[20170111]设置无需口令登录数据库2.txt

[20170111]设置无需口令登录数据库2.txt

--//上午测试无需口令登录数据库，这样连接数据库使用sqlplus /@book ,这样实际上通过网络连接数据库，哪怕是在本机也是这样。

--//思考一下是否绕过。

1.环境：

SCOTT@book> @ &r/ver1

PORT_STRING                    VERSION        BANNER

------------------------------ -------------- --------------------------------------------------------------------------------

x86_64/Linux 2.4.xx            11.2.0.4.0     Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

2.分析2种连接方式：

$ rlsql scott/book

...

SCOTT@book> @ &r/spid

       SID    SERIAL# SPID       PID  P_SERIAL# C50

---------- ---------- ------ ------- ---------- --------------------------------------------------

        12       2075 49033       25        213 alter system kill session '12,2075' immediate;

$ ps -ef | grep 4903[3]

oracle   49033 49032  0 14:50 ?        00:00:00 oraclebook (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))

                                                                                             ~~~~~~~~~~~~~~

--//可以发现本地使用PROTOCOL=beq。(LOCAL=YES)

--//通过网络连接数据库。

$ rlsql /@book as sysdba

SYS@book> @ &r/spid

        24       1631 49055       26        214 alter system kill session '24,1631' immediate;

$ ps -ef | grep 4905[5]

oracle   49055     1  0 14:52 ?        00:00:00 oraclebook (LOCAL=NO)

--//通过网络连接数据库,(LOCAL=NO)

3.突然想起我配置IPC协议模式,顺便补习一些概念：

<a href="http://www.orafaq.com/wiki/IPC">http://www.orafaq.com/wiki/IPC</a>

IPC (Inter Process Communications) is a SQL*Net protocol similar to the BEQ protocol in that it is only used for local

connections (when client and server programs reside on the same system). IPC can be used to establish Dedicated Server

and Shared Server connections. A listener is required to make IPC connections.

--//从介绍看依旧需要网络，只不过仅仅支持本机连接。

--//检查监听配置：

$ cat listener.ora

# listener.ora Network Configuration File: /u01/app/oracle/product/11.2.0.4/dbhome_1/network/admin/listener.ora

# Generated by Oracle configuration tools.

#SUBSCRIBE_FOR_NODE_DOWN_EVENT_LISTENER=OFF

SID_LIST_LISTENER =

   (SID_LIST =

    (SID_DESC =

      (SDU=32767)

      (GLOBAL_DBNAME = book)

      (ORACLE_HOME = /u01/app/oracle/product/11.2.0.4/dbhome_1)

      (SID_NAME = book)

      )

    )

LISTENER =

  (DESCRIPTION_LIST =

    (DESCRIPTION =

      (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521)(RATE_LIMIT=YES))

      (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.100.78)(PORT = 1521)(RATE_LIMIT=YES))

      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))

  )

ADR_BASE_LISTENER = /u01/app/oracle

#DIAG_ADR_ENABLED_LISTENER=OFF

USE_NS_PROBES_FOR_DCD=true

#DYNAMIC_REGISTRATION_LISTENER = off

INBOUND_CONNECT_TIMEOUT_LISTENER=100

CONNECTION_RATE_LISTENER=5

--//在tnsnames.ora中配置加入：

78IPC =

(DESCRIPTION =

        (ADDRESS = (PROTOCOL = IPC)(KEY=EXTPROC1521))

        (CONNECT_DATA =

                (SERVER = DEDICATED)

#                (SID = book)

                (SERVICE_NAME = book)

        )

)

--//执行如下测试：

sqlplus scott/book@78ipc

sqlplus scott/book@(DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521))(CONNECT_DATA=(SERVER=DEDICATED)(SID=book)(SERVICE_NAME=book)))

sqlplus scott/book@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.100.78)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=book)(UR=A)(INSTANCE_NAME=book)(SERVER=DEDICATED)))

--//以上测试ok。如何使用beq连接数据库呢，指配置连接串。

--//google,百度N久，做了许多尝试，最终配置如下通过，在tnsnames.ora中加入:

78BEQ =

  (DESCRIPTION =

    (ADDRESS=(PROTOCOL=BEQ)(PROGRAM =oracle)(ARGV0=oraclebook)

    (ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))')

    (ENVS ='ORACLE_SID=book,ORACLE_HOME=/u01/app/oracle/product/11.2.0.4/dbhome_1'))

sqlplus scott/book@(DESCRIPTION=(ADDRESS=(PROTOCOL=BEQ)(PROGRAM=oracle)(ARGV0=oraclebook)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))')(ENVS='ORACLE_SID=book,ORACLE_HOME=/u01/app/oracle/product/11.2.0.4/dbhome_1)))

--//测试通过:

$ rlsql scott/book@78beq

SCOTT@78beq&gt; @ &amp;r/spid

        12       2091 53815       25        221 alter system kill session '12,2091' immediate;

$ ps -ef | grep 5381[5]

oracle   53815     1  0 09:08 ?        00:00:00 oraclebook (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))

--//很明显这样配置是使用PROTOCOL=BEQ.继续测试:

$ mkstore -wrl /u01/app/oracle/admin/wallets -createCredential 78beq scott book

Oracle Secret Store Tool : Version 11.2.0.4.0 - Production

Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:

Create credential oracle.security.client.connect_string2

$ rlsql /@78beq

SQL*Plus: Release 11.2.0.4.0 Production on Thu Jan 12 09:10:48 2017

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

SCOTT@78beq&gt; show user

USER is "SCOTT"

        24       2281 53872       26        192 alter system kill session '24,2281' immediate;

$ ps -fp 53872

UID        PID  PPID  C STIME TTY          TIME CMD

oracle   53872     1  0 09:10 ?        00:00:00 oraclebook (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))

--//探究纯属无聊...^_^.