remote_os_authent参数测试!
client端普通用戶os驗(yàn)證過(guò)程:
1、保證參數(shù)remote_os_authent=true
SQL> show parameter remote_os_authent
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
remote_os_authent boolean TRUE
SQL>
2、在server端保證sqlnet.ora中
SQLNET.AUTHENTICATION_SERVICES= (none)
必須是none,我測(cè)試client端SQLNET.AUTHENTICATION_SERVICES的
設(shè)置無(wú)關(guān)緊要
3、注意參數(shù)os_authent_prefix的值,如果os_authent_prefix有值
,不為null,則創(chuàng)建用戶時(shí)也要加上os_authent_prefix的前綴
SQL> show parameter os_authent_prefix
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
os_authent_prefix string OPS$
4、在clinet端確定username:
C:>set username
USERNAME=user
此時(shí)client端的username是user
5、在db中創(chuàng)建外部驗(yàn)證的用戶,確定這個(gè)用戶名其實(shí)非常關(guān)鍵,我們可以通過(guò)
audit功能準(zhǔn)確的確定client端使用外部驗(yàn)證時(shí)的用戶名:
SQL> show parameter audit_trail
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_trail string DB
SQL> audit session whenever not successful;
審計(jì)已成功。
SQL> select os_username,username from dba_audit_session;
OS_USERNAM USERNAME
---------- ------------------------------
user OPS$USER
SQL>
這里通過(guò)審計(jì)記錄的結(jié)果發(fā)現(xiàn)os_username是user,但是username卻是
OPS$USER,而OPS$USER正是我們創(chuàng)建外部用戶所需要的用戶名:
6、創(chuàng)建外部用戶,注意大小寫(xiě),我發(fā)現(xiàn)大寫(xiě)可以,小寫(xiě)不好用:
SQL> create user "ops$user" identified by externally;
用戶已創(chuàng)建。
SQL> grant connect to "ops$user";
授權(quán)成功。
client端:
C:>sqlplus?/@a
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 5月 21 12:39:09 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01017: 用戶名/口令無(wú)效; 登錄被拒絕
--==================================================
SQL> create user "OPS$USER" identified by externally;
用戶已創(chuàng)建。
SQL> grant connect to "OPS$USER";
授權(quán)成功。
client端:
C:>sqlplus?/@a
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 5月 21 12:40:11 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
連接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> show user
USER "OPS$USER"
SQL>
7.不需要在server端的注冊(cè)表中設(shè)置環(huán)境變量auth_prefix_domain=false
8.server端os認(rèn)證和client端os認(rèn)證沖突,因?yàn)閟erver端os認(rèn)證要求
SQLNET.AUTHENTICATION_SERVICES= (nts)而client端os認(rèn)證要求SQLNET.AUTHENTICATION_SERVICES= (none)
9.sys用戶在client端如何實(shí)現(xiàn)os認(rèn)證呢?
暫時(shí)是我的疑問(wèn),為什么只好用了一次:
C:>sqlplus?/@a?as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 5月 21 12:54:28 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
連接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> show parameter db_name
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
db_name string ORCL
SQL> select host_name from v$instance;
HOST_NAME
----------------------------------------------------------------
XYS
SQL> exit
從 Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options 斷開(kāi)
C:>sqlplus?/@a
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 5月 21 12:55:48 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
連接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> exit
從 Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options 斷開(kāi)
C:>sqlplus?/@a?as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 5月 21 12:55:55 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: 權(quán)限不足
請(qǐng)輸入用戶名:
ERROR:
ORA-01017: 用戶名/口令無(wú)效; 登錄被拒絕
C:>
C:>
C:>sqlplus?/@a?as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 5月 21 12:56:19 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: 權(quán)限不足
請(qǐng)輸入用戶名:
ERROR:
ORA-01017: 用戶名/口令無(wú)效; 登錄被拒絕
請(qǐng)輸入用戶名:
ERROR:
ORA-01017: 用戶名/口令無(wú)效; 登錄被拒絕
SP2-0157: 在 3 次嘗試之后無(wú)法連接到 ORACLE, 退出 SQL*Plus
C:>sqlplus?/@a
SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 5月 21 12:56:21 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
連接到:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> exit
從 Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options 斷開(kāi)
總結(jié)
以上是生活随笔為你收集整理的remote_os_authent参数测试!的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: Goldengate DDL复制相关注意
- 下一篇: Oracle之外部表