小議SQLNET.AUTHENTICATION_SERVICES
一直以來,我記住的一個知識點就是:SQLNET.AUTHENTICATION_SERVICES=(NTS)是使用OS認證的必須條件之一。
今天一個偶然的機會,才知道這個結論是不完全準確的。
在本文的測試中,remote_login_passwordfile的值都為EXCLUSIVE,相關使用者所屬組也設定正確。
先看windows下的測試:
--設定為NTS,OS驗證成功
E:oracleora92in>cat .. etworkadminSQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (NTS)
E:oracleora92in>sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:34:56 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
連線到:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production
sys@ORACLE9I>
--下面把SQLNET.ORA的內容註釋掉,OS驗證成功
E:oracleora92in>cat .. etworkadminSQLNET.ORA
#SQLNET.AUTHENTICATION_SERVICES= (NTS)
再次登入:
E:oracleora92in>sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:36:09 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
--設定為 NONE,OS驗證失敗
E:oracleora92in>cat .. etworkadminSQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (NONE)
E:oracleora92in>sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:50:33 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
--設定為ALL,OS驗證成功
E:oracleora92in>cat .. etworkadminSQLNET.ORA
SQLNET.AUTHENTICATION_SERVICES= (ALL)
E:oracleora92in>sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.1.0 - Production on 星期三 8月 15 22:51:21 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
連線到:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production
sys@ORACLE9I>
登入失敗,說明當前設定不允許作業系統認證。
這個例子也說明了:在windows下,SQLNET.AUTHENTICATION_SERVICES必須設定為NTS或者ALL才能使用OS認證。
接著再看看在linux下的情況:
--設定為NTS,OS驗證失敗
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NTS)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:08:53 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
--註釋掉,相當於什麼都不設定,OS驗證成功
[oracle@primary admin]$ cat sqlnet.ora
#SQLNET.AUTHENTICATION_SERVICES= (NTS)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:06:17 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning and Data Mining options
SQL>
--設定為NONE,OS驗證失敗
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (NONE)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:07:07 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
--隨便設定一個值,OS驗證失敗
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (aaa)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:14:45 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
--設定為ALL,OS驗證成功
[oracle@primary admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (ALL)
[oracle@primary admin]$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.3.0 - Production on Wed Aug 15 23:07:54 2007
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning and Data Mining options
SQL>
從以上測試知道:在linux下,在SQLNET.AUTHENTICATION_SERVICES的值設定為ALL,或者不設定的情況下,OS驗證才能成功。
從測試可以看出,windows和linux下要實現OS驗證,SQLNET.AUTHENTICATION_SERVICES的設定要求是不一樣的,甚至是相反的,為什麼呢?
我們看看ORACLE對這個設定是怎麼解釋的:
SQLNET.AUTHENTICATION_SERVICES
Purpose
Use the parameter SQLNET.AUTHENTICATION_SERVICES to enable one or more authentication services. If authentication has been installed, it is recommended that this parameter be set to either none or to one of the authentication methods.
Default
None
Values
Authentication Methods Available with Oracle Net Services:
* none for no authentication methods. A valid username and password can be used to access the database.
* all for all authentication methods
* nts for Windows NT native authentication
Windows NT native authentication
An authentication method that enables a client single login access to a Windows NT server and a database running on the server.
從oracle的解釋可以知道,SQLNET.AUTHENTICATION_SERVICES=(NTS)是WINDOWS系統專用的,對linux/UNIX是不適用的。
最後做一個簡單的總結:
1、在windows下,SQLNET.AUTHENTICATION_SERVICES必須設定為NTS或者ALL才能使用OS認證;不設定或者設定為其他任何值都不能使用OS認證。
2、在linux下,在SQLNET.AUTHENTICATION_SERVICES的值設定為ALL,或者不設定的情況下,OS驗證才能成功;設定為其他任何值都不能使用OS認證。
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/231499/viewspace-63849/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- SQLNET.AUTHENTICATION_SERVICESSQL
- SQLNET.AUTHENTICATION_SERVICES說明SQL
- 身份驗證SQLNET.AUTHENTICATION_SERVICES=(NTS)SQL
- 小議解析parse
- oracle nomount小議Oracle
- 0912設定SQLNET.AUTHENTICATION_SERVICESSQL
- sqlnet.ora的SQLNET.AUTHENTICATION_SERVICESSQL
- TCP協議小結TCP協議
- sqlnet.ora SQLNET.AUTHENTICATION_SERVICES 引數SQL
- 小知識二、Then協議協議
- 資料庫安全小議資料庫
- 小議“資料開放”
- 小議星型轉換
- 小議軟體測試
- SQLNET.AUTHENTICATION_SERVICES和作業系統認證SQL作業系統
- 小議JS原型鏈、繼承JS原型繼承
- 小議如果構造陣列陣列
- DBMS_SESSION包小議(八)Session
- DBMS_SESSION包小議(七)Session
- DBMS_SESSION包小議(六)Session
- DBMS_SESSION包小議(五)Session
- DBMS_SESSION包小議(四)Session
- DBMS_SESSION包小議(三)Session
- DBMS_SESSION包小議(二)Session
- DBMS_SESSION包小議(一)Session
- 小議 Common Lisp 的名字Lisp
- 小議軟體測試分析
- 小議軟體測試(轉)
- 小議Linux安全防護(二)Linux
- 小議Linux安全防護(一)Linux
- 小議測試驅動開發
- oracle 效能優化建議小結Oracle優化
- 小議服務程式與會話(一)會話
- 小議服務程式與會話(二)會話
- 小議服務程式與會話(三)會話
- 小議學習Java的浮躁心態Java
- 微信小程式--關於加快小程式開發的幾個小建議微信小程式
- Flutter小知識--外掛開發建議Flutter