忘記VAULT的帳號管理密碼的解決方法(二)

yangtingkun發表於2009-01-03
密碼

在上一篇文章中描述了WINDOWS環境下,忘記了DVSYS管理帳號的解決方法,這一篇介紹UNIXLINUX環境中,如何解決這個問題。

忘記VAULT的帳號管理密碼的解決方法:http://yangtingkun.itpub.net/post/468/475564

 

 

Oracle中,忘記任何帳號的密碼都沒有關係。只要你能登陸作業系統中DBA組對應的使用者,就可以透過作業系統驗證,或者透過重建密碼檔案的方法以SYSDBA身份登陸資料庫,而一旦有了SYSDBA許可權,可以修改任何的密碼。

但是在Oracle Database Vault中,上面的方法不在適用。使用者仍然可以使用SYSDBA身份登陸,但是即使是SYS也不能隨意修改其他使用者的密碼。

SQL> CONN / AS SYSDBA
Connected.
SQL> SELECT * FROM V$VERSION;

BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Production
PL/SQL Release 11.1.0.7.0 - Production
CORE    11.1.0.7.0      Production
TNS for Linux: Version 11.1.0.7.0 - Production
NLSRTL Version 11.1.0.7.0 - Production

SQL> SELECT * FROM V$OPTION     
  2  WHERE PARAMETER = 'Oracle Database Vault';

PARAMETER                                VALUE
---------------------------------------- ------------------------------
Oracle Database Vault                    TRUE

SQL> SELECT USERNAME, ACCOUNT_STATUS FROM DBA_USERS
  2  WHERE USERNAME = 'DVSYS';

USERNAME                       ACCOUNT_STATUS
------------------------------ --------------------------------
DVSYS                          LOCKED

SQL> ALTER USER DVSYS ACCOUNT UNLOCK;
ALTER USER DVSYS ACCOUNT UNLOCK
*
ERROR at line 1:
ORA-01031: insufficient privileges

只有SYS的口令而沒有DVSYS的口令是不行的,現在不要說修改DVSYS的口令了,連更改DVSYS帳號被鎖定的狀態都沒有辦法。

對於這種情況,唯一的解決方法是先關閉VAULT選項:

SQL> SHUTDOWN IMMEDIATE
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> EXIT
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
oracle:/home/oracle> cd $ORACLE_HOME/rdbms/lib
oracle:/u01/oracle/product/11.1.0/db_1/rdbms/lib> make -f ins_rdbms.mk dv_off
/usr/bin/ar d /u01/oracle/product/11.1.0/db_1/rdbms/lib/libknlopt.a kzvidv.o
/usr/bin/ar cr /u01/oracle/product/11.1.0/db_1/rdbms/lib/libknlopt.a /u01/oracle/product/11.1.0/db_1/rdbms/lib/kzvndv.o
oracle:/u01/oracle/product/11.1.0/db_1/rdbms/lib> cd $ORACLE_HOME/bin
oracle:/u01/oracle/product/11.1.0/db_1/bin> relink oracle
chmod 755 /u01/oracle/product/11.1.0/db_1/bin

 - Linking Oracle
rm -f /u01/oracle/product/11.1.0/db_1/rdbms/lib/oracle
gcc  -o /u01/oracle/product/11.1.0/db_1/rdbms/lib/oracle -L/u01/oracle/product/11.1.0/db_1/rdbms/lib/ -L/u01/oracle/product/11.1.0/db_1/lib/ -L/u01/oracle/product/11.1.0/db_1/lib/stubs/ -L/u01/oracle/product/11.1.0/db_1/lib/ -lirc -lipgo    -Wl,-E /u01/oracle/product/11.1.0/db_1/rdbms/lib/opimai.o /u01/oracle/product/11.1.0/db_1/rdbms/lib/ssoraed.o /u01/oracle/product/11.1.0/db_1/rdbms/lib/ttcsoi.o  -Wl,--whole-archive -lperfsrv11 -Wl,--no-whole-archive /u01/oracle/product/11.1.0/db_1/lib/nautab.o /u01/oracle/product/11.1.0/db_1/lib/naeet.o /u01/oracle/product/11.1.0/db_1/lib/naect.o /u01/oracle/product/11.1.0/db_1/lib/naedhs.o /u01/oracle/product/11.1.0/db_1/rdbms/lib/config.o  -lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11  -lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /u01/oracle/product/11.1.0/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11  -lrt -lplp11 -lserver11 -lclient11  -lvsn11 -lcommon11 -lgeneric11 `if [ -f /u01/oracle/product/11.1.0/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /u01/oracle/product/11.1.0/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11  -lrt -lplp11 -ljavavm11 -lserver11  -lwwg  `cat /u01/oracle/product/11.1.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/oracle/product/11.1.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /u01/oracle/product/11.1.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/oracle/product/11.1.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11   -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /u01/oracle/product/11.1.0/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/u01/oracle/product/11.1.0/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11   -lhasgen11 -lcore11 -lskgxn2 -locr11 -locrb11 -locrutl11 -lhasgen11 -lcore11 -lskgxn2   -loraz -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11  -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -laio    `cat /u01/oracle/product/11.1.0/db_1/lib/sysliblist` -Wl,-rpath,/u01/oracle/product/11.1.0/db_1/lib -lm    `cat /u01/oracle/product/11.1.0/db_1/lib/sysliblist` -ldl -lm   -L/u01/oracle/product/11.1.0/db_1/lib
test ! -f /u01/oracle/product/11.1.0/db_1/bin/oracle ||\
   mv -f /u01/oracle/product/11.1.0/db_1/bin/oracle /u01/oracle/product/11.1.0/db_1/bin/oracleO
mv /u01/oracle/product/11.1.0/db_1/rdbms/lib/oracle /u01/oracle/product/11.1.0/db_1/bin/oracle
chmod 6751 /u01/oracle/product/11.1.0/db_1/bin/oracle

首先關閉資料庫,然後重新編譯並關閉VAULT選項,然後重新連線ORACLE,下面登陸sqlplus

oracle:/u01/oracle/product/11.1.0/db_1/bin> sqlplus "/ as sysdba"

SQL*Plus: Release 11.1.0.7.0 - Production on Sat Jan 3 15:26:15 2009

Copyright (c) 1982, 2008, Oracle.  All rights reserved.

Connected to an idle instance.

SQL> STARTUP
ORACLE instance started.

Total System Global Area  418484224 bytes
Fixed Size                  1313792 bytes
Variable Size             226493440 bytes
Database Buffers          184549376 bytes
Redo Buffers                6127616 bytes
Database mounted.
Database opened.
SQL> COL PARAMETER FORMAT A40
SQL> COL VALUE FORMAT A30
SQL> SELECT * FROM V$OPTION
  2  WHERE PARAMETER = 'Oracle Database Vault';

PARAMETER                                VALUE
---------------------------------------- ------------------------------
Oracle Database Vault                    FALSE

SQL> ALTER USER DVSYS ACCOUNT UNLOCK;

User altered.

SQL> ALTER USER DVSYS IDENTIFIED BY TEST;

User altered.

完成修改目的後,還要重複剛才類似的操作,重新啟用VAULT選項:

SQL> SHUTDOWN IMMEDIATE
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> EXIT
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options
oracle:/u01/oracle/product/11.1.0/db_1/bin> cd $ORACLE_HOME/rdbms/lib
oracle:/u01/oracle/product/11.1.0/db_1/rdbms/lib> make -f ins_rdbms.mk dv_on
/usr/bin/ar d /u01/oracle/product/11.1.0/db_1/rdbms/lib/libknlopt.a kzvndv.o
/usr/bin/ar cr /u01/oracle/product/11.1.0/db_1/rdbms/lib/libknlopt.a /u01/oracle/product/11.1.0/db_1/rdbms/lib/kzvidv.o
oracle:/u01/oracle/product/11.1.0/db_1/rdbms/lib> cd $ORACLE_HOME/bin
oracle:/u01/oracle/product/11.1.0/db_1/bin> relink oracle
chmod 755 /u01/oracle/product/11.1.0/db_1/bin

 - Linking Oracle
rm -f /u01/oracle/product/11.1.0/db_1/rdbms/lib/oracle
gcc  -o /u01/oracle/product/11.1.0/db_1/rdbms/lib/oracle -L/u01/oracle/product/11.1.0/db_1/rdbms/lib/ -L/u01/oracle/product/11.1.0/db_1/lib/ -L/u01/oracle/product/11.1.0/db_1/lib/stubs/ -L/u01/oracle/product/11.1.0/db_1/lib/ -lirc -lipgo    -Wl,-E /u01/oracle/product/11.1.0/db_1/rdbms/lib/opimai.o /u01/oracle/product/11.1.0/db_1/rdbms/lib/ssoraed.o /u01/oracle/product/11.1.0/db_1/rdbms/lib/ttcsoi.o  -Wl,--whole-archive -lperfsrv11 -Wl,--no-whole-archive /u01/oracle/product/11.1.0/db_1/lib/nautab.o /u01/oracle/product/11.1.0/db_1/lib/naeet.o /u01/oracle/product/11.1.0/db_1/lib/naect.o /u01/oracle/product/11.1.0/db_1/lib/naedhs.o /u01/oracle/product/11.1.0/db_1/rdbms/lib/config.o  -lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11  -lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /u01/oracle/product/11.1.0/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11  -lrt -lplp11 -lserver11 -lclient11  -lvsn11 -lcommon11 -lgeneric11 `if [ -f /u01/oracle/product/11.1.0/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /u01/oracle/product/11.1.0/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11  -lrt -lplp11 -ljavavm11 -lserver11  -lwwg  `cat /u01/oracle/product/11.1.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/oracle/product/11.1.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /u01/oracle/product/11.1.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /u01/oracle/product/11.1.0/db_1/lib/ldflags`    -lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11   -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /u01/oracle/product/11.1.0/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/u01/oracle/product/11.1.0/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11   -lhasgen11 -lcore11 -lskgxn2 -locr11 -locrb11 -locrutl11 -lhasgen11 -lcore11 -lskgxn2   -loraz -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11  -lsnls11 -lnls11  -lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -laio    `cat /u01/oracle/product/11.1.0/db_1/lib/sysliblist` -Wl,-rpath,/u01/oracle/product/11.1.0/db_1/lib -lm    `cat /u01/oracle/product/11.1.0/db_1/lib/sysliblist` -ldl -lm   -L/u01/oracle/product/11.1.0/db_1/lib
test ! -f /u01/oracle/product/11.1.0/db_1/bin/oracle ||\
   mv -f /u01/oracle/product/11.1.0/db_1/bin/oracle /u01/oracle/product/11.1.0/db_1/bin/oracleO
mv /u01/oracle/product/11.1.0/db_1/rdbms/lib/oracle /u01/oracle/product/11.1.0/db_1/bin/oracle
chmod 6751 /u01/oracle/product/11.1.0/db_1/bin/oracle

下面再次登陸SQLPLUS,檢查密碼修改情況:

oracle:/u01/oracle/product/11.1.0/db_1/bin> sqlplus "/ as sysdba"

SQL*Plus: Release 11.1.0.7.0 - Production on Sat Jan 3 15:42:38 2009

Copyright (c) 1982, 2008, Oracle.  All rights reserved.

Connected to an idle instance.

SQL> STARTUP
ORACLE instance started.

Total System Global Area  418484224 bytes
Fixed Size                  1313792 bytes
Variable Size             226493440 bytes
Database Buffers          184549376 bytes
Redo Buffers                6127616 bytes
Database mounted.
Database opened.
SQL> COL PARAMETER FORMAT A40
SQL> COL VALUE FORMAT A30
SQL> SELECT * FROM V$OPTION
  2  WHERE PARAMETER = 'Oracle Database Vault';

PARAMETER                                VALUE
---------------------------------------- ------------------------------
Oracle Database Vault                    TRUE

SQL> CONN DVSYS/TEST
Connected.

 

 

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/4227/viewspace-526439/,如需轉載,請註明出處,否則將追究法律責任。

相關文章