sqlnet.ora的SQLNET.AUTHENTICATION_SERVICES
之前 遇見過一個linux oracle的grid使用者登入失敗的例子,報出的是許可權不足,當時沒有過多的去注意這個事情。最近看了下官檔對於登入驗證服務的介紹檔案 sqlnet.ora,算是糾正了小魚的一點錯誤理解。
剛開始接觸oracle時還是主要在windows上接觸的,就windows上一般$ORACLE_HOME/network/admin/sqlnet.ora檔案中一般會這麼寫:
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
SQLNET.AUTHENTICATION_SERVICES = (NTS)
其中的SQLNET.AUTHENTICATION_SERVICES是表示登入oracle的驗證方式,而NTS則是 Windows NT native authentication,所以在linux下這麼設定登入oracle database會出現
[oracle@ora10g admin]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Wed Jun 19 18:45:32 2013
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
那麼當設定sqlnet.ora中的SQLNET.AUTHENTICATION_SERVICES = (NTS)時在windows下可以用os認證登入,而在linux下面則不能使用os認證登入。
官檔上摘要的SQLNET.AUTHENTICATION_SERVICES描述:
SQLNET.AUTHENTICATION_SERVICES
Purpose
Use the parameter SQLNET.AUTHENTICATION_SERVICES to enable one or more
authentication services. If authentication has been installed, it is
recommended that this parameter be set to either none or to one of the
authentication methods.
Default
None
Values
Authentication Methods Available with Oracle Net Services:
? none for no authentication methods. A valid username and password can be used to access the database.
? all for all authentication methods
? nts for Windows NT native authentication
Authentication Methods Available with Oracle Advanced Security:
? kerberos5 for Kerberos authentication
? radius for RADIUS authentication
? dcegssapi for DCE GSSAPI authentication
根據o的官檔介紹和測試,設定nts顯然在linux下是不合理的,此時只能用使用者名稱密碼登入到oracle server,而不能使用os驗證登入,可見NTS是windows的專屬。
設定all則在linux下面都是可以使用os驗證登入的。
[oracle@ora10g admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (ALL)
[oracle@ora10g admin]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Wed Jun 19 18:52:32 2013
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
然而SQLNET.AUTHENTICATION_SERVICES = (ALL)在windows下則會出現驗證失敗。
C:\Users\Administrator>sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on 星期三 6月 19 18:09:13 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12641: 驗證服務無法初始化
[oracle@rac01 crsd]$ oerr ora 12641
12641, 00000, "Authentication service failed to initialize"
// *Cause: The authentication service failed during initialization.
// *Action: Enable tracing to determine the exact error.
那麼當設定sqlnet.ora中的SQLNET.AUTHENTICATION_SERVICES =(ALL)在linux環境下面是可以os驗證登入的,而在windows下則會出現ora-12641服務無法初始化。
當設定SQLNET.AUTHENTICATION_SERVICES =(NONE)時,windows和linux下都無法使用os 驗證登入。
Linux環境下:
[oracle@ora10g admin]$ vi sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES=(NONE)
[oracle@ora10g admin]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Thu Jun 20 10:23:59 2013
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name:
Windows環境下:
C:\Users\Administrator>sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 20 09:40:52 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: 許可權不足
請輸入使用者名稱:
當不使用sqlnet.ora檔案時:
Windows環境下:
C:\Users\Administrator>sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 20 09:41:45 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: 許可權不足
Linux環境下:
[oracle@ora10g admin]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Thu Jun 20 10:29:05 2013
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
一般預設安裝下,linux上預設不存在sqlnet.ora檔案,而windows上則存在sqlnet.ora檔案,且SQLNET.AUTHENTICATION_SERVICES =(NTS),此時在windows和linux上都是允許os驗證登入的。來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/21754115/viewspace-1080387/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- sqlnet.ora SQLNET.AUTHENTICATION_SERVICES 引數SQL
- 測試oracle92下sqlnet.ora檔案中SQLNET.AUTHENTICATION_SERVICES的作用OracleSQL
- SQLNET.AUTHENTICATION_SERVICESSQL
- 小議SQLNET.AUTHENTICATION_SERVICESSQL
- SQLNET.AUTHENTICATION_SERVICES說明SQL
- sqlnet.oraSQL
- 身份驗證SQLNET.AUTHENTICATION_SERVICES=(NTS)SQL
- SQLNET.ORA 的常見用法SQL
- sqlnet.ora作用SQL
- 0912設定SQLNET.AUTHENTICATION_SERVICESSQL
- 監聽中sqlnet.ora的作用SQL
- sqlnet.ora parameter (1)SQL
- sqlnet.ora parameter (2)SQL
- SQLNET.AUTHENTICATION_SERVICES和作業系統認證SQL作業系統
- Oracle OCP(45):sqlnet.oraOracleSQL
- SQLNET.ORA中的NAMES.DIRECTORY_PATH設定SQL
- sqlnet.ora tnsname.ora listener.ora 的作用SQL
- 【oracle】sqlnet.ora 訪問控制策略OracleSQL
- 完整的listener.ora,tnsname.ora和sqlnet.oraSQL
- sqlnet.ora 驗證oracle 登陸方式SQLOracle
- 初識oracle 11g sqlnet.oraOracleSQL
- 【原創】sqlnet.ora常用引數研究SQL
- sqlnet.ora常用引數研究(轉帖)SQL
- 【oracle 】tnsnames.ora VS sqlnet.ora 作用OracleSQL
- wallet , auto login , encrypt data, sqlnet.oraSQL
- sqlnet.ora檔案引起的TNS-00583對dataguard的影響SQL
- 11g下sqlnet.ora及EZCONNECTSQL
- sqlnet.ora 新增:expire_time=10 意義SQL
- Oracle sqlnet.ora相關認證問題OracleSQL
- Oracle Net的Trace追蹤(包括listener.ora和sqlnet.ora的配置)OracleSQL
- 使用sqlnet.ora檔案,限定特定IP地址登入的實驗。SQL
- 使用SQLNET.ora檔案限制Ip地址訪問SQL
- Oracle配置sqlnet.ora限制ip訪問[Oracle基礎]OracleSQL
- 通過SQLNET.ora檔案限制Ip地址訪問SQL
- 透過SQLNET.ora檔案限制Ip地址訪問SQL
- 使用sqlnet.ora禁止特定IP訪問資料庫SQL資料庫
- ORACLE 10G使用SQLNET.ORA限制IP登陸Oracle 10gSQL
- oracle資料庫中listener.ora sqlnet.ora tnsnames.ora的區別Oracle資料庫SQL