| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Password for 'internal'
>
> Hi oracle pundits,
>
> I am having some security problems in the database.
> Is there anyway I can specify a password for 'internal' user?
>
> Any suggestions will be highly appreciated.
>
There is way given in Oracle Ver 7.x - using the utility orapwd. The behaviour of this utility seem to be different in 7.0.x and 7.1.x. I tried using it in 7.1.3 on NCR Unix and giving my experience :
orapwd is in $ORACLE_HOME/bin and has to be run using the command :
orapwd file=<file> password=<passwd> entries=<nn>
You will get the help on orapwxper by invoking it without any options. "file" is the name of the password file and it's default location is $ORACLE_HOME/dbs/orapw<sid>. "passwd" is the password for connecting as internal. "entries" specifies how many entries are expected in the file. Whenever a user is granted SYSDBA or SYSOPER, his id is added in to this file. After which, when a user is connecting as internal, on supplying the password, he is allowed in.
The init.ora parameter remote_login_passwordfile should be set to exclusive or shared in order to use the password file. Also, the syntax of connect internal is slightly changed to accomodate sysdba and sysoper. IUG and Server Documentation Addendum give detailed specifications.
All is well. I created a trial DB (SID xper) and said "Yes" for the installer's question "Do you want to created the password file .." and got a $ORACLE_HOME/dbs/orapwxper file automatically created for me. But until the init.ora parameter was set, the password file was not in use. The moment the DB was shutdown and init.ora modified and restarted, the DB refused to open giving the error
"ORA-1990 Cannot open password file $ORACLE_HOME/dbs/orapwxper"
The same happens if I create the pwd file myself with orapwd.
My second option was to use the roles osdba and osoper which are granted through OS groups, ora_xper_osdba_d. In spite of setting OS_ROLES=true, these privileges were not granted and the user was not able to connect as internal. Other roles granted through OS groups were identified.
For the time being, I am relying on the group "dba". But, we would not like to give the group "dba" to the operator.
Therefore, any help on this will be greatly appreciated not only by Bharat, also by me.
Thanks,
Rukmani.
 |
 |