Q

Example of password file creation

In creating a password file we write say, password=xxx and number of entries=10. Here, does this 'number of entries=10' mean all 10 DBAs having sys/internal priviledges have the same password 'xxx' where REMOTE_LOGIN_PASSWORD=EXCLUSIVE?? Would you explain with clear examples?

Let's create the password file as follows:

$ orapwd file=orapwMYDB password=abc123 entries=10
First note that the password you assign here is simultaneously assigning the password for logging into Oracle as INTERNAL or SYS. If later, you connect as INTERNAL or SYS and change the password (ALTER USER sys IDENTIFIED BY...), the passwords for INTERNAL, SYS and the password file are all changed.

The number of entries is basically the maximum number of users that will be able to start and stop the database (i.e. have sysoper and/or sysdba privileges). It is important to remember that if this number is too low and additional users need to be added, the password file has to recreated completely.

The entry in initMYDB.ora for REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file and how many databases can use the password file. This parameter takes one of three values: NONE, SHARED or EXCLUSIVE.

NONE: Oracle ignores any password file. The database won't allow privileged sessions over nonsecure connections. Therefore, privileged users must be authenticated by the operating system.

SHARED: Only SYS and INTERNAL can log into Oracle to perform administrative functions remotely. This setting also indicates that more than one instance can use the password file but the only users recognized are SYS and INTERNAL.

EXCLUSIVE: The password file exists and any user/password combination in the passwrod file can log in to Oracle remotely and adminster that instance. If this setting is used, the DBA may use the create user command in Oracle to create the users that are added to the password file, and grant sysoper and/or sysdba system privileges to those users. After that, users can log into the database as themselves with all administrator privileges. In addition, EXCLUSIVE indicates that only one instance can use the password file and that the password file contains names other than SYS and INTERNAL. Finally, note that EXCLUSIVE is the required setting for Parallel Server.

For More Information


This was first published in June 2002

Dig deeper on Oracle database security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide

SearchDataCenter

SearchContentManagement

SearchFinancialApplications

Close