关于sqlnet.ora的说明:
*****************************************************FROM ORACLE11G DOCS*************************************
The sqlnet.ora
file is the profile configuration file. It resides on the client machines and the database server. Profiles are stored and implemented using this file. The database server can be configured with access control parameters in thesqlnet.ora
file. These parameters specify whether clients are allowed or denied access based on the protocol.
The sqlnet.ora
file enables you to do the following:
Specify the client domain to append to unqualified names
Prioritize naming methods
Enable logging and tracing features
Route connections through specific processes
Configure parameters for external naming
Configure Oracle Advanced Security
Use protocol-specific parameters to restrict access to the database
By default, the sqlnet.ora
file is located in the ORACLE_HOME/network/admin
directory. Thesqlnet.ora
file can also be stored in the directory specified by theTNS_ADMIN
environment variable.
*****************************************************************************************************************************
从描述中看出,该文件是控制客户端访问数据库服务器的,可以设定多种参数进行访问控制。而在这里作为初学者接触到的最早参数是 sqlnet.authentication_services,说明如下:
************************************************FROM ORACLE11G DOCS******************************************************
SQLNET.AUTHENTICATION_SERVICES
To enable one or more authentication services. If authentication has been installed, then it is recommended that this parameter be set to eithernone
or to one of the authentication methods.
None
Note:
When installing the database with Database Configuration Assistant (DBCA), this parameter may be set tonts
in the
sqlnet.ora
file.
-
Authentication Methods Available with Oracle Net Services:
none
for no authentication methods, including Microsoft Windows native operating system authentication. WhenSQLNET.AUTHENTICATION_SERVICES
is set tonone
, a valid user name and password can be used to access the database.all
for all authentication methods.nts
for Microsoft Windows native operating system authentication.
-
Authentication Methods Available with Oracle Advanced Security:
kerberos5
for Kerberos authentication.radius
for RADIUS authentication.tcps
for SSL authentication.
**********************************************************************************************************************************
从参数的说明可以了解到提供两种服务,net服务和高级安全服务。高级安全服务参数这里不讨论了,讨论一下 none all nts三个参数的作用。
设定sqlnet.authentication_services:
-
none:作用是不允许通过os系统用户登录数据库,需要提供用户名及密码;
-
all:作用是允许所有的登录方式;
-
nts:作用是windows的本地操作系统用户认证;
注:需要说明的是据试验该用户名和密码是指具有sysdba权限的用户;在linux上若用系统用户oracle登录数据库需要设定为all或是注销该字段;
注:linux上默认是没有该文件的,可以手动创建,参考$ORACLE_HOME/network/admin/samples/sqlnet.ora内容,并将之设定在$ORACLE_HOME/network/admin/目录下。
[oracle@centos admin]$ pwd
/oracle/11g/network/admin
[oracle@centos admin]$ cat sqlnet.ora
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
#SQLNET.AUTHENTICATION_SERVICES = (none)
[oracle@centos admin]$
我是从windows上copy过去的,对于linux来讲一般不指定该字段就能使oracle系统用户登录数据库了。
注:如有对该话题有疑问,欢迎留言讨论。