Home » RDBMS Server » Security » Remote Login question (XE on Linux)
Remote Login question [message #425111] Wed, 07 October 2009 10:25 Go to next message
ehegagoka
Messages: 493
Registered: July 2005
Senior Member
Hi,
I'm kind of confuse on this remote_login connection. I'm using oracle xe on CentOS. Here's the sequence:


-- created a password file
oracle@mortonlx dbs$ orapwd file=orapwXE entries=40 password=oracle force=y
oracle@mortonlx dbs$ ls
hc_XE.dat init.ora lkXE orapwXE orapwXE.orig spfileXE.ora

-- connect as internal
SQL> conn / as sysdba
Connected to an idle instance.
SQL> startup
ORACLE instance started.

Total System Global Area 603979776 bytes
Fixed Size 1260292 bytes
Variable Size 163579132 bytes
Database Buffers 436207616 bytes
Redo Buffers 2932736 bytes
Database mounted.
Database opened.
SQL>

-- connecting as sys NOT remotely
-- what's the explanation here?
-- my reall sys password
SQL> conn sys as sysdba
Enter password:
Connected.
-- using the 'oracle' password on the password file
SQL> conn sys as sysdba
Enter password:
Connected.
SQL>

-- connecting REMOTELY
-- whats the explanation here?
-- using my real SYS password
SQL> conn sys@xe as sysdba
Enter password:
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.

-- using the 'oracle' password from passwordfile
SQL> conn sys@xe as sysdba
Enter password:
Connected.
SQL>

-- AND NOW, NOT starting first the database by internal
-- NOT remotely also
SQL> conn / as sysdba
Connected.
SQL> shutdown
Database closed.
Database dismounted.
ORACLE instance shut down.
-- USING my real sys password
SQL> conn sys as sysdba
Enter password:
Connected to an idle instance.
SQL> startup
ORACLE instance started.

Total System Global Area 603979776 bytes
Fixed Size 1260292 bytes
Variable Size 163579132 bytes
Database Buffers 436207616 bytes
Redo Buffers 2932736 bytes
Database mounted.
Database opened.
-- Using my 'oracle' password from passwordfile
SQL> conn sys as sysdba
Enter password:
Connected.
SQL>

-- REMOTELY
-- using both my real and the password file password, I can't connect remotely to startup my database.
SQL> shutdown
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> conn sys@xe as sysdba
Enter password:
ERROR:
ORA-01031: insufficient privileges

Warning: You are no longer connected to ORACLE.
SQL> conn sys@xe as sysdba
Enter password:
ERROR:
ORA-01031: insufficient privileges

SQL>



Could anyone explain whats the diff in all of this scenarios? Thank you very much.
Re: Remote Login question [message #425145 is a reply to message #425111] Wed, 07 October 2009 15:09 Go to previous messageGo to next message
BlackSwan
Messages: 23184
Registered: January 2009
Senior Member








































































































































>SQL> conn sys@xe as sysdba
>Enter password:
>ERROR:
>ORA-01031: insufficient privileges
>
>Warning: You are no longer connected to ORACLE.
>SQL> conn sys@xe as sysdba
>Enter password:
>ERROR:
>ORA-01031: insufficient privileges
>
>SQL>

A Metalink NOTE covers "ORA-01031: insufficient privileges"
when trying to login "as sysdba".
This error can occur for any number of reasons both for local
& remote logins.

None of my DBs are configured to allow remote "as sysdba" access.
I view allowing such to be a security risk, because at the Oracle
level you can not easily control from where it occurs.
So I flat out disallow & control access to DB server via Firewall
and other OS controls.



Re: Remote Login question [message #425147 is a reply to message #425145] Wed, 07 October 2009 15:22 Go to previous messageGo to next message
ehegagoka
Messages: 493
Registered: July 2005
Senior Member
Thank you very much for the reply. I'll look up that metalink note.

So you mean you don't have that password file? And you only connect at the database server "hands-on"? ( for sysdba )
Re: Remote Login question [message #425148 is a reply to message #425147] Wed, 07 October 2009 15:37 Go to previous messageGo to next message
BlackSwan
Messages: 23184
Registered: January 2009
Senior Member
>So you mean you don't have that password file?
Correct

>And you only connect at the database server "hands-on"? ( for sysdba )
My Production DB servers are behind 2 different flavor of Firewall.
So from home I ssh to DMZ system behind FW1.
Then ssh to DBserver before I can log into Oracle passing through FW2.

Access to DB can be either easy or secure.
Pick your poison.

Re: Remote Login question [message #425150 is a reply to message #425148] Wed, 07 October 2009 15:40 Go to previous message
ehegagoka
Messages: 493
Registered: July 2005
Senior Member
Thank you very much =)

Quote:
Access to DB can be either easy or secure.


Got your point =)
Previous Topic: Use of dbms_crypto packageto encrypt table columns
Next Topic: ORA-28112: failed to execute policy function
Goto Forum:
  


Current Time: Thu Dec 25 10:31:48 CST 2014

Total time taken to generate the page: 0.16277 seconds