Re: Q.Logic of OS Authentication to start up a db?

"Huiming Li" <huiming_at_pop21.odn.ne.jp> wrote in message news:3ACF28CC.2CDB0A95_at_pop21.odn.ne.jp...
> According to the ORACLE documents, if you want to do
> OS Authentications to start a database, the following
> two steps are necessary:
> 1). puut the os user into DBA group
> 2). set REMOTE_LOGIN_PASSWORD to NONE.
>
> However, according to my understanding, the parameter
> file is referred only when you start up the database.
> At this time, the authentication process has already
> be finished, so why bother to set set REMOTE_LOGIN_PASSWORD.
>
> Please see the following comments:
>
> $sqlplus /nolog
> SQL> connect / as sysdba -- no paramter file referred
> Connected. -- authentication process end
> SQL> startup pfile = initTEST.ora -- only at this time, the parameter
> file will be referred.
>
> Please tell me where I am wrong.
>
> Thanks a lot in advance.
>
> Regards
>
> Lee

Your understanding of the remote_login_passwordfile parameter is incorrect. It can have three values
none, which is the *default*, which will allow 'internal' or as sysdba access only, NO user automatically has sysdba privilege shared, which adds SYS on the list of user automatically getting SYSDBA privilege, will work across multiple instances exclusive, *any* user can be GRANTed SYSDBA privilege, these users are stored in the passwordfile.

The passwordfile is a mechanism to allow you to work with the database even if it is down.
On top of it, Oracle has implemented OS authenticated SYSDBA access (which is your connect / as sysdba) statement,
which will work *always* in *any* circumstance, whether you use a parameter file or not, until you remove the O/S user from the DBA group.

If you want to have SYSDBA privilege on the server *only* , NONE is the correct setting.

Hth,

Sybrand Bakker, Oracle DBA Received on Sat Apr 07 2001 - 10:44:08 CDT