| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: connect as sysdba
I undertand you now, I´m sorry, but I don´t understand the first time.
Thanks.
"Howard J. Rogers" <howardjr_at_www.com> escribió en el mensaje
news:3a55cf39_at_news.iprimus.com.au...
>
> "montserrat mateos" <m.mateos_at_upsa.es> wrote in message
> news:3a55899a$1_at_193.146.156.23...
> > I think that it isn´t problem because when I create the user i do with
> > CREATE USER <NAME> IDENTIFIED BY <PASSWORD>, and not EXTERNALLY.
> >
> > So, i don´t know.
> >
> > Do you have a more ideas??
> >
>
> No, the "externally" thing is used when you want to implement O/S
> authentication for ordinary users, and requires the username to be equal
to
> the o/s login name plus whatever you set as your OS_AUTHENT_PREFIX in the
> init.ora (OPS$ by default).
>
> That's *not* what I was talking about. I was referring to O/S
> authentication for privileged users (ie, those who can startup, shutdown,
> backup and recover the database) ... ie, those with SYSDBA privileges.
> Completely different mechanism.
>
> You've missed my essential point, which is that you said your original
user
> could connect 'as sysdba' even though he wasn't granted sysdba privileges.
> Who were you logged on at the operating system when you tested that? As
> yourself? If so, your o/s account, presumably being a member of the dba
> group (or ORA_DBA group on NT), is the thing that counts, not what you
type
> as the connect string in sqlplus or svrmgrl. The presence of the 'as
> sysdba' keywords means 'ignore the username and password I've typed in the
> connect string, and go check the memberships of the dba group'.
>
> Do me a favour: type in 'connect skjdhkjhfksjfhaksjdshfa/ksdfhskjhfsjfhksj
> as sysdba' (without the quotes) and tell me what happens (and actually do
it
> this time!). My guess is you will connect fine. You might then try
'select
> user from dual', and my guess is that you'll see yourself logged on as
> SYS... and if both those guesses are true, you have O/S authentication for
> privileged Users set up.
>
> Regards
> HJR
>
>
>
>
> > Thanks
> >
> > "Howard J. Rogers" <howardjr_at_www.com> escribió en el mensaje
> > news:3a5575b8_at_news.iprimus.com.au...
> > > You mean "connect fred/password as sysdba" works? Even when fred
hasn't
> > > been granted sysdba privileges?
> > >
> > > Strangely enough, that's because you've implemented operating system
> > > authentication (by setting up the dba group in Unix or the ORA_DBA (or
> > > ORA_<sid>_DBA) group in NT).
> > >
> > > O/S authentication means "I don't give a damn what you type as part of
the
> > > connect string...I will go out and check whether you, the
machine/domain
> > > User are a member of the appropriate group and see if you are a
member.
If
> > > you are, you're in".
> > >
> > > Try typing this:
> > >
> > > connect lkajdslfkahdlkjfhasdlkfalkjf/dhfkjshdfjshfkjsdhfk as sysdba
> > >
> > > If it works, it's proof (I hope) that O/S authentication is in place
and
> > > working just fine. The point being that whatever you type as the User
and
> > > Password, it's ignored... you as the domain User are already logged
onto
the
> > > network with appropriate group privileges, and those group privileges
are
> > > what Oracle is worried about.
> > >
> > > If this bothers you, then you need to de-implement O/S authentication,
and
> > > implement password file authentication.
> > >
> > > Regards
> > > HJR
> > >
> > > "montserrat mateos" <m.mateos_at_upsa.es> wrote in message
> > > news:3a54820b_at_193.146.156.23...
> > > > I have a problem with oracle, I create a new user and although he
hasn´t
> > > > privilegies as sysdba, he can connect as sysdba, can i do to deny
this
> > > > privilegie
> > > >
> > > > Thanks
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Received on Mon Jan 08 2001 - 02:36:59 CST
 |
 |