作者 主題: sqlnet.ora之认证迷惑?大牛请进!  (閱讀 12856 次)

0 會員 與 1 訪客 正在閱讀本文。

liang545621

  • 可愛的小學生
  • *
  • 文章數: 1
    • 檢視個人資料
我的测试环境是:
RedHat Linux as5.3+ORACLE11gr2

sqlnet.ora中配了一个认证(SQLNET.AUTHENTICATION_SERVICES)
[oracle@ocm ~]$ cd $ORACLE_HOME/network/admin
vi sqlnet.ora(具体内容如下:)

SQLNET.AUTHENTICATION_SERVICES=(all)
根据官方文档对ALL解释是:all for all authentication methods,是指所有的认证,那应包括操作系统认证,用户名密码认证。一会我们来一一验证!!!

那么我现在来测试一下:
我的监听是:
[oracle@ocm ~]$ lsnrctl status
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 02-MAY-2013 11:36:19
Copyright (c) 1991, 2009, Oracle.  All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date                01-MAY-2013 18:11:19
Uptime                    0 days 17 hr. 25 min. 0 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/product/11.2.0/network/admin/listener.ora
Listener Log File         /u01/app/oracle/diag/tnslsnr/ocm/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ocm.example.com)(PORT=1521)))
Services Summary...
Service "oca" has 1 instance(s).
  Instance "ocm", status READY, has 1 handler(s) for this service...
Service "ocm" has 1 instance(s).
  Instance "ocm", status READY, has 1 handler(s) for this service...
Service "ocp" has 1 instance(s).
  Instance "ocm", status READY, has 1 handler(s) for this service...
The command completed successfully

我的tnsnames.ora是:
vi tnsnames.ora
  gyj =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = ocm)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = ocm)
    )
  )


1.第一种测试:操作系统认证,OK!可以登录数据库!
[oracle@ocm ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 2 11:40:15 2013
Copyright (c) 1982, 2009, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

2.第二种测试:不走监听的用户名密码认证,OK!可以登录数据库!
[oracle@ocm ~]$ sqlplus gyj/gyj
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 2 11:41:16 2013
Copyright (c) 1982, 2009, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
gyj@OCM>


3.第三种测试,走监听的用户密码认证,报错了!,不可以登录数据库!

[oracle@ocm ~]$ sqlplus gyj/gyj@gyj
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 2 11:48:18 2013
Copyright (c) 1982, 2009, Oracle.  All rights reserved.
ERROR:
ORA-12641: Authentication service failed to initialize

Enter user-name:


那我来试试tsnping,这个没问题呀!
[oracle@ocm ~]$ tnsping gyj
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 02-MAY-2013 11:48:50
Copyright (c) 1997, 2009, Oracle.  All rights reserved.
Used parameter files:
/u01/app/oracle/product/11.2.0/network/admin/sqlnet.ora

Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = ocm)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = ocm)))
OK (10 msec)

那我把sqlnet.ora中的认证这行注释掉
[oracle@ocm admin]$ vi sqlnet.ora
#SQLNET.AUTHENTICATION_SERVICES=(all)

再用走监听的用户密码认证,OK!可以登录数据库!
[oracle@ocm ~]$ sqlplus gyj/gyj@gyj
SQL*Plus: Release 11.2.0.1.0 Production on Thu May 2 11:46:27 2013
Copyright (c) 1982, 2009, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
gyj@OCM>

要讨论诉话题就是:ALL怎么理解?为啥走监听的用户密码认证,就不行呢?还需要配什么呢?对于 sqlnet.ora的知识点很多注意点,我们这里就讨论认证ALL的用法?