今天一位同僚接到一項任務是修改資料庫SYS和SYSTEM使用者的密碼,老大在布置任務的時候還帶了一句别忘了同步密碼檔案,于是想到了自己前幾天寫的一篇部落格介紹Oracle密碼檔案的,當時隻是寫了如何建立密碼檔案,如何遠端使用SYSDBA登入資料庫做操作,但是并沒有提到密碼檔案中使用者的密碼跟資料庫中使用者的密碼是否有關系。
下面來測試一下,我用的平台是11.2.0.4
首先修改SYS的密碼
sys@ORCL>alter user sys identified by zhaoxu;
User altered.
--由于11g裡dba_user視圖裡的password是空值,是以選擇user$視圖
sys@ORCL>select password from user$ where name='SYS';
PASSWORD
------------------------------------------------------------------------------------------
C53B64BC84353309
--建議remote_login_passwordfile需要為EXCLUSIVE
sys@ORCL>show parameter remote_login_passwordfile
NAME TYPE VALUE
------------------------------------ --------------------------------- ------------------------------
remote_login_passwordfile string EXCLUSIVE
建立一個密碼檔案然後測試遠端登入
#建立一個與SYS使用者密碼相同的密碼檔案
[oracle@rhel6 dbs]$ cd $ORACLE_HOME/dbs
[oracle@rhel6 dbs]$ orapwd file=orapworcl entries=3 password=zhaoxu
[oracle@rhel6 dbs]$ ls -l orapworcl
-rw-r----- 1 oracle oinstall 1536 Dec 26 21:32 orapworcl
#測試連接配接成功
[c:\~]$ sqlplus sys/[email protected]/orcl as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on 星期一 12月 26 21:34:22 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
連接配接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select password from user$ where name='SYS';
PASSWORD
------------------------------------------------------------
C53B64BC84353309
#密碼的HASH值沒有變化
#建立一個與SYS密碼不同的密碼檔案
[oracle@rhel6 dbs]$ orapwd file=orapworcl entries=3 password=luoxi force=y
[oracle@rhel6 dbs]$ ls -l orapworcl
-rw-r----- 1 oracle oinstall 1536 Dec 26 21:36 orapworcl
#測試連接配接,使用原密碼檔案的密碼登入不成功,使用新密碼檔案的密碼登入成功,但是SYS使用者的密碼HASH值仍沒有變
[c:\~]$ sqlplus sys/[email protected]/orcl as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on 星期一 12月 26 21:36:20 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
[c:\~]$ sqlplus sys/[email protected]/orcl as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on 星期一 12月 26 21:36:30 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
連接配接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select password from user$ where name='SYS';
PASSWORD
------------------------------------------------------------
C53B64BC84353309
#修改SYS密碼成功,密碼HASH值與之前不同
sys@ORCL>alter user sys identified by oracle;
User altered.
sys@ORCL>select password from user$ where name='SYS';
PASSWORD
------------------------------------------------------------------------------------------
8A8F025737A9097A
#檢視密碼檔案,在修改SYS密碼時密碼檔案也有更新
[oracle@rhel6 dbs]$ ls -l orapworcl
-rw-r----- 1 oracle oinstall 1536 Dec 26 21:39 orapworcl
#測試遠端登入,使用luoxi密碼已不能登入資料庫,但修改的SYS密碼可以登入資料庫
[c:\~]$ sqlplus sys/[email protected]/orcl as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on 星期一 12月 26 21:41:50 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
[c:\~]$ sqlplus sys/[email protected]/orcl as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on 星期一 12月 26 21:41:58 2016
Copyright (c) 1982, 2013, Oracle. All rights reserved.
連接配接到:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>