(chuàng)建密碼文件。
在密碼文件認(rèn)證中,有一個(gè)參數(shù)十分重要:remote_login_passwordfile,該參數(shù)有三個(gè)值,默認(rèn)為exclusive
none----不使用密碼文件認(rèn)證
exclusive---需要密碼文件認(rèn)證 自己獨(dú)占使用
shared ---需要密碼文件認(rèn)證 不同實(shí)例dba用戶可以共享密碼文件
密碼文件的默認(rèn)位置為:$ORACLE_HOME/dbs
密碼文件的查找順序:orapw
所以在創(chuàng)建密碼文件時(shí)filename只能為orapw
外部認(rèn)證(External Authentication)
若對(duì)用戶采用外部認(rèn)證,則只有用戶的賬號(hào)由Oracle管理,密碼和用戶登錄的認(rèn)證則通過(guò)外部服務(wù)來(lái)管理。外部認(rèn)證常見(jiàn)的有操作系統(tǒng)認(rèn)證和網(wǎng)絡(luò)認(rèn)證。
外部認(rèn)證之操作系統(tǒng)身份驗(yàn)證
此技術(shù)使用與操作系統(tǒng)用戶同樣的名稱創(chuàng)建Oracle用戶,但前面加上了os_authent_prefix參數(shù)指定的字符串,默認(rèn)為ops$,下面我們來(lái)看看官檔對(duì)該參數(shù)的說(shuō)明:
OS_AUTHENT_PREFIX specifies a prefix that Oracle uses to authenticate users attempting to connect to the server. Oracle concatenates the value of this parameter to the beginning of the user's operating system account name. When a connection request is attempted, Oracle compares the prefixed username with Oracle usernames in the database.
The default value of this parameter is OPS$ for backward compatibility with previous versions. However, you might prefer to set the prefix value to "" (a null string), thereby eliminating the addition of any prefix to operating system account names.
可見(jiàn),用ops$只是為了向前兼容。
下面,我們來(lái)實(shí)驗(yàn)一下。
一、創(chuàng)建操作系統(tǒng)用戶
[root@node1 ~]# useradd test
二、創(chuàng)建Oracle用戶并授予相應(yīng)的權(quán)限
SQL> create user ops$test identified externally;
SQL> grant create session to ops$test;
三、用test用戶登錄數(shù)據(jù)庫(kù)
[test@node1 ~]$ /u01/app/oracle/product/11.2.0.4/db_1/bin/sqlplus /
Error 6 initializing SQL*Plus
SP2-0667: Message file sp1
SP2-0750: You may need to set ORACLE_HOME to your Oracle software directory
報(bào)以上錯(cuò)誤,根據(jù)提示,我們?yōu)镺RACLE_HOME設(shè)置相應(yīng)的值
在/home/test/.bash_profile中添加如下值:
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=$ORACLE_BASE/product/11.2.0.4/db_1
重新用test用戶登錄數(shù)據(jù)庫(kù)
[test@node1 ~]$ /u01/app/oracle/product/11.2.0.4/db_1/bin/sqlplus /
SQL*Plus: Release 11.2.0.4.0 Production on Sat Jan 10 01:14:53 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-12162: TNS:net service name is incorrectly specified
Enter user-name:
又報(bào)TNS:net service name is incorrectly specified錯(cuò)誤。
懷疑沒(méi)有指定相應(yīng)的SID,在/home/test/.bash_profile中添加如下值:
export ORACLE_SID=orcl
重新用test用戶登錄
[test@node1 ~]$ /u01/app/oracle/product/11.2.0.4/db_1/bin/sqlplus /
SQL*Plus: Release 11.2.0.4.0 Production on Sat Jan 10 01:18:22 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
SQL> show user
USER is "OPS$TEST"
終于成功登錄!
這個(gè)是在本地環(huán)境下的操作系統(tǒng)認(rèn)證,即test與oracle數(shù)據(jù)庫(kù)在同一個(gè)主機(jī)上。
倘若不在同一個(gè)主機(jī)上,必須將remote_os_authent設(shè)置為T(mén)RUE。
外部認(rèn)證之網(wǎng)絡(luò)認(rèn)證
Network authentication is performed using Oracle Advanced Security, which can be configured to use a third-party service such as Kerberos. If you are using Oracle Advanced Security as your only external authentication service, then the REMOTE_OS_AUTHENT parameter setting is irrelevant, becauseOracle Advanced Security only allows secure connections.
關(guān)于外部認(rèn)證,我們來(lái)看看官方文檔的說(shuō)明
1> More choices of authentication mechanism are available, such as smart cards, fingerprints, Kerberos, or the operating system.
2> Many network authentication services, such as Kerberos support single sign-on, enabling users to have fewer passwords to remember.
3> If you are already using some external mechanism for authentication, such as one of those listed earlier, then there may be less administrative overhead to use that mechanism with the database as well.
Easy Connect
[oracle@node3 ~]$ sqlplus system/oracle@192.168.2.12:1521/sz.being.com
其中,192.168.2.12是數(shù)據(jù)庫(kù)所在主機(jī)的IP,1521是數(shù)據(jù)庫(kù)所在主機(jī)的監(jiān)聽(tīng)端口,sz.being.com是數(shù)據(jù)庫(kù)提供的服務(wù)名
【oracle sysdba級(jí)用戶的認(rèn)證方式】相關(guān)文章:
Oracle認(rèn)證:Oracle避免全表掃描方式10-04
oracle用戶認(rèn)證和密碼設(shè)置技巧07-21
Oracle認(rèn)證作用07-31
Oracle最新認(rèn)證07-13
Oracle認(rèn)證途徑09-11
Oracle認(rèn)證:ORACLE綁定變量BINDPEEKING08-25