禁用操作系统认证
[oracle@mylinux admin]$ ll
total 44
-rw-r--r-- 1 oracle oinstall 279 Apr 5 20:12 listener1204058PM1243.bak
-rw-r--r-- 1 oracle oinstall 752 Apr 10 22:29 listener.ora
drwxr-xr-x 2 oracle oinstall 4096 Mar 13 05:32 samples
-rw-r--r-- 1 oracle oinstall 187 May 9 2007 shrept.lst
-rw-r--r-- 1 oracle oinstall 139 Apr 10 22:29 sqlnet.ora
drwxr-xr-x 2 oracle oinstall 4096 Apr 8 20:24 temp
-rw-r--r-- 1 oracle oinstall 298 Apr 5 20:12 tnsnames1204058PM1243.bak
-rw-r----- 1 oracle oinstall 716 Apr 10 22:31 tnsnames.ora
[oracle@mylinux admin]$ vi sqlnet.ora
在sqlnet.ora中添加以下
SQLNET.AUTHENTICATION_SERVICES=(NONE)
[oracle@mylinux admin]$ sqlplus /nolog
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 17 20:58:07 2012
Copyright (c) 1982, 2009, Oracle. All rights reserved.
SQL> conn /as sysdba
ERROR:
ORA-01031: insufficient privileges
SQL> conn sys/oracle as sysdba
ERROR:
ORA-01017: invalid username/password; logon denied
--用户名和密码正确的,也登录不了
把sqlnet.ora中的SQLNET.AUTHENTICATION_SERVICES=(NONE)先注释掉
SQL> conn /as sysdba
Connected.
SQL> show parameter remote_login_passwordfile;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_login_passwordfile string NONE
--刚才用户名和密码正确的,也登录不了,是因为禁用了口令文件的验证(remote_login_passwordfile为none)
SQL> alter system set remote_login_passwordfile=exclusive scope=spfile;
System altered.
重启实例
再把sqlnet.ora改成SQLNET.AUTHENTICATION_SERVICES=(NONE)
[oracle@mylinux admin]$ sqlplus /nolog
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 17 21:02:53 2012
Copyright (c) 1982, 2009, Oracle. All rights reserved.
SQL> conn /as sysdba
ERROR:
ORA-01031: insufficient privileges
SQL> conn sys/oracle as sysdba
Connected.
综上:
sqlnet.ora中的SQLNET.AUTHENTICATION_SERVICES=(NONE)是用来禁用操作系统认证的
另实验后,发现操作系统认证禁用后,用外部身份验证中的操作系统身份验证即有前缀的ops$这些用户也不能进行验证了
另外:remote_login_passwordfile这个参数如果设置为none,那么无论是本地的还是远端的,都不能通过口令文件验证了
