小議SQLNET.AUTHENTICATION_SERVICES

space6212發表於2019-07-22
SQL

一直以來,我記住的一個知識點就是:SQLNET.AUTHENTICATION_SERVICES=(NTS)是使用OS認證的必須條件之一。
今天一個偶然的機會,才知道這個結論是不完全準確的。


在本文的測試中,remote_login_passwordfile的值都為EXCLUSIVE,相關使用者所屬組也設定正確。

先看windows下的測試:
--設定為NTS,OS驗證成功
E:oracleora92in>cat .. etworkadminSQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (NTS)
E:oracleora92in>sqlplus "/as sysdba"

SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:34:56 2007

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.


連線到:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production

sys@ORACLE9I>

--下面把SQLNET.ORA的內容註釋掉,OS驗證成功
E:oracleora92in>cat .. etworkadminSQLNET.ORA
#SQLNET.AUTHENTICATION_SERVICES= (NTS)

再次登入:
E:oracleora92in>sqlplus "/as sysdba"

SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:36:09 2007

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

ERROR:
ORA-01031: insufficient privileges

--設定為 NONE,OS驗證失敗
E:oracleora92in>cat .. etworkadminSQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (NONE)
E:oracleora92in>sqlplus "/as sysdba"

SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:50:33 2007

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

ERROR:
ORA-01031: insufficient privileges

--設定為ALL,OS驗證成功
E:oracleora92in>cat .. etworkadminSQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (ALL)
E:oracleora92in>sqlplus "/as sysdba"

SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:51:21 2007

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.


連線到:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production

sys@ORACLE9I>

登入失敗,說明當前設定不允許作業系統認證。
這個例子也說明了:在windows下,SQLNET.AUTHENTICATION_SERVICES必須設定為NTS或者ALL才能使用OS認證。

接著再看看在linux下的情況:

--設定為NTS,OS驗證失敗
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NTS)
[oracle@primary admin]$ sqlplus "/as sysdba"

SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:08:53 2007

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

ERROR:
ORA-01031: insufficient privileges

--註釋掉,相當於什麼都不設定,OS驗證成功
[oracle@primary admin]$ cat sqlnet.ora
#SQLNET.AUTHENTICATION_SERVICES= (NTS)
[oracle@primary admin]$ sqlplus "/as sysdba"

SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:06:17 2007

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning and Data Mining options

SQL>

--設定為NONE,OS驗證失敗
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NONE)
[oracle@primary admin]$ sqlplus "/as sysdba"

SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:07:07 2007

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

ERROR:
ORA-01031: insufficient privileges

--隨便設定一個值,OS驗證失敗
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (aaa)
[oracle@primary admin]$ sqlplus "/as sysdba"

SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:14:45 2007

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

ERROR:
ORA-01031: insufficient privileges

--設定為ALL,OS驗證成功
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (ALL)
[oracle@primary admin]$ sqlplus "/as sysdba"

SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:07:54 2007

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning and Data Mining options

SQL>

從以上測試知道:在linux下,在SQLNET.AUTHENTICATION_SERVICES的值設定為ALL,或者不設定的情況下,OS驗證才能成功。

從測試可以看出,windows和linux下要實現OS驗證,SQLNET.AUTHENTICATION_SERVICES的設定要求是不一樣的,甚至是相反的,為什麼呢?

我們看看ORACLE對這個設定是怎麼解釋的:
SQLNET.AUTHENTICATION_SERVICES
Purpose

Use the parameter SQLNET.AUTHENTICATION_SERVICES to enable one or more authentication services. If authentication has been installed, it is recommended that this parameter be set to either none or to one of the authentication methods.
Default
None

Values
Authentication Methods Available with Oracle Net Services:

* none for no authentication methods. A valid username and password can be used to access the database.
* all for all authentication methods
* nts for Windows NT native authentication

Windows NT native authentication

An authentication method that enables a client single login access to a Windows NT server and a database running on the server.

從oracle的解釋可以知道,SQLNET.AUTHENTICATION_SERVICES=(NTS)是WINDOWS系統專用的,對linux/UNIX是不適用的。

最後做一個簡單的總結:
1、在windows下,SQLNET.AUTHENTICATION_SERVICES必須設定為NTS或者ALL才能使用OS認證;不設定或者設定為其他任何值都不能使用OS認證。
2、在linux下,在SQLNET.AUTHENTICATION_SERVICES的值設定為ALL,或者不設定的情況下,OS驗證才能成功;設定為其他任何值都不能使用OS認證。

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/231499/viewspace-63849/,如需轉載,請註明出處,否則將追究法律責任。

相關文章