sqlnet.ora的SQLNET.AUTHENTICATION_SERVICES

lovestanford發表於2014-02-12

之前 遇見過一個linux oracle的grid使用者登入失敗的例子,報出的是許可權不足,當時沒有過多的去注意這個事情。最近看了下官檔對於登入驗證服務的介紹檔案 sqlnet.ora,算是糾正了小魚的一點錯誤理解。

剛開始接觸oracle時還是主要在windows上接觸的,就windows上一般$ORACLE_HOME/network/admin/sqlnet.ora檔案中一般會這麼寫:

# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.

SQLNET.AUTHENTICATION_SERVICES = (NTS)

其中的SQLNET.AUTHENTICATION_SERVICES是表示登入oracle的驗證方式,而NTS則是 Windows NT native authentication,所以在linux下這麼設定登入oracle database會出現
[oracle@ora10g admin]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Wed Jun 19 18:45:32 2013

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

ERROR:
ORA-01031: insufficient privileges

Enter user-name:

那麼當設定sqlnet.ora中的SQLNET.AUTHENTICATION_SERVICES = (NTS)時在windows下可以用os認證登入,而在linux下面則不能使用os認證登入。
官檔上摘要的SQLNET.AUTHENTICATION_SERVICES描述:
SQLNET.AUTHENTICATION_SERVICES
Purpose
Use the parameter SQLNET.AUTHENTICATION_SERVICES to enable one or more authentication services. If authentication has been installed, it is recommended that this parameter be set to either none or to one of the authentication methods.
Default
None
Values
Authentication Methods Available with Oracle Net Services:
? none for no authentication methods. A valid username and password can be used to access the database.
? all for all authentication methods
? nts for Windows NT native authentication
Authentication Methods Available with Oracle Advanced Security:
? kerberos5 for Kerberos authentication
? radius for RADIUS authentication
? dcegssapi for DCE GSSAPI authentication
根據o的官檔介紹和測試,設定nts顯然在linux下是不合理的,此時只能用使用者名稱密碼登入到oracle server,而不能使用os驗證登入,可見NTS是windows的專屬。

設定all則在linux下面都是可以使用os驗證登入的。
[oracle@ora10g admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (ALL)

[oracle@ora10g admin]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Wed Jun 19 18:52:32 2013

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

然而SQLNET.AUTHENTICATION_SERVICES = (ALL)在windows下則會出現驗證失敗。
C:\Users\Administrator>sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on 星期三 6月 19 18:09:13 2013

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:
ORA-12641: 驗證服務無法初始化

[oracle@rac01 crsd]$ oerr ora 12641
12641, 00000, "Authentication service failed to initialize"
// *Cause: The authentication service failed during initialization.
// *Action: Enable tracing to determine the exact error.

那麼當設定sqlnet.ora中的SQLNET.AUTHENTICATION_SERVICES =(ALL)在linux環境下面是可以os驗證登入的,而在windows下則會出現ora-12641服務無法初始化。

當設定SQLNET.AUTHENTICATION_SERVICES =(NONE)時,windows和linux下都無法使用os 驗證登入。
Linux環境下:
[oracle@ora10g admin]$ vi sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES=(NONE)

[oracle@ora10g admin]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Jun 20 10:23:59 2013

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

ERROR:
ORA-01031: insufficient privileges

Enter user-name:

Windows環境下:
C:\Users\Administrator>sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 20 09:40:52 2013

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:
ORA-01031: 許可權不足

請輸入使用者名稱:

當不使用sqlnet.ora檔案時:
Windows環境下:
C:\Users\Administrator>sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 20 09:41:45 2013

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:
ORA-01031: 許可權不足

Linux環境下:
[oracle@ora10g admin]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Jun 20 10:29:05 2013

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

一般預設安裝下,linux上預設不存在sqlnet.ora檔案,而windows上則存在sqlnet.ora檔案,且SQLNET.AUTHENTICATION_SERVICES =(NTS),此時在windows和linux上都是允許os驗證登入的。

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/21754115/viewspace-1080387/,如需轉載,請註明出處,否則將追究法律責任。

相關文章