Oracle中password file的作用及說明

在資料庫沒有啟動之前，資料庫內建使用者是無法透過資料庫來驗證身份的

口令檔案中存放sysdba/sysoper使用者的使用者名稱及口令
允許使用者透過口令檔案驗證，在資料庫未啟動之前登陸
從而啟動資料庫

如果沒有口令檔案，在資料庫未啟動之前就只能透過作業系統認證.

使用Rman，很多時候需要在nomount,mount等狀態對資料庫進行處理
所以通常要求sysdba許可權如果屬於本地DBA組，可以透過作業系統認證登陸
如果是遠端sysdba登陸，需要透過passwordfile認證.

1.remote_login_passwordfile = NONE

此時停用口令檔案驗證，Oracle資料庫不允許遠端SYSDBA/SYSOPER身份登入
無法透過遠端進行資料庫起停等操作管理

local:

[oracle@hhu ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 09:24:13 2016
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to an idle instance.

SYS@ORCL> startup
ORACLE instance started.

Total System Global Area 1653518336 bytes
Fixed Size		    2253784 bytes
Variable Size		 1006636072 bytes
Database Buffers	  637534208 bytes
Redo Buffers		    7094272 bytes
Database mounted.
Database opened.
SYS@ORCL> show parameter pass

NAME				     TYPE	 VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile	     string	 NONE

	

remote:

[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:25:50 2016
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied

	

此處實際上是無法透過口令檔案驗證

2.remote_login_passwordfile = exclusive

SYS@ORCL> alter system set remote_login_passwordfile=exclusive scope=spfile;
System altered.
SYS@ORCL> startup force;
ORACLE instance started.
Total System Global Area 1653518336 bytes
Fixed Size    2253784 bytes
Variable Size 1006636072 bytes
Database Buffers  637534208 bytes
Redo Buffers    7094272 bytes
Database mounted.
Database opened.
SYS@ORCL> show parameter pass


NAME                                     TYPE        VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile       string       EXCLUSIVE

remote:

 

[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba


SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:27:51 2016


Copyright (c) 1982, 2013, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SYS@hr> 

這實際上就是透過口令檔案驗證登入的

3.進一步測試

如果此時我們刪除passwdfile,sysdba/sysoper將無法認證，也就無法登陸資料庫

Server:

 

[oracle@hhu dbs]$ mv orapwORCL orapwORCL.bk

Remote:

 [oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba


SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:29:03 2016


Copyright (c) 1982, 2013, Oracle.  All rights reserved.


ERROR:
ORA-01017: invalid username/password; logon denied

這實際上就是無法透過口令檔案驗證身份

 

4.如果丟失了passwdfile

如果一開始是遠端登入的，在登入過程中使用passwdfile卻意外丟失，此時將不能重啟資料庫

 

[oracle@hhu ~]$ sqlplus sys/oracle@hr as sysdba


SQL*Plus: Release 11.2.0.4.0 Production on Fri May 20 13:48:11 2016


Copyright (c) 1982, 2013, Oracle.  All rights reserved.




Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

模擬密碼檔案丟失
[oracle@hhu dbs]$ mv orapwORCL orapwORCL.bk

重啟資料庫
SYS@hr> startup force;
ORA-01017: invalid username/password; logon denied

將密碼檔案恢復回來，再次重啟

[oracle@hhu dbs]$ mv orapwORCL.bk orapwORCL

SYS@hr> startup force;
ORA-03135: connection lost contact
SYS@hr> conn sys/oracle@hr as sysdba
Connected to an idle instance.
SYS@hr> startup force;
ORACLE instance started.


Total System Global Area 1653518336 bytes
Fixed Size    2253784 bytes
Variable Size 1006636072 bytes
Database Buffers  637534208 bytes
Redo Buffers    7094272 bytes
Database mounted.
Database opened.

又可以正常使用了

大致就是如此.

參考部落格：