Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: W2000 connect / as sysdba problem

Re: W2000 connect / as sysdba problem

From: Howard J. Rogers <hjr_at_dizwell.com>
Date: Fri, 30 Apr 2004 22:08:39 +1000
Message-ID: <409241c1$0$436$afc38c87@news.optusnet.com.au>


Kenneth Koenraadt wrote:

> On Fri, 30 Apr 2004 17:55:48 +1000, "Howard J. Rogers"
> <hjr_at_dizwell.com> wrote:
>
> It most certainly is. The fact is that *whenever* you want to use
> O/S-authentication, you *should* set R_L_P = NONE. The fact that you
> can (sometimes) get away with not doing it, is merely a lucky punch.
>
> R_L_P = NONE is the best, the safest and the recommended way. Period.

That is just not the case, and has the smell of sour grapes about it to boot. It's NOT what you originally posted (you said NONE *had* to be set, not that it was "safe", "recommended" or "best". There's a difference between "must" and "can"). It's NOT the problem for the original poster. And it's NOT even true, because I can (and did) demonstrate that the setting of RLP has no bearing on the matter.

Believe the Oracle documentation if you want to, but it's been wrong for many, many years. O/S authentication is *always* checked first, and password file authentication kicks in if it fails. There is nothing you have to do to switch O/S authentication on as far as the database is concerned apart from add the right users into the correct O/S groups. Period.

>>>If you logon to
>>>the server  *remotely* with e.g. a Domain user account, which is also
>>>a member of the local ORA_DBA group  you *won't* be able to "connect /
>>>as sysdba". I guess that's why it is called
>>>"remote_login_passwordfile" and not "local_login_passwordfile"
>>
>>Well, since it's a remote connection, you won't be able to connect / as 
>>sysdba *at all* because there needs to be a tnsnames alias in there 
>>somewhere (somewhere I can never get right in any case: sqlplus "/@win92 
>>as sysdba" isn't doing it for me!).

>
>
> Yes you will.
> You logon to the server with a domain user being a member of the local
> ORA_DBA group. With R_L_P=NONE, and sqlnet.ora properly set, I can
> connect / as sysdba easily. Have done it hundreds of times.

Define "properly setting" sqlnet.ora (because the other setup steps you mention are obvious and non-contentious, though the RLP=NONE setting is clearly superfluous as my earlier post demonstrated), and then explain why the Oracle documentation you so laud in one regard now gets ignored. Because it clearly describes having to put a tnsnames alias somewhere in the connection string for remote logins to work. Quote:

"For a remote database connection over a secure connection, the user must also specify the net service name of the remote database:

CONNECT /@net_service_name AS SYSDBA
CONNECT /@net_service_name AS SYSOPER
"
Unquote.

Sorry Kenneth, but you're demonstrably not right on the RLP topic, unless you can post an opposing test case, instead of merely claiming "hundreds" of non-demonstrated personal annecdotes.

On the grounds that though you can lead a horse to water, you can't force it to drink that which it finds unpalatable, I guess the thread ends here.

HJR Received on Fri Apr 30 2004 - 07:08:39 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US