http://blog.itpub.net/69902769/viewspace-2646974/
修改oracle用户的密码有以下方法:
普通用户
(1)通过alter user语法来进行修改 ,这也是最常见的方式:
(2) 第二种方式,是通过password命令来修改:
从安全性角度来说 ,推荐大家通过第二种方式来修改用户密码,这样可防止明文密码泄露。
sys用户
另外关于sys用户密码,不要使用password以及alter user 方式去修改,原因主要如下:
(1) 当REMOTE_LOGIN_PASSWORDFILE参数设置为shared时,我们使用alter user 修改sys密码时,会报
ORA-28046: Password change for SYS disallowed error.
测试如下:
(2) 大多数内部递归SQL都使用SYS用户。因此,如果您试图在数据库打开时使用ALTER USER语句更改此密码,则可能会导致死锁。
因此,对于sys用户我们需要使用orapwd来进行修改:
[oracle@orcl dbs]$ orapwd file='orapworcl' entries=5 force=y 这里注意等号左右不能有空格;
关于orapwd说明引用官网,如下:
Argument | Description |
---|---|
FILE
|
Name to assign to the password file. You must supply a complete path. If you supply only a file name, the file is written to the current directory. |
ENTRIES
|
(Optional) Maximum number of entries (user accounts) to permit in the file. |
FORCE
|
(Optional) If
y
, permits overwriting an existing password file.
|
IGNORECASE
|
(Optional) If
y
, passwords are treated as case-insensitive.
|
This argument sets the name of the password file being created. You must specify the full path name for the file. This argument is mandatory.
The file name required for the password file is operating system specific. Some operating systems require the password file to adhere to a specific format and be located in a specific directory. Other operating systems allow the use of environment variables to specify the name and location of the password file.
lists the required name and location for the password file on the UNIX, Linux, and Windows platforms. For other platforms, consult your platform-specific documentation.
Table 1-1 Required Password File Name and Location on UNIX, Linux, and Windows
Platform | Required Name | Required Location) |
---|---|---|
UNIX and Linux |
|
ORACLE_HOME
|
Windows |
|
ORACLE_HOME
|
For example, for a database instance with the SID
orcldw
, the password file must be named
orapworcldw
on Linux and
PWDorcldw.ora
on Windows.
In an Oracle Real Application Clusters environment on a platform that requires an environment variable to be set to the path of the password file, the environment variable for each instance must point to the same password file.
Caution:
It is critically important to the security of your system that you protect your password file and the environment variables that identify the location of the password file. Any user with access to these could potentially compromise the security of the connection.
This argument specifies the number of entries that you require the
password file to accept. This number corresponds to the number of
distinct users allowed to connect to the database as
SYSDBA
or
SYSOPER
. The actual number of allowable entries can be higher than the number of users, because the
ORAPWD
utility continues to assign password entries until an operating system
block is filled. For example, if your operating system block size is 512
bytes, it holds four password entries. The number of password entries
allocated is always a multiple of four.
Entries can be reused as users are added to and removed from the password file. If you intend to specify
REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE
, and to allow the granting of
SYSDBA
and
SYSOPER
privileges to users, this argument is required.
Caution:
When you exceed the allocated number of password entries, you must create a new password file. To avoid this necessity, allocate more entries than you think you will ever need.
This argument, if set to
Y
, enables you to overwrite an existing password file. An error is
returned if a password file of the same name already exists and this
argument is omitted or set to
N
.
If this argument is set to
y
, passwords are case-insensitive. That is, case is ignored when
comparing the password that the user supplies during login with the
password in the password file.