Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: connect as sysdba
That's OK. Are you now clear as to what is going on (and was I right??)?!
Regards
HJR
"montserrat mateos" <m.mateos_at_upsa.es> wrote in message
news:3a597e8d$1_at_193.146.156.23...
> I undertand you now, I´m sorry, but I don´t understand the first time.
>
> Thanks.
>
>
> "Howard J. Rogers" <howardjr_at_www.com> escribió en el mensaje
> news:3a55cf39_at_news.iprimus.com.au...
> >
> > "montserrat mateos" <m.mateos_at_upsa.es> wrote in message
> > news:3a55899a$1_at_193.146.156.23...
> > > I think that it isn´t problem because when I create the user i do with
> > > CREATE USER <NAME> IDENTIFIED BY <PASSWORD>, and not EXTERNALLY.
> > >
> > > So, i don´t know.
> > >
> > > Do you have a more ideas??
> > >
> >
> > No, the "externally" thing is used when you want to implement O/S
> > authentication for ordinary users, and requires the username to be equal
to
> > the o/s login name plus whatever you set as your OS_AUTHENT_PREFIX in
the
> > init.ora (OPS$ by default).
> >
> > That's *not* what I was talking about. I was referring to O/S
> > authentication for privileged users (ie, those who can startup,
shutdown,
> > backup and recover the database) ... ie, those with SYSDBA privileges.
> > Completely different mechanism.
> >
> > You've missed my essential point, which is that you said your original
user
> > could connect 'as sysdba' even though he wasn't granted sysdba
privileges.
> > Who were you logged on at the operating system when you tested that? As
> > yourself? If so, your o/s account, presumably being a member of the dba
> > group (or ORA_DBA group on NT), is the thing that counts, not what you
type
> > as the connect string in sqlplus or svrmgrl. The presence of the 'as
> > sysdba' keywords means 'ignore the username and password I've typed in
the
> > connect string, and go check the memberships of the dba group'.
> >
> > Do me a favour: type in 'connect
skjdhkjhfksjfhaksjdshfa/ksdfhskjhfsjfhksj
> > as sysdba' (without the quotes) and tell me what happens (and actually
do
it
> > this time!). My guess is you will connect fine. You might then try
'select
> > user from dual', and my guess is that you'll see yourself logged on as
> > SYS... and if both those guesses are true, you have O/S authentication
for
> > privileged Users set up.
> >
> > Regards
> > HJR
> >
> >
> >
> >
> > > Thanks
> > >
> > > "Howard J. Rogers" <howardjr_at_www.com> escribió en el mensaje
> > > news:3a5575b8_at_news.iprimus.com.au...
> > > > You mean "connect fred/password as sysdba" works? Even when fred
hasn't
> > > > been granted sysdba privileges?
> > > >
> > > > Strangely enough, that's because you've implemented operating system
> > > > authentication (by setting up the dba group in Unix or the ORA_DBA
(or
> > > > ORA_<sid>_DBA) group in NT).
> > > >
> > > > O/S authentication means "I don't give a damn what you type as part
of
the
> > > > connect string...I will go out and check whether you, the
machine/domain
> > > > User are a member of the appropriate group and see if you are a
member.
If
> > > > you are, you're in".
> > > >
> > > > Try typing this:
> > > >
> > > > connect lkajdslfkahdlkjfhasdlkfalkjf/dhfkjshdfjshfkjsdhfk as sysdba
> > > >
> > > > If it works, it's proof (I hope) that O/S authentication is in place
and
> > > > working just fine. The point being that whatever you type as the
User
and
> > > > Password, it's ignored... you as the domain User are already logged
onto
the
> > > > network with appropriate group privileges, and those group
privileges
are
> > > > what Oracle is worried about.
> > > >
> > > > If this bothers you, then you need to de-implement O/S
authentication,
and
> > > > implement password file authentication.
> > > >
> > > > Regards
> > > > HJR
> > > >
> > > > "montserrat mateos" <m.mateos_at_upsa.es> wrote in message
> > > > news:3a54820b_at_193.146.156.23...
> > > > > I have a problem with oracle, I create a new user and although he
hasn´t
> > > > > privilegies as sysdba, he can connect as sysdba, can i do to deny
this
> > > > > privilegie
> > > > >
> > > > > Thanks
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Received on Mon Jan 08 2001 - 03:06:39 CST