I am new to Oracle. I would like to know how to set login password for sqlplus / as sysdba in oracle 11g.
I want to set the password for my next login. I don't want to login as sqlplus / as sysdba since anyone can log in using sqlplus / sysdba and can easily access the data or change password for the existing user.I need to restrict the login.
Say in a company 5 peoples are working and they are accessing the server with Admin userid and password to login the system and if some-one changes some modifications in the server using sqlplus / as sysdba it will affect the rest of the peoples right so in-order to avoid we need to restrict the login by setting password.
2 Answers 2
You'll need to decide whether you want to use OS authentication or use a password file. See http://docs.oracle.com/cd/E11882_01/server.112/e25494/dba006.htm#i1006628 to help you decide.
Will users administer the database by first logging in to the database server using eg ssh? Then you can use OS authentication.
Best practice for OS authentication: No-one should be logging in as the oracle OS user. Each DBA should have their own OS account and login as that. Their OS account should be a member of the OS DBA group (remember that only members of the OS DBA group can login using sqlplus / as sysdba).
If you want to allow remote administration, then you'll either need a secure connection to the database (just like SSH provides that to the server when administering locally) or you'll need to use a password file.
To disable logging in using only "/" open up sqlnet.ora and change SQLNET.AUTHENTICATION_SERVICES= (NTS) to: SQLNET.AUTHENTICATION_SERVICES= (NONE)
Of course anyone with admin priviliges on the OS level can still login by changing this again or using the orapwd tool to set the SYS password.
-
NB NTS only applies to Windows servers.Colin 't Hart– Colin 't Hart2023年05月24日 14:51:53 +00:00Commented May 24, 2023 at 14:51
oracleOS user. I agree with @Mat, secure the OS user first.