In creating a password file we write say, password=xxx and number of entries=10. Here, does this 'number of entries=10' mean all 10 DBAs having sys/internal priviledges have the same password 'xxx' where REMOTE_LOGIN_PASSWORD=EXCLUSIVE?? Would you explain with clear examples?
Let's create the password file as follows:
$ orapwd file=orapwMYDB password=abc123 entries=10First note that the password you assign here is simultaneously assigning the password for logging into Oracle as INTERNAL or SYS. If later, you connect as INTERNAL or SYS and change the password (ALTER USER sys IDENTIFIED BY...), the passwords for INTERNAL, SYS and the password file are all changed.
The number of entries is basically the maximum number of users that will be able to start and stop the database (i.e. have sysoper and/or sysdba privileges). It is important to remember that if this number is too low and additional users need to be added, the password file has to recreated completely.
The entry in initMYDB.ora for REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file and how many databases can use the password file. This parameter takes one of three values: NONE, SHARED or EXCLUSIVE.
NONE: Oracle ignores any password file. The database won't allow privileged sessions over nonsecure connections. Therefore, privileged users must be authenticated by the operating system.
SHARED: Only SYS and INTERNAL can log into Oracle to perform administrative functions remotely. This setting also indicates that more than one instance can use the password file but the only users recognized are SYS and INTERNAL.
EXCLUSIVE: The password file exists and any user/password combination in the passwrod file can log in to Oracle remotely and adminster that instance. If this setting is used, the DBA may use the create user command in Oracle to create the users that are added to the password file, and grant sysoper and/or sysdba system privileges to those users. After that, users can log into the database as themselves with all administrator privileges. In addition, EXCLUSIVE indicates that only one instance can use the password file and that the password file contains names other than SYS and INTERNAL. Finally, note that EXCLUSIVE is the required setting for Parallel Server.
For More Information
- Dozens more answers to tough Oracle questions from Karen Morton are available here.
- The Best Oracle Web Links: tips, tutorials, scripts, and more.
- Have an Oracle or SQL tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize. Submit your tip today!
- Ask your technical Oracle and SQL questions -- or help out your peers by answering them -- in our live discussion forums.
- Ask the Experts yourself: Our SQL, database design, Oracle, SQL Server, DB2, metadata, object-oriented and data warehousing gurus are waiting to answer your toughest questions.
Dig Deeper on Oracle database security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.