Creating a Password File- Creating a Database

Creating a password file is optional. There are some good reasons for requiring a password file:

•     You want to assign non-sys users sys* privileges (sysdba, sysoper, sysbackup, and so on).

•     You want to connect remotely to your database via Oracle Net with sys* privileges.

•     You want to set up Oracle Data Guard need the password files on the standby servers.

•     An Oracle feature or utility requires the use of a password file.

Perform the following steps to implement a password file:

1. Create the password file with the orapwd utility.

2. Set the initialization parameter REMOTE_LOGIN_PASSWORDFILE to EXCLUSIVE.

3. In a Linux/Unix environment, use the orapwd utility to create a password file, as follows:

In a Linux/Unix environment, the password file is usually stored in ORACLE_HOME/ dbs; in Windows, it’s typically placed in the ORACLE_HOME\database directory.

The format of the filename that you specify in the previous command may vary by OS. For instance, in Windows the format is PWD<ORACLE_SID>.ora.

To enable the use of the password file, set the initialization parameter REMOTE_ LOGIN_PASSWORDFILE to EXCLUSIVE (this is the default value). If the parameter is not set to EXCLUSIVE, then you’ll have to modify your parameter file:

You need to stop and start the instance to instantiate the prior setting.

You can add users to the password file via the GRANT <any SYS privilege> statement. You want to be careful with these privileges and the use of the password file for secure configurations. Only the accounts that need these privileges should be granted

along with access to the password file. The following example grants SYSDBA privileges to the mmalcher user (and thus adds mmalcher to the password file):

SQL> grant sysdba to mmalcher; Grant succeeded.

Enabling a password file also allows you to connect to your database remotely with SYS*-level privileges via an Oracle Net connection. This example shows the syntax for a remote connection with SYSDBA-level privileges:

$ sqlplus <username>/<password>@<database connection string> as sysdba

This allows you to do remote maintenance with sys* privileges (sysdba, sysoper, sysbackup, and so on) that would otherwise require you logging in to the database server physically. You can verify which users have sys* privileges by querying the V$PWFILE_ USERS view:

SQL> select * from v$pwfile_users;

The concept of a privileged user is also important to RMAN backup and recovery. Like SQL*Plus, RMAN uses OS authentication and password files to allow privileged users to connect to the database. Only a privileged account is allowed to back up, restore, and recover a database.

Leave a Reply

Your email address will not be published. Required fields are marked *