| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: As oracle/dba still need internal passwd.. why?
remote_login_passwordfile can be set to SHARED, EXCLUSIVE or NONE.
NONE means all DBA work is done by walking into a secured server room to perform DBA actions.... it's a secure environment, no-one is likely to be able to walk up to the computer I am using and assume my identity, no-one is likely to be able to watch over my shoulder as I log on. All verification is handled by the O/S, and since no-one else can access the O/S via my terminal, it's entirely secure. Given that I've had to provide a keypad password to the server room itself, plus log on to the Unix box with the requisite username and password, I don't see why Oracle should itself require further proof of identity!
EXCLUSIVE means I log on as a DBA in the outside world (a terminal in an open plan office, which I leave from time to time, so anyone could walk up to it and assume my identity). Even if I leave my terminal logged on to the domain, connections to Oracle will require the supply of an additional password, so as long as I don't leave myself logged in to Server Manager, things are pretty safe. What's more, we have three databases to manage, and I only look after one of them.... the other two don't want me on their database, and I don't want them on mine.
SHARED means all of the above, except that the three of us work as one team, and I can look after their databases as much as they can look after mine. So who needs private, database-specific passwords? We just want one set of passwords which will give all of us privileges on each of the databases.
There's no preferred setting on Oracle's part (though EXCLUSIVE is the default). It all depends entirely on where you are, what you are doing, and what your DBA'ing environment is.
Regards
HJR
"Niall Litchfield" <n-litchfield_at_audit-commission.gov.uk> wrote in message
news:968ji4$116$1_at_soap.pipex.net...
> I see no-one else has responded yet. in order to connect with sysdba
> privileges you are authenticated to oracle in one of two ways. Your system
> looks to be set up for password file authentication eg in your init.ora
you
> have the line
>
> remote_login_passwordfile=exclusive.
>
> the alternative is to allow operating system authentication of sysdba
users.
> this is done by setting
>
> remote_login_passwordfile=none
>
> My reading of the documentation suggests that the exclusive setting is
> preferred by oracle since you would then need to know two passwords (an os
> one and an oracle one) in order to perform sysdba type actions. This seems
> pretty reasonable to me.
>
>
> --
> Niall Litchfield
> Oracle DBA
> Audit Commission UK
> "Tony Adolph" <tony.adolph_at_viaginterkom.de> wrote in message
> news:95ugre$tbk$1_at_nnrp1.deja.com...
> > Hello All,
> >
> > I am building a new database (Ora 8i) on Solaris 2.6. I have used the
> > db assistant to create the create scripts and I have set ORACLE_HOME
> > and ORACLE_SID to the new values. But I have a problem: from the
> > oracle account (with dba group) I cannot connect internal using SVRMGRL
> > without a password. I used orapwd to create a password and it works.
> > But why do I need the password when I'm logged in as oracle and am a
> > member of the dba group?
> >
> > Any clues folks?
> >
> > Cheers
> > Tony.
> >
> >
> > Sent via Deja.com
> > http://www.deja.com/
>
>
Received on Mon Feb 12 2001 - 06:23:07 CST
 |
 |