ITPub博客

首页 > 数据库 > Oracle > sqlnet.ora的SQLNET.AUTHENTICATION_SERVICES

sqlnet.ora的SQLNET.AUTHENTICATION_SERVICES

Oracle 作者:lovestanford 时间:2014-02-12 17:15:53 0 删除 编辑

之前http://www.dbaxiaoyu.com/archives/554 遇见过一个linux oracle的grid用户登录失败的例子,报出的是权限不足,当时没有过多的去注意这个事情。最近看了下官档对于登录验证服务的介绍文件 sqlnet.ora,算是纠正了小鱼的一点错误理解。

刚开始接触oracle时还是主要在windows上接触的,就windows上一般$ORACLE_HOME/network/admin/sqlnet.ora文件中一般会这么写:

# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.

SQLNET.AUTHENTICATION_SERVICES = (NTS)

其中的SQLNET.AUTHENTICATION_SERVICES是表示登录oracle的验证方式,而NTS则是 Windows NT native authentication,所以在linux下这么设置登录oracle database会出现
[oracle@ora10g admin]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Wed Jun 19 18:45:32 2013

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

ERROR:
ORA-01031: insufficient privileges

Enter user-name:

那么当设置sqlnet.ora中的SQLNET.AUTHENTICATION_SERVICES = (NTS)时在windows下可以用os认证登录,而在linux下面则不能使用os认证登录。
官档上摘要的SQLNET.AUTHENTICATION_SERVICES描述:
SQLNET.AUTHENTICATION_SERVICES
Purpose
Use the parameter SQLNET.AUTHENTICATION_SERVICES to enable one or more authentication services. If authentication has been installed, it is recommended that this parameter be set to either none or to one of the authentication methods.
Default
None
Values
Authentication Methods Available with Oracle Net Services:
? none for no authentication methods. A valid username and password can be used to access the database.
? all for all authentication methods
? nts for Windows NT native authentication
Authentication Methods Available with Oracle Advanced Security:
? kerberos5 for Kerberos authentication
? radius for RADIUS authentication
? dcegssapi for DCE GSSAPI authentication
根据o的官档介绍和测试,设置nts显然在linux下是不合理的,此时只能用用户名密码登录到oracle server,而不能使用os验证登录,可见NTS是windows的专属。

设置all则在linux下面都是可以使用os验证登录的。
[oracle@ora10g admin]$ cat sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (ALL)

[oracle@ora10g admin]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Wed Jun 19 18:52:32 2013

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

然而SQLNET.AUTHENTICATION_SERVICES = (ALL)在windows下则会出现验证失败。
C:\Users\Administrator>sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on 星期三 6月 19 18:09:13 2013

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:
ORA-12641: 验证服务无法初始化

[oracle@rac01 crsd]$ oerr ora 12641
12641, 00000, "Authentication service failed to initialize"
// *Cause: The authentication service failed during initialization.
// *Action: Enable tracing to determine the exact error.

那么当设置sqlnet.ora中的SQLNET.AUTHENTICATION_SERVICES =(ALL)在linux环境下面是可以os验证登录的,而在windows下则会出现ora-12641服务无法初始化。

当设置SQLNET.AUTHENTICATION_SERVICES =(NONE)时,windows和linux下都无法使用os 验证登录。
Linux环境下:
[oracle@ora10g admin]$ vi sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES=(NONE)

[oracle@ora10g admin]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Jun 20 10:23:59 2013

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

ERROR:
ORA-01031: insufficient privileges

Enter user-name:

Windows环境下:
C:\Users\Administrator>sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 20 09:40:52 2013

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:
ORA-01031: 权限不足

请输入用户名:

当不使用sqlnet.ora文件时:
Windows环境下:
C:\Users\Administrator>sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on 星期四 6月 20 09:41:45 2013

Copyright (c) 1982, 2005, Oracle. All rights reserved.

ERROR:
ORA-01031: 权限不足

Linux环境下:
[oracle@ora10g admin]$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Thu Jun 20 10:29:05 2013

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

一般默认安装下,linux上默认不存在sqlnet.ora文件,而windows上则存在sqlnet.ora文件,且SQLNET.AUTHENTICATION_SERVICES =(NTS),此时在windows和linux上都是允许os验证登录的。

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/21754115/viewspace-1080387/,如需转载,请注明出处,否则将追究法律责任。

下一篇: Oracle 11gR2 SCAN
请登录后发表评论 登录
全部评论

注册时间:2012-09-27

  • 博文量
    213
  • 访问量
    974747