Re: password file on rac

On Sun, 11 Dec 2005 03:31:26 GMT, Mladen Gogala <gogala_at_sbcglobal.net> wrote:
>On Tue, 06 Dec 2005 22:20:12 -0800, Andreas Sheriff wrote:
[snip]
>Actually, it's exactly the opposite. Privileged users will be
>authenticated by OS only if the use of password file is explicitly
>disabled:
>
>REMOTE_LOGIN_PASSWORDFILE

[snip]
>Note:
>The value EXCLUSIVE is supported for backward compatibility. It now has
>the same behavior as the value SHARED.
>
>> Because these password files are private to each instance,
>
>I believe they're not private, as the above manual says. This is a page
>from 10.2 reference manual.

The 10.2 Reference is incorrect: it describes a change that was planned but not implemented. The settings for the parameter and associated behaviors remain the same as before 10.2.

Also, to clarify the usage--the password file is used for authentication of SYSDBA/SYSOPER connects under the following conditions:

• the file is provided (above parameter is not NONE) and it is usable by Oracle, and...
• the connect request supplies a password, and...
• you are connecting via the Oracle Net listener (as opposed to local via ORACLE_SID) -or- you are local but not authorized by the OS (not a member of the OSDBA or OSOPER groups).

As implied by the third point, when you do a local connect via ORACLE_SID, as SYSDBA or SYSOPER, and you supply a password, the OS check of group membership is done first, and the password file is consulted only if that fails (i.e. only if your OS logon is not authorized to the dba/oper groups).

This description pertains to Oracle on Unix/Linux without ASO. There may be differences on other platforms or with ASO.

N.B. The email address on this posting is not monitored.

--
Bill Manry - Oracle Corp.
Opinions are mine, not Oracle's.