Home » RDBMS Server » Security » SYSDBA Login without password (windows 2012, oracle 12c)
SYSDBA Login without password [message #636514] Mon, 27 April 2015 05:44 Go to next message
muktha_22
Messages: 526
Registered: December 2009
Senior Member
Hi,

Hope all is well,

I am able to login into DB without \ wrong password for SYS as SYSDBA within the server.
But no issues while connecting remotely.

When I checked the type of password for the user with below query, it shows PASSWORD authentication only.

select gn.GLOBAL_NAME as "Instance", username, authentication_type
from dba_users du, global_name gn
where authentication_type = 'EXTERNAL'


Also the parameter "os_authent_prefix" is also NULL.

Where is the problem could be?

Kindly provide some idea, eventhough I checked the older forums, not able to get the answer.

Regards
Muktha
Re: SYSDBA Login without password [message #636516 is a reply to message #636514] Mon, 27 April 2015 05:52 Go to previous messageGo to next message
gazzag
Messages: 1082
Registered: November 2010
Location: Bristol, UK
Senior Member
What are the contents of the following file on the server?
%ORACLE_HOME%\network\admin\sqlnet.ora
Re: SYSDBA Login without password [message #636517 is a reply to message #636514] Mon, 27 April 2015 05:56 Go to previous messageGo to next message
Michel Cadot
Messages: 66475
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

Do not tell us what you think you have.
SHOW US
(How many should we have to repeat it?)

Use SQL*Plus and copy and paste your session(s).
Copy and paste ALL what you see.

Re: SYSDBA Login without password [message #636519 is a reply to message #636517] Mon, 27 April 2015 06:20 Go to previous messageGo to next message
muktha_22
Messages: 526
Registered: December 2009
Senior Member
/forum/fa/12650/0/HI,

My sqlnet file is having:

SQLNET.AUTHENTICATION_SERVICES=(NTS)
SQLNET.ALLOWED_LOGON_VERSION_server=8
SQLNET.ALLOWED_LOGON_VERSION_client=8
tcp.validnode_checking = YES


I hope, the parameter "SQLNET.AUTHENTICATION_SERVICES=(NTS)" may not be the issue.
Because in one our another DB having this parameter, but not allow us to enter with wrong password.

Here is the steps, I am performing to login.
  • Attachment: SYS login.JPG
    (Size: 48.65KB, Downloaded 565 times)
Re: SYSDBA Login without password [message #636521 is a reply to message #636519] Mon, 27 April 2015 06:33 Go to previous messageGo to next message
gazzag
Messages: 1082
Registered: November 2010
Location: Bristol, UK
Senior Member
This is why you should do as Michel suggests and Copy & Paste to SHOW us what you are doing. It will help eliminate misunderstandings. Now, if I understand you correctly, you have the opposite issue to what I assumed. Have you created a password file?
Re: SYSDBA Login without password [message #636522 is a reply to message #636521] Mon, 27 April 2015 06:39 Go to previous messageGo to next message
muktha_22
Messages: 526
Registered: December 2009
Senior Member
Hi,

Yes, of course we have it already in the location of "C:\Oracle\Ora12C\*****\HOME\DBS\database".

Regards
Muktha
Re: SYSDBA Login without password [message #636523 is a reply to message #636522] Mon, 27 April 2015 06:42 Go to previous messageGo to next message
gazzag
Messages: 1082
Registered: November 2010
Location: Bristol, UK
Senior Member
Then you must show me what is happening as I have clearly misunderstood you.
Re: SYSDBA Login without password [message #636525 is a reply to message #636523] Mon, 27 April 2015 06:50 Go to previous messageGo to next message
muktha_22
Messages: 526
Registered: December 2009
Senior Member
Hi Gazzag,


Simple,

When I connect to the DB inside the server, I could do, without the password. (As in the screen shot given).
Which is a big threat.

But If I do remotely by Toad, it allows only with the correct password to connect to the DB. Which gets password from the password file.

Regards
Muktha



Re: SYSDBA Login without password [message #636526 is a reply to message #636525] Mon, 27 April 2015 07:00 Go to previous messageGo to next message
gazzag
Messages: 1082
Registered: November 2010
Location: Bristol, UK
Senior Member
Is you connect as SYSDBA remotely you have to supply username and password. That is by design. Why do you think it would be different?
Re: SYSDBA Login without password [message #636532 is a reply to message #636526] Mon, 27 April 2015 07:28 Go to previous messageGo to next message
muktha_22
Messages: 526
Registered: December 2009
Senior Member
Hi,

Yes true, but why it is ignoring the password, while connecting to DB within the server itself. It shouldn't accept the wrong password, right?

Regards
Muktha
Re: SYSDBA Login without password [message #636533 is a reply to message #636532] Mon, 27 April 2015 07:32 Go to previous messageGo to next message
gazzag
Messages: 1082
Registered: November 2010
Location: Bristol, UK
Senior Member
Again, this is by design:
C:\>sqlplus /nolog

SQL*Plus: Release 11.2.0.2.0 Production on Mon Apr 27 13:29:46 2015

Copyright (c) 1982, 2014, Oracle.  All rights reserved.

SQL> connect / as sysdba;
Connected.
SQL>
SQL> connect sys/wrong_password as sysdba
Connected.
SQL>
SQL> connect no_user/wrong_password as sysdba;
Connected.
SQL>


Just to add, only an O/S user that is part of the ora_aba group on the database server will be allowed to connect as SYSDBA with no password. That is secure enough providing you restrict access to that server to regular users.

[Edit: addendum]

[Updated on: Mon, 27 April 2015 07:48]

Report message to a moderator

Re: SYSDBA Login without password [message #636534 is a reply to message #636532] Mon, 27 April 2015 07:50 Go to previous messageGo to next message
Michel Cadot
Messages: 66475
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
muktha_22 wrote on Mon, 27 April 2015 14:28
Hi,

Yes true, but why it is ignoring the password, while connecting to DB within the server itself. It shouldn't accept the wrong password, right?

Regards
Muktha


Because:
1/ SQLNET.AUTHENTICATION_SERVICES=(NTS)
2/ Your OS account is in ORA_DBA OS group

If you don't want to be able to connect without a password then remove one or both of these.

And DO NOT post an image to just post a text.

Re: SYSDBA Login without password [message #636536 is a reply to message #636534] Mon, 27 April 2015 09:03 Go to previous messageGo to next message
muktha_22
Messages: 526
Registered: December 2009
Senior Member
Hi Michel,

Thanks for the reply.

Understood, there is no threat.

But if the management want to remove, then if I set:

SQLNET.AUTHENTICATION_SERVICES=(NONE), will it affect remote login?

Regards
Muktha
Re: SYSDBA Login without password [message #636537 is a reply to message #636536] Mon, 27 April 2015 09:15 Go to previous messageGo to next message
Michel Cadot
Messages: 66475
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

No this affects only local connections.

Re: SYSDBA Login without password [message #636538 is a reply to message #636537] Mon, 27 April 2015 09:18 Go to previous messageGo to next message
cookiemonster
Messages: 13642
Registered: September 2008
Location: Rainy Manchester
Senior Member
If your server accounts are set up right removing it is fairly pointless.
Only DBAs should have access to accounts in the ORA_DBA grouop.
Those same accounts should be able to modify sqlnet.ora.
Re: SYSDBA Login without password [message #636541 is a reply to message #636538] Mon, 27 April 2015 09:28 Go to previous message
muktha_22
Messages: 526
Registered: December 2009
Senior Member
Hi All,

Thanks for your help

Regards
Muktha
Previous Topic: Kerberos connection to ORACLE DB 11.2.0.4 get refused
Next Topic: Oracle Virtual Private Database
Goto Forum:
  


Current Time: Mon Jul 22 05:26:47 CDT 2019