Oracle操作系统认证用户的安全性-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

Oracle操作系统认证用户的安全性

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:30 PM

oracle What safety operating system user Certification

一。什么是Oracle操作系统用户认证登录方式. 即只要在数据库中创建一个os认证用户。然后，就可以在服务器本机或远程客户端上创建和登录一个相同用户名，就可以不需要密码连接上本地或远程的数据库了。最典型的就是“sql / as sysdba”即不用给出用户名和密

一。什么是Oracle操作系统用户认证登录方式.

即只要在数据库中创建一个os认证用户。然后，就可以在服务器本机或远程客户端上
创建和登录一个相同用户名，就可以不需要密码连接上本地或远程的数据库了。
最典型的就是“sql / as sysdba”即不用给出用户名和密码就可以登录到数据库系统中。

二。如何用os用户认证，在本机或远程登录数据库。

1.检查是否已打开了操作系统认证
$ORACLE_HOME/network/admin/sqlnet.ora

Windows下检查是否设为NTS.这个NTS为Oracle针对Windows专用的。
SQLNET.AUTHENTICATION_SERVICES= (NTS)
UNIX/Linux下,检查是否设为NONE，如果是，则要更改成ALL或注释掉那行。

2.检查密码文件参数是否为EXCLUSIVE
show parameter REMOTE_LOGIN_PASSWORDFILE

如不是，可以下面命令更改:
alter system set remote_login_passwordfile=EXCLUSIVE scope=spfile;
并且检查密码文件是否有创建，如没有，用下列命令创建并输入sys用户的密码。
orapwd file=orapw$ORACLE_SID passwd=xcl entries=5 force=y;
可用下面命令来检查sys用户是否有放入密码文件。
select * from v$pwfile_users;

附上参数remote_login_passwordfile的参数值说明:
None: 使得oracle不使用密码文件，只能使用OS认证，不允许通过不安全网络进行远程管理。
Exclusive: 可以使用唯一的密码文件，但只限一个数据库。密码文件中可以包括除了sys用户的其他用户。
Shared: 可以在多个数据库上使用共享的密码文件。但是密码文件中只能包含sys用户。通常用于一个dba管理多个数据库的时候。

3.检查远程操作系统认证参数是否为TRUE
show parameter remote_os_authent

如不是，可以下面命令更改:
alter system set remote_os_authent=true scope=spfile;

4. 现有的OS认证关键字与认证用户
--查看当前数据库OS认证关键字，常为 ops$
show parameter os_authent_prefix

--查看现在有无OS认证用户
SELECT username,password FROM dba_users WHERE username like 'ops$%';
也可用 alter system set os_authent_prefix="" scope=spfile; 去掉前缀

5. 如有更改过参数，请重启数据库，使参数更改生效。否则略过.
shutdown immediate
startup

6. 在数据库创建一个OS认证用户
a. 在数据库服务上，创建一个myosuser操作系统用户.

useradd myosuser

passwd myosuser

b.在数据库中创建，记得用户名前要加前缀
-- IDENTIFIED EXTERNALLY 表明此用户通过操作系统来认证
CREATE USER ops$myosuser IDENTIFIED EXTERNALLY;
GRANT CONNECT,RESOURCE TO ops$myosuser;
你也可以将myosuser改成administrator，这样windows客户端连远程数据库时，更明显，更方便。

另一个要注意的地方是OS认证优先于密码文件认证.
7.数据库服务器上，用其本机os用户登录测试
export ORACLE_SID=xcldb
export ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1
su - myosuser
/u01/app/oracle/product/11.2.0/db_1/bin/sqlplus /
show user

注意: myosuser用户要属于dba组角色。

8. 在远程客户端机器连接服务器上的数据库
在客户端机器上，用myosuser用户登录远程数据库.
Windows为例:
a. 创建一个myosuser用户
b. 授权ORA_DBA或ORA_OPER角色
c. 检查sqlnet.ora是否为SQLNET.AUTHENTICATION_SERVICES= (NTS)
d. 输入sqlplus /@remote_xcldb 就可以登录

当然如果是用administrator用户测试，就没这么麻烦。

三。禁用远程操作系统认证
a.alter system set remote_os_authent=false scope=spfile;
b.重启数据库

四。如何禁用OS认证用户登录
在$ORACLE_HOME/network/admin/sqlnet.ora 加上下面的语句设为NONE即可。
SQLNET.AUTHENTICATION_SERVICES=(NONE)
Windows和UNIX/Linux都这样做。

五。给sqlnet.ora文件提高安全等级
chown root:root sqlnet.ora
chmod 744 sqlnet.ora
这样，以后只有root用户可以更改里面的值了.

简洁流程:
远程客户端发起连接 --> 检查库是否可远程连接(remote_os_authent = true)
--> 检查是否可使用密码文件(remote_login_passwordfile = EXCLUSIVE) --> 检查密码文件
--> 检查 sqlnet.ora可否用os认证用户 ( AUTHENTICATION_SERVICES != NONE)
--> 检查OS认证用户名是否存在 --> 核对密码 -->登录成功.

MAIL: xcl_168@aliyun.com

BLOG: http://blog.csdn.net/xcl168

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Saving in R.E.P.O. Explained (And Save Files)

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7566

CakePHP Tutorial

1386

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

106

Related knowledge

What is Linux actually good for? Apr 12, 2025 am 12:20 AM

Linux is suitable for servers, development environments, and embedded systems. 1. As a server operating system, Linux is stable and efficient, and is often used to deploy high-concurrency applications. 2. As a development environment, Linux provides efficient command line tools and package management systems to improve development efficiency. 3. In embedded systems, Linux is lightweight and customizable, suitable for environments with limited resources.

How to create cursors in oracle loop Apr 12, 2025 am 06:18 AM

In Oracle, the FOR LOOP loop can create cursors dynamically. The steps are: 1. Define the cursor type; 2. Create the loop; 3. Create the cursor dynamically; 4. Execute the cursor; 5. Close the cursor. Example: A cursor can be created cycle-by-circuit to display the names and salaries of the top 10 employees.

How to create oracle dynamic sql Apr 12, 2025 am 06:06 AM

SQL statements can be created and executed based on runtime input by using Oracle's dynamic SQL. The steps include: preparing an empty string variable to store dynamically generated SQL statements. Use the EXECUTE IMMEDIATE or PREPARE statement to compile and execute dynamic SQL statements. Use bind variable to pass user input or other dynamic values to dynamic SQL. Use EXECUTE IMMEDIATE or EXECUTE to execute dynamic SQL statements.

How to use triggers for oracle Apr 11, 2025 pm 11:57 PM

Triggers in Oracle are stored procedures used to automatically perform operations after a specific event (insert, update, or delete). They are used in a variety of scenarios, including data verification, auditing, and data maintenance. When creating a trigger, you need to specify the trigger name, association table, trigger event, and trigger time. There are two types of triggers: the BEFORE trigger is fired before the operation, and the AFTER trigger is fired after the operation. For example, the BEFORE INSERT trigger ensures that the age column of the inserted row is not negative.

Who invented the mac system Apr 12, 2025 pm 05:12 PM

The macOS operating system was invented by Apple. Its predecessor, System Software, was launched in 1984. After many iterations, it was updated to Mac OS X in 2001 and changed its name to macOS in 2012.

What are the methods of tuning performance of Zookeeper on CentOS Apr 14, 2025 pm 03:18 PM

Zookeeper performance tuning on CentOS can start from multiple aspects, including hardware configuration, operating system optimization, configuration parameter adjustment, monitoring and maintenance, etc. Here are some specific tuning methods: SSD is recommended for hardware configuration: Since Zookeeper's data is written to disk, it is highly recommended to use SSD to improve I/O performance. Enough memory: Allocate enough memory resources to Zookeeper to avoid frequent disk read and write. Multi-core CPU: Use multi-core CPU to ensure that Zookeeper can process it in parallel.

How to stop oracle database Apr 12, 2025 am 06:12 AM

To stop an Oracle database, perform the following steps: 1. Connect to the database; 2. Shutdown immediately; 3. Shutdown abort completely.

How to change the oracle table name Apr 11, 2025 pm 11:54 PM

Two ways to rename Oracle table names: use SQL statements: ALTER TABLE <Old table name> RENAME TO <New table name>;Use PL/SQL statements: EXECUTE IMMEDIATE 'ALTER TABLE ' || :old_table_name || ' RENAME TO ' || :new_table_name;

See all articles