Oracle® Database Administrator's Guide 11g Release 1 (11.1) Part Number B28310-01 |
|
|
View PDF |
You can create a password file using the password file creation utility, ORAPWD
. For some operating systems, you can create this file as part of your standard installation.
This section contains the following topics:
See Also:
The syntax of the ORAPWD
command is as follows:
ORAPWD FILE=filename PASSWORD=password [ENTRIES=numusers] [FORCE={Y|N}] [IGNORECASE={Y|N}] [NOSYSDBA={Y|N}]
Command parameters are summarized in the following table.
Parameter | Description |
---|---|
FILE |
Name to assign to the password file. See your operating system documentation for name requirements. You must supply a complete path. If you supply only a file name, the file is written to the current directory. |
PASSWORD |
The SYS user password. The SYS user name and password are written to the file. |
ENTRIES |
(Optional) Maximum number of entries (user accounts) to permit in the file. |
FORCE |
(Optional) If y , permits overwriting an existing password file. |
IGNORECASE |
(Optional) If y , passwords are treated as case-insensitive. |
NOSYSDBA |
(Optional) For Data Vault installations. See the Data Vault installation guide for your platform for more information. |
There are no spaces permitted around the equal-to (=) character.
The following command creates a password file named orapworcl
that allows up to 30 privileged users with different passwords. In this example, the file is initially created with the password secret
for users connecting as SYS
.
orapwd FILE=orapworcl PASSWORD=secret ENTRIES=30
The parameters in the ORAPWD
utility are described in detail in the sections that follow.
This parameter sets the name of the password file being created. You must specify the full path name for the file. If you supply only a file name, the file is written to the current directory. The contents of this file are encrypted, and the file cannot be read directly. This parameter is mandatory.
The types of filenames allowed for the password file are operating system specific. Some operating systems require the password file to adhere to a specific format and be located in a specific directory. Other operating systems allow the use of environment variables to specify the name and location of the password file. For name and location information for the Unix and Linux operating systems, see Administrator's Reference for UNIX-Based Operating Systems. For Windows, see Platform Guide for Microsoft Windows. For other operating systems, see your operating system documentation.
If you are running multiple instances of Oracle Database using Oracle Real Application Clusters, the environment variable for each instance should point to the same password file.
Caution:
It is critically important to the security of your system that you protect your password file and the environment variables that identify the location of the password file. Any user with access to these could potentially compromise the security of the connection.This parameter sets the password for user SYS
. If you issue the ALTER USER
statement to change the password for SYS
after connecting to the database, both the password stored in the data dictionary and the password stored in the password file are updated. This parameter is mandatory.
Note:
You cannot change the password forSYS
if REMOTE_LOGIN_PASSWORDFILE
is set to SHARED
. An error message is issued if you attempt to do so.This parameter specifies the number of entries that you require the password file to accept. This number corresponds to the number of distinct users allowed to connect to the database as SYSDBA
or SYSOPER
. The actual number of allowable entries can be higher than the number of users, because the ORAPWD
utility continues to assign password entries until an operating system block is filled. For example, if your operating system block size is 512 bytes, it holds four password entries. The number of password entries allocated is always a multiple of four.
Entries can be reused as users are added to and removed from the password file. If you intend to specify REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE
, and to allow the granting of SYSDBA
and SYSOPER
privileges to users, this parameter is required.
Caution:
When you exceed the allocated number of password entries, you must create a new password file. To avoid this necessity, allocate a number of entries that is larger than you think you will ever need.This parameter, if set to Y
, enables you to overwrite an existing password file. An error is returned if a password file of the same name already exists and this parameter is omitted or set to N
.
If this parameter is set to y
, passwords are case-insensitive. That is, case is ignored when comparing the password that the user supplies during login with the password in the password file.
See Also:
Oracle Database Security Guide for more information about case-sensitivity in passwords.In addition to creating the password file, you must also set the initialization parameter REMOTE_LOGIN_PASSWORDFILE
to the appropriate value. The values recognized are:
NONE
: Setting this parameter to NONE
causes Oracle Database to behave as if the password file does not exist. That is, no privileged connections are allowed over nonsecure connections.
EXCLUSIVE
: (The default) An EXCLUSIVE
password file can be used with only one instance of one database. Only an EXCLUSIVE
file can be modified. Using an EXCLUSIVE
password file enables you to add, modify, and delete users. It also enables you to change the SYS
password with the ALTER USER
command.
SHARED
: A SHARED
password file can be used by multiple databases running on the same server, or multiple instances of an Oracle Real Application Clusters (RAC) database. A SHARED
password file cannot be modified. This means that you cannot add users to a SHARED
password file. Any attempt to do so or to change the password of SYS
or other users with the SYSDBA
or SYSOPER
privileges generates an error. All users needing SYSDBA
or SYSOPER
system privileges must be added to the password file when REMOTE_LOGIN_PASSWORDFILE
is set to EXCLUSIVE
. After all users are added, you can change REMOTE_LOGIN_PASSWORDFILE
to SHARED
, and then share the file.
This option is useful if you are administering multiple databases or a RAC database.
If REMOTE_LOGIN_PASSWORDFILE
is set to EXCLUSIVE
or SHARED
and the password file is missing, this is equivalent to setting REMOTE_LOGIN_PASSWORDFILE
to NONE
.
When you grant SYSDBA
or SYSOPER
privileges to a user, that user's name and privilege information are added to the password file. If the server does not have an EXCLUSIVE
password file (that is, if the initialization parameter REMOTE_LOGIN_PASSWORDFILE
is NONE
or SHARED
, or the password file is missing), Oracle Database issues an error if you attempt to grant these privileges.
A user's name remains in the password file only as long as that user has at least one of these two privileges. If you revoke both of these privileges, Oracle Database removes the user from the password file.
Creating a Password File and Adding New Users to It
Use the following procedure to create a password and add new users to it:
Follow the instructions for creating a password file as explained in "Using ORAPWD".
Set the REMOTE_LOGIN_PASSWORDFILE
initialization parameter to EXCLUSIVE
. (This is the default.)
Note:
REMOTE_LOGIN_PASSWORDFILE
is a static initialization parameter and therefore cannot be changed without restarting the database.Connect with SYSDBA
privileges as shown in the following example:
CONNECT SYS/password AS SYSDBA
Start up the instance and create the database if necessary, or mount and open an existing database.
Create users as necessary. Grant SYSDBA
or SYSOPER
privileges to yourself and other users as appropriate. See "Granting and Revoking SYSDBA and SYSOPER Privileges", later in this section.
If your server is using an EXCLUSIVE
password file, use the GRANT
statement to grant the SYSDBA
or SYSOPER
system privilege to a user, as shown in the following example:
GRANT SYSDBA TO oe;
Use the REVOKE
statement to revoke the SYSDBA
or SYSOPER
system privilege from a user, as shown in the following example:
REVOKE SYSDBA FROM oe;
Because SYSDBA
and SYSOPER
are the most powerful database privileges, the WITH ADMIN OPTION
is not used in the GRANT
statement. That is, the grantee cannot in turn grant the SYSDBA
or SYSOPER
privilege to another user. Only a user currently connected as SYSDBA
can grant or revoke another user's SYSDBA
or SYSOPER
system privileges. These privileges cannot be granted to roles, because roles are available only after database startup. Do not confuse the SYSDBA
and SYSOPER
database privileges with operating system roles.
See Also:
Oracle Database Security Guide for more information on system privilegesUse the V$PWFILE_USERS
view to see the users who have been granted SYSDBA
or SYSOPER
system privileges for a database. The columns displayed by this view are as follows:
Column | Description |
---|---|
USERNAME |
This column contains the name of the user that is recognized by the password file. |
SYSDBA |
If the value of this column is TRUE , then the user can log on with SYSDBA system privileges. |
SYSOPER |
If the value of this column is TRUE , then the user can log on with SYSOPER system privileges. |
This section describes how to:
Expand the number of password file users if the password file becomes full
Remove the password file
If you receive the file full error (ORA-1996
) when you try to grant SYSDBA
or SYSOPER
system privileges to a user, you must create a larger password file and regrant the privileges to the users.
Replacing a Password File
Use the following procedure to replace a password file:
Identify the users who have SYSDBA
or SYSOPER
privileges by querying the V$PWFILE_USERS
view.
Delete the existing password file.
Follow the instructions for creating a new password file using the ORAPWD
utility in "Using ORAPWD". Ensure that the ENTRIES
parameter is set to a number larger than you think you will ever need.
Follow the instructions in "Adding Users to a Password File".
If you determine that you no longer require a password file to authenticate users, you can delete the password file and then optionally reset the REMOTE_LOGIN_PASSWORDFILE
initialization parameter to NONE
. After you remove this file, only those users who can be authenticated by the operating system can perform SYSDBA
or SYSOPER
database administration operations.