Oracle RDBMS controls access to the database with the privilege “SYSDBA” through the use of a password file and the initialization parameter REMOTE_LOGIN_PASSWORDFILE. The initialization parameter REMOTE_LOGIN_PASSWORDFILE is normally misunderstood in controlling privileged access to the database, thus leaving our database vulnerable. In this article we will discuss setting of this parameter and how to use it with a password file.
The possible setting of the REMOTE_LOGIN_PASSWORDFILE are:
EXCLUSIVE = This is the default setting for the initialization parameter REMOTE_LOGIN_PASSWORDFILE. ORACLE will use a password file to verify the credentials of a user trying to connect with SYSDBA privileges. The password file cannot be share amongst multiple databases. The password file can contain passwords for any user whom has SYSDBA privileges. The file for an exclusive password is of the format: orapw{SID}.
SHARED = ORACLE will use a password file to verify the credentials of a user trying to connect with SYSDBA privileges. The password file can be share amongst multiple databases on the same server or multiple database instances in a RAC configuration. The password for SYS in a shared password file cannot be modified.
NONE = No password file is used.
Larry Catt, OCP 9i, 10g
oracle@allcompute.com
www.allcompute.com