Ask the Expert

Example of password file creation

In creating a password file we write say, password=xxx and number of entries=10. Here, does this 'number of entries=10' mean all 10 DBAs having sys/internal priviledges have the same password 'xxx' where REMOTE_LOGIN_PASSWORD=EXCLUSIVE?? Would you explain with clear examples?

    Requires Free Membership to View

Let's create the password file as follows:

$ orapwd file=orapwMYDB password=abc123 entries=10
First note that the password you assign here is simultaneously assigning the password for logging into Oracle as INTERNAL or SYS. If later, you connect as INTERNAL or SYS and change the password (ALTER USER sys IDENTIFIED BY...), the passwords for INTERNAL, SYS and the password file are all changed.

The number of entries is basically the maximum number of users that will be able to start and stop the database (i.e. have sysoper and/or sysdba privileges). It is important to remember that if this number is too low and additional users need to be added, the password file has to recreated completely.

The entry in initMYDB.ora for REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file and how many databases can use the password file. This parameter takes one of three values: NONE, SHARED or EXCLUSIVE.

NONE: Oracle ignores any password file. The database won't allow privileged sessions over nonsecure connections. Therefore, privileged users must be authenticated by the operating system.

SHARED: Only SYS and INTERNAL can log into Oracle to perform administrative functions remotely. This setting also indicates that more than one instance can use the password file but the only users recognized are SYS and INTERNAL.

EXCLUSIVE: The password file exists and any user/password combination in the passwrod file can log in to Oracle remotely and adminster that instance. If this setting is used, the DBA may use the create user command in Oracle to create the users that are added to the password file, and grant sysoper and/or sysdba system privileges to those users. After that, users can log into the database as themselves with all administrator privileges. In addition, EXCLUSIVE indicates that only one instance can use the password file and that the password file contains names other than SYS and INTERNAL. Finally, note that EXCLUSIVE is the required setting for Parallel Server.

For More Information


This was first published in June 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: