[Oracle Mgmt]About Oracle Password File

Oracle中的password file保存着系统的特权用户(sysdba, sysoper)的密码，主要用于DBA远程访问该数据库，因为如果访问本地的数据库的话，是没有必要通过password file来进行认证的，只需要当前用户是被加到操作系统的oradba group中即可, 如下

 

需要注意的是，使用操作系统级别认证，要设置文件sqlnet.ora (%ORACLE_HOME\NETWORK\ADMIN) 中如下entry:

SQLNET.AUTHENTICATION_SERVICES= (NTS)

设置之后，就可以不用输入密码，甚至用户名都不用就可以以sysdba的身份登陆系统，设置可以用任意的密码登陆 （因为压根这时候就不通过password file认证），测试如下，

C:\Documents and Settings\szuser>sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Mar 11 18:46:22 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Pr
oduction
With the Partitioning, OLAP, Data Mining and Real Application Testing options

C:\Documents and Settings\szuser>sqlplus sys/blabla.. as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Mar 11 18:46:35 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Pr
oduction
With the Partitioning, OLAP, Data Mining and Real Application Testing options

C:\Documents and Settings\szuser>sqlplus sys/whateverYouLike as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Mar 11 18:46:59 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>
 

 但是，如果你把sqlnet.ora的内容改成如下，

SQLNET.AUTHENTICATION_SERVICES= (NONE)

这个时候就需要用到password file了，如果这个时候还是任意输入密码，或者用“/" 来登陆，就会出现问题，如下，

C:\Documents and Settings\szuser>sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Mar 11 18:52:18 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.

ERROR:
ORA-01031: insufficient privileges


Enter user-name:




C:\Documents and Settings\szuser>sqlplus sys/asfas as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Mar 11 18:53:00 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.

ERROR:
ORA-01017: invalid username/password; logon denied


Enter user-name:

所以，这个时候password file的作用就体现出来了，对于远程登陆password file一直是有作用的。

如果这个时候遇到如下问题，怎么办呢？ 我忘了sys 用户的密码了，由于password file是2进制文件，而且密码都是加密的，所以从password file是很难看到sys的密码的。这个时候我们可以用orapwd来重新创建password file来覆盖原来的密码，(注意在windows下，密码文件的命名是PWD<oracle_sid>.ora, 如果创建其他名字的password file，oracle是不会用的。

关于password file的创建和管理，参阅oracle文档 http://download.oracle.com/docs/cd/B28359_01/server.111/b28310/dba007.htm

对于上面提出的问题，可以进行如下解决，注意需要设置参数force=y来覆盖原来的密码文件。

C:\Documents and Settings\szuser>orapwd file=E:\oracle\product\10.2.0\db_1\datab
ase\PWDorcl.ora password=changeme

OPW-00005: File with same name exists - please delete or rename

C:\Documents and Settings\szuser>orapwd file=E:\oracle\product\10.2.0\db_1\datab
ase\PWDorcl.ora password=changeme force=y

C:\Documents and Settings\szuser>

接下来可以登陆oracle,并进行密码的重置操作，

C:\Documents and Settings\szuser>sqlplus sys/changeme as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Mar 11 19:00:23 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> alter user sys identified by sys;

User altered.

SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Pr
oduction
With the Partitioning, OLAP, Data Mining and Real Application Testing options

C:\Documents and Settings\szuser>sqlplus sys/sys as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Mar 11 19:00:42 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

Oracle提供了一个视图v$pwfile_users 来方便查看password file里面有哪些特权用户， 

SQL> select * from v$pwfile_users;

USERNAME                       SYSDB SYSOP
------------------------------ ----- -----
SYS                            TRUE  TRUE

SQL>

可以通过如下方式把一个user加入或移出password file,

SQL> grant sysdba to scott;

Grant succeeded.

SQL> select * from v$pwfile_users;

USERNAME                       SYSDB SYSOP
------------------------------ ----- -----
SYS                            TRUE  TRUE
SCOTT                          TRUE  FALSE

SQL> revoke sysdba from scott;

Revoke succeeded.

SQL> select * from v$pwfile_users;

USERNAME                       SYSDB SYSOP
------------------------------ ----- -----
SYS                            TRUE  TRUE