Oracle教程 2023-02-26

Oracle 参数 REMOTE_LOGIN_PASSWORDFILE 官方解释，作用，如何配置最优化建议

本站中文解释

REMOTE_LOGIN_PASSWORDFILE参数指定Oracle的身份验证模式：认证文件方式或密码文件方式。在认证文件方式中，客户端与数据库服务器之间进行通信，而且还不使用用户名和密码。只有在身份验证文件中的会话ID才能够IT连接到服务器。在密码文件方式中，客户端必须在连接服务器时指定用户名和密码，并且必须在数据库服务器上存在一个匹配的用户。

要正确设置REMOTE_LOGIN_PASSWORDFILE参数，必须先创建密码或认证文件，然后分别更改其参数值。要创建密码文件，可以使用Oracle提供的utlpwdmg.sql脚本。要创建认证文件，可以使用utlauth.sql脚本。如果要把这些参数设置为使用认证文件，可以用以下命令：

SQL>alter system set REMOTE_LOGIN_PASSWORDFILE=NONE scope=spfile;

让Oracle服务器在重新启动时自动把参数设置为认证文件模式，可以用以下命令：

SQL>shutdown immediate

SQL>startup

SQL> alter system set REMOTE_LOGIN_PASSWORDFILE=NONE scope=spfile;

SQL>shutdown immediate

SQL>startup

官方英文解释

REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file.

Property	Description
Parameter type	String
Syntax	`REMOTE_LOGIN_PASSWORDFILE = { shared \| exclusive \| none }`
Default value	`exclusive`
Modifiable	No
Modifiable in a PDB	No
Basic	Yes
Oracle RAC	Multiple instances must have the same value.

Values

shared

One or more databases can use the password file. The password file can contain SYS and non-SYS users.

When REMOTE_LOGIN_PASSWORDFILE is set to shared:
- The SYS password cannot be changed. If you try, the password change operation fails with “ORA-28046: Password change for SYS disallowed.”
- The password of any user who has SYS* admin privileges (SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, SYSKM) cannot be changed. If you try, the password change operation fails with “ORA-01999: password file cannot be updated in SHARED mode.”
- Grants of SYS* admin privileges (SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, SYSKM) to individual users are not allowed. For example, grant sysdba to scott fails with “ORA-01999: password file cannot be updated in SHARED mode.” Similarly, revoke of SYS* admin privileges fails.
- If the password file does not exist, then the behavior is the same as setting REMOTE_LOGIN_PASSWORDFILE to none.
exclusive

The password file can be used by only one database. The password file can contain SYS and non-SYS users.

When REMOTE_LOGIN_PASSWORDFILE is set to exclusive, if the password file does not exist, then the behavior is the same as setting REMOTE_LOGIN_PASSWORDFILE to none.
none

Oracle ignores any password file. Therefore, privileged users must be authenticated by the operating system.

Note:

If you change REMOTE_LOGIN_PASSWORDFILE to exclusive or shared from none, then ensure that the password file is synchronized with the dictionary passwords.