Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: W2000 connect / as sysdba problem

Re: W2000 connect / as sysdba problem

From: <Kenneth>
Date: Fri, 30 Apr 2004 10:40:03 GMT
Message-ID: <40922b89.969874@news.inet.tele.dk>


On Fri, 30 Apr 2004 17:55:48 +1000, "Howard J. Rogers" <hjr_at_dizwell.com> wrote:

>Kenneth Koenraadt wrote:
>[snip]
>>
>>
>> Hi Howard,
>>
>> Can't agree.
>>
>> It's true that you can "connect / as sysdba" even with
>> remote_login_passwordfile =exclusive,
>> but only as long as your user is a *LOCAL* W2K user.
>
>Which is, of course, exactly the case for our original poster, since
>he's doing all of this on his laptop. So even if the rest of what you
>write is true, it's not of relevance to him, is it?

It most certainly is. The fact is that *whenever* you want to use O/S-authentication, you *should* set R_L_P = NONE. The fact that you can (sometimes) get away with not doing it, is merely a lucky punch.

R_L_P = NONE is the best, the safest and the recommended way. Period.

>
>> If you logon to
>> the server *remotely* with e.g. a Domain user account, which is also
>> a member of the local ORA_DBA group you *won't* be able to "connect /
>> as sysdba". I guess that's why it is called
>> "remote_login_passwordfile" and not "local_login_passwordfile"
>
>Well, since it's a remote connection, you won't be able to connect / as
>sysdba *at all* because there needs to be a tnsnames alias in there
>somewhere (somewhere I can never get right in any case: sqlplus "/@win92
>as sysdba" isn't doing it for me!).

Yes you will.
You logon to the server with a domain user being a member of the local ORA_DBA group. With R_L_P=NONE, and sqlnet.ora properly set, I can connect / as sysdba easily. Have done it hundreds of times.

>
>> The doc also states that you must set remote_login_passwordfile =NONE
>> to use OS-authentication on W2k. The fact that a *local* user can
>> somehow bypass it does not affect that.
>>
>> <quote>
>> Set the REMOTE_LOGIN_PASSWORDFILE parameter to NONE in the
>> INIT<SID>.ORA
>> file. This parameter enables operating system authenticated
>> logins for the
>> INTERNAL user.
>> </quote>
>
>Yup, Oracle's course notes always said you had to set R_L_P to NONE too.
>But it isn't true. And this isn't a Windows thing, either, since I used
>to show my students the folly of the 'must set it to NONE' by doing
>exactly the same test as I showed in my last post, but on a Solaris box.
>
>Regards
>HJR
Received on Fri Apr 30 2004 - 05:40:03 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US