Home » RDBMS Server » Security » Login as sysdba
Login as sysdba [message #224968] Fri, 16 March 2007 03:28 Go to next message
sellafrica
Messages: 68
Registered: July 2005
Location: Braynston
Member

Good Morning.

Is it possible to make sure that one cannot log in like this without a password? If so how.

Thank you in advance

oracle@linux2:~> sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.1.0 - Production on Thu Mar 15 10:40:51 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to:
Oracle9i Release 9.2.0.1.0 - Production
JServer Release 9.2.0.1.0 - Production
SQL>



Re: Login as sysdba [message #224974 is a reply to message #224968] Fri, 16 March 2007 04:06 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10672
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Search the forum before posting.
The topic is been discussed many many times.
To startwith, any OS user in DBA group could login without password.
Re: Login as sysdba [message #226772 is a reply to message #224974] Mon, 26 March 2007 08:57 Go to previous messageGo to next message
sellafrica
Messages: 68
Registered: July 2005
Location: Braynston
Member

Thanks,

SO any use of the password file or setting remote loggin to exclusive will not avoid this?
Re: Login as sysdba [message #226783 is a reply to message #226772] Mon, 26 March 2007 09:15 Go to previous messageGo to next message
Michel Cadot
Messages: 64119
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

Database Vault is the only way.
Re: Login as sysdba [message #226801 is a reply to message #226772] Mon, 26 March 2007 10:02 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
A search of the board should have revealed this.
Re: Login as sysdba [message #226802 is a reply to message #226801] Mon, 26 March 2007 10:04 Go to previous messageGo to next message
Michel Cadot
Messages: 64119
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

On Windows, but the OP works with Linux.

Regards
Michel
Re: Login as sysdba [message #226803 is a reply to message #226802] Mon, 26 March 2007 10:22 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
Michel Cadot wrote on Mon, 26 March 2007 11:04

On Windows, but the OP works with Linux.


Not true. Works for *NIX too. Just need to create a sqlnet.ora file and add that parameter.
Re: Login as sysdba [message #227037 is a reply to message #226803] Tue, 27 March 2007 03:29 Go to previous messageGo to next message
sellafrica
Messages: 68
Registered: July 2005
Location: Braynston
Member

Hi.

Is it any different on 10g because the default is NONE for sqlnet.authentication_services

sqlnet.authentication_services
#
# Syntax: A single value or a list from {beq, none, all, kerberos5,
# cybersafe, radius}
# Default: NONE
#
# Enables one or more authentication services. If
# Oracle Advanced Security has been installed with Kerberos5
# support, using (beq, kerberos5) would enable authentication via
# Kerberos.
Re: Login as sysdba [message #227042 is a reply to message #226803] Tue, 27 March 2007 03:36 Go to previous messageGo to next message
Michel Cadot
Messages: 64119
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
Not true. Works for *NIX too.

Thanks for the correction.

Regards
Michel
Re: Login as sysdba [message #227066 is a reply to message #227037] Tue, 27 March 2007 04:25 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
sellafrica wrote on Tue, 27 March 2007 04:29

Is it any different on 10g because the default is NONE for sqlnet.authentication_services

No different on 10g.

If a sqlnet.ora file exists, it will check to see if the parameter sqlnet.authentication_services itself is there. If it's there and nothing is specified, then it will default to NONE.
Re: Login as sysdba [message #227088 is a reply to message #227066] Tue, 27 March 2007 05:45 Go to previous messageGo to next message
Michel Cadot
Messages: 64119
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
I disagree with this.
If I don't have such statement or if value is not set I can connect "/ as sysdba".
If I put it set to NONE I no more can.
My conclusion is that default is not NONE.

> tail -1 sqlnet.ora
sqlnet.authentication_services =
> sqlplus / as sysdba

SQL*Plus: Release 10.2.0.3.0 - Production on Tue Mar 27 12:43:51 2007

Copyright (c) 1982, 2006, Oracle.  All Rights Reserved.

Connected to an idle instance.

SQL>


Regards
Michel
Re: Login as sysdba [message #227090 is a reply to message #227088] Tue, 27 March 2007 05:53 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
Worked on 10.2.0.1.

Try to include parentheses:
sqlnet.authentication_services = ()

As specified in docs, default is NONE.

[Updated on: Tue, 27 March 2007 05:56]

Report message to a moderator

Re: Login as sysdba [message #227103 is a reply to message #227090] Tue, 27 March 2007 06:09 Go to previous messageGo to next message
Michel Cadot
Messages: 64119
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

Ah! OK, works with "()".

Btw, "None" in the "Default" paragraph of the documentation does not mean that the default is "NONE" but there is no default as in the sentence "Default: there is none". See the other parameters, values are in lower case with "code" font. "None" is in mixed case and with the default font.

Regards
Michel
Re: Login as sysdba [message #227117 is a reply to message #227103] Tue, 27 March 2007 06:26 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
Michel Cadot wrote on Tue, 27 March 2007 07:09

Btw, "None" in the "Default" paragraph of the documentation does not mean that the default is "NONE" but there is no default as in the sentence "Default: there is none". See the other parameters, values are in lower case with "code" font. "None" is in mixed case and with the default font.



This is one of those cases where it depends on what you have configured in the sqlnet.ora file.

The parameter is ignored, ie. None of the authentication methods are considered when SQLNET.AUTHENTICATION_SERVICES is not set or set inappropriately in the sqlnet.ora file.

However, when the parameter is set in the file appropriately and there are no authentication methods listed, NONE is the default.

Typical Oracle documentation !!
Re: Login as sysdba [message #227119 is a reply to message #227117] Tue, 27 March 2007 06:28 Go to previous message
Michel Cadot
Messages: 64119
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Mad


Smile
Michel
Previous Topic: pasword protected sysdba...Urgent!!!!!
Next Topic: external_name from dba_users
Goto Forum:
  


Current Time: Tue Dec 06 06:46:23 CST 2016

Total time taken to generate the page: 0.11745 seconds