oracle修改使用者密碼的方法
oracle修改使用者密碼的方法
http://blog.itpub.net/69902769/viewspace-2646974/
Oracle使用者名稱及預設密碼
修改oracle使用者的密碼有以下方法:
普通使用者
(1)通過alter user語法來進行修改 ,這也是最常見的方式:
(2) 第二種方式,是通過password命令來修改:
從安全性角度來說 ,推薦大家通過第二種方式來修改使用者密碼,這樣可防止明文密碼洩露。
sys使用者
另外關於sys使用者密碼,不要使用password以及alter user 方式去修改,原因主要如下:
(1) 當REMOTE_LOGIN_PASSWORDFILE引數設定為shared時,我們使用alter user 修改sys密碼時,會報
ORA-28046: Password change for SYS disallowed error.
測試如下:
(2)大多數內部遞迴SQL都使用SYS使用者。因此,如果您試圖在資料庫開啟時使用ALTER USER語句更改此密碼,則可能會導致死鎖。
因此,對於sys使用者我們需要使用orapwd來進行修改:
[oracle@orcl dbs]$ orapwd file='orapworcl' entries=5 force=y 這裡注意等號左右不能有空格;
關於orapwd說明引用官網,如下:
| Argument | Description |
|---|---|
FILE
|
Name to assign to the password file. You must supply a complete path. If you supply only a file name, the file is written to the current directory. |
ENTRIES
|
(Optional) Maximum number of entries (user accounts) to permit in the file. |
FORCE
|
(Optional) If
y
, permits overwriting an existing password file.
|
IGNORECASE
|
(Optional) If
y
, passwords are treated as case-insensitive.
|
- FILE
-
This argument sets the name of the password file being created. You must specify the full path name for the file. This argument is mandatory.
The file name required for the password file is operating system specific. Some operating systems require the password file to adhere to a specific format and be located in a specific directory. Other operating systems allow the use of environment variables to specify the name and location of the password file.
lists the required name and location for the password file on the UNIX, Linux, and Windows platforms. For other platforms, consult your platform-specific documentation.
Table 1-1 Required Password File Name and Location on UNIX, Linux, and Windows
Platform Required Name Required Location) UNIX and Linux
orapwORACLE_SIDORACLE_HOME
/dbsWindows
PWDORACLE_SID.oraORACLE_HOME
\database
For example, for a database instance with the SID
orcldw, the password file must be namedorapworcldwon Linux andPWDorcldw.oraon Windows.In an Oracle Real Application Clusters environment on a platform that requires an environment variable to be set to the path of the password file, the environment variable for each instance must point to the same password file.
Caution:
It is critically important to the security of your system that you protect your password file and the environment variables that identify the location of the password file. Any user with access to these could potentially compromise the security of the connection. - ENTRIES
-
This argument specifies the number of entries that you require the password file to accept. This number corresponds to the number of distinct users allowed to connect to the database as
SYSDBAorSYSOPER. The actual number of allowable entries can be higher than the number of users, because theORAPWDutility continues to assign password entries until an operating system block is filled. For example, if your operating system block size is 512 bytes, it holds four password entries. The number of password entries allocated is always a multiple of four.Entries can be reused as users are added to and removed from the password file. If you intend to specify
REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE, and to allow the granting ofSYSDBAandSYSOPERprivileges to users, this argument is required.Caution:
When you exceed the allocated number of password entries, you must create a new password file. To avoid this necessity, allocate more entries than you think you will ever need. - FORCE
-
This argument, if set to
Y, enables you to overwrite an existing password file. An error is returned if a password file of the same name already exists and this argument is omitted or set toN. - IGNORECASE
-
If this argument is set to
y, passwords are case-insensitive. That is, case is ignored when comparing the password that the user supplies during login with the password in the password file.