<<Back to DB Administration Main Page
Password File Administration
In this post I will discuss about the password file, its usages and how to maintain it. Starting from 12c it is possible to store the password file in a Diskgroup. The benefit of storing a password file in DG is, its shared among the instances in case of RAC and ease the administrationThe COMPATIBLE.ASM disk group attribute must be set to at least 12.1 for the disk group where the password is to be located. The SYSASM privilege is required to manage the
Oracle ASM password file. The SYSDBA privilege on Oracle ASM is required to manage the database password file.
The shared password file in a disk group is managed by ASMCMD commands, the ORAPWD tool, and SRVCTL commands. ORAPWD supports the creation of password files on
an Oracle ASM disk group. All other password file manipulation is performed with ASMCMD or SRVCTL commands.
Important Note :- Before running commands, such as ORAPWD, to create a password file, ensure that the ORACLE_SID and ORACLE_HOME environmental variables have been set properly.
Some Quick Facts about Password File
1> Orapwd is utility used to create Database and ASM password file
2> OS authentication always takes precedence over password file authentication
3> Setting REMOTE_LOGIN_PASSWORDFILE parameter to non ignores password file authentication even if the password file is present
4> Password file cannot be modified if REMOTE_LOGIN_PASSWORDFILE parameter is set to null
5> Creating a password file via orapwd enables remote users to connect with administrative privileges through SQL*Net
6> There must be no spaces around the equal-to ('=') character.
Creating a Password File Located in an Oracle ASM Disk Group
$ orapwd FILE='+DG_TEST_DATA/testa/orapwtesta' ENTRIES=4 DBUNIQUENAME='testa' FORMAT=12Enter password for SYS:
Note:- If you are using 12.2 Format do ensure to use complex password to qualify the defined password complexity
Creating a Database Password File with a SYSBACKUP Entry
$orapwd FILE='+DG_TEST_DATA/testa/orapwtesta' ENTRIES=10 DBUNIQUENAME='testa' SYSBACKUP=yNote: You can create a password file for following Role
SYSDBA |
SYSOPER |
SYSASM |
SYSBACKUP |
SYSDG |
SYSKM |
Creating a Database Password File Located in a File System
$orapwd FILE='/u01/dbatest1/12.2.0.1/dbp1/dbs/orapwtest' ENTRIES=4 FORMAT=12.2
Migrating a Legacy Database Password File to Oracle Database 12c Format
$orapwd FILE='/u01/dbatest1/12.2.0.1/dbp1/dbs/orapwtest' FORMAT=12.2 INPUT_FILE='/u01/dbatest1/12.2.0.1/dbp1/dbs/orapwtest' FORCE=y
Describing a Password File
You can describe the password file to find its format
$orapwd DESCRIBE FILE='/u01/dbatest1/12.2.0.1/dbp1/dbs/orapwtest'
Password file Description : format=12.2
Check the list of users in the password file
SQL> col USERNAME for a25
select USERNAME,SYSDBA,SYSOPER,SYSASM,SYSBACKUP,SYSDG,SYSKM from v$PWFILE_USERS
select USERNAME,SYSDBA,SYSOPER,SYSASM,SYSBACKUP,SYSDG,SYSKM from v$PWFILE_USERS
USERNAME SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM
------------------------- ----- ----- ----- ----- ----- -----
SYS TRUE TRUE FALSE FALSE FALSE FALSE
------------------------- ----- ----- ----- ----- ----- -----
SYS TRUE TRUE FALSE FALSE FALSE FALSE
Adding the user to password file
Grant any of the password file managed privilege to add the user in password file
SQL> grant sysdba to test;
SQL> grant sysbackup to test1;
SQL> grant sysbackup to test1;
Removing the user from password file
To revoke the privilege from password file just revoke the privilegeSQL> Revoke sysdba from test;
Note:- In ASM revoking the privilege from user does not delete the user from password file. To delete the user from password file in ASM you need to drop that user
Where is the Database Password File
$ srvctl config database -d testa
Database unique name: TESTA
Database name: WDTESTDB
Oracle home: /u01/dbatest1/12.2.0.1/dbp1
Oracle user: dbatest1
Spfile: /u01/dbatest1/12.2.0.1/dbp1/dbs/spfileTESTA.ora
Password file: +DG_TEST_DATA/testa/orapwtesta
Domain:
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Disk Groups: DG_TEST_DATA,DG_TEST_FRA,DG_TEST_REDO
Services:
OSDBA group:
OSOPER group:
Database instance: TESTA
Database unique name: TESTA
Database name: WDTESTDB
Oracle home: /u01/dbatest1/12.2.0.1/dbp1
Oracle user: dbatest1
Spfile: /u01/dbatest1/12.2.0.1/dbp1/dbs/spfileTESTA.ora
Password file: +DG_TEST_DATA/testa/orapwtesta
Domain:
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Disk Groups: DG_TEST_DATA,DG_TEST_FRA,DG_TEST_REDO
Services:
OSDBA group:
OSOPER group:
Database instance: TESTA
OR
$ asmcmd pwget --dbuniquename testa
+DG_TEST_DATA/testa/orapwtesta
+DG_TEST_DATA/testa/orapwtesta
How to Delete Database Password File
$orapwd delete=y dbuniquename=testa
How to Migrate Password File from File System to ASM DG
$ srvctl config database -d testa
Database unique name: TESTA
Database name: WDTESTDB
Oracle home: /u01/dbatest1/12.2.0.1/dbp1
Oracle user: dbatest1
Spfile: /u01/dbatest1/12.2.0.1/dbp1/dbs/spfileTESTA.ora
Password file: /u01/dbatest1/12.2.0.1/dbp1/PWDtesta.ora
Domain:
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Disk Groups: DG_TEST_DATA,DG_TEST_FRA,DG_TEST_REDO
Services:
OSDBA group:
OSOPER group:
Database instance: TESTA
Database unique name: TESTA
Database name: WDTESTDB
Oracle home: /u01/dbatest1/12.2.0.1/dbp1
Oracle user: dbatest1
Spfile: /u01/dbatest1/12.2.0.1/dbp1/dbs/spfileTESTA.ora
Password file: /u01/dbatest1/12.2.0.1/dbp1/PWDtesta.ora
Domain:
Start options: open
Stop options: immediate
Database role: PRIMARY
Management policy: AUTOMATIC
Disk Groups: DG_TEST_DATA,DG_TEST_FRA,DG_TEST_REDO
Services:
OSDBA group:
OSOPER group:
Database instance: TESTA
$ asmcmd pwcopy --dbuniquename testa /u01/dbatest1/12.2.0.1/dbp1/PWDtesta.ora +DG_TEST_DATA -f
copying /u01/dbatest1/12.2.0.1/dbp1/PWDtesta.ora -> +DG_TEST_DATA/PWDtesta.ora
copying /u01/dbatest1/12.2.0.1/dbp1/PWDtesta.ora -> +DG_TEST_DATA/PWDtesta.ora
How to Find the ASM Password File
$srvctl config asmASM home: <CRS home>
Password file: +DG_TEST_DATA/orapwasm
Backup of Password file:
ASM listener: LISTENER
Spfile: /u01/oragrid/spfile/spfileASM.ora
ASM diskgroup discovery string: AFD:*
OR
$ asmcmd pwget --asm
+DG_TEST_DATA/orapwasm
How to Delete ASM Password File
$orapwd delete=y asm=yHow to Create ASM Password File
$ orapwd file='+DG_TEST' asm=yEnter password for SYS:
Note: You can also use asmcmd pw* commands to create and manage ASM and Database Password File
ORAPWD
Syntax 12cR1:-orapwd FILE=filename [ENTRIES=numusers] [FORCE={y|n}] [ASM={y|n}]
[DBUNIQUENAME=dbname] [FORMAT={12|legacy}] [SYSBACKUP={y|n}] [SYSDG={y|n}]
[SYSKM={y|n}] [DELETE={y|n}] [INPUT_FILE=input-fname]
Syntax 12cR2
orapwd file=<fname> force=<y/n> asm=<y/n>
dbuniquename=<dbname> format=<12/12.2>
delete=<y/n> input_file=<input-fname>
sys=<y/password/external(<sys-external-name>)>
sysbackup=<y/password/external(<sysbackup-external-name>)>
sysdg=<y/password/external(<sysdg-external-name>)>
syskm=<y/password/external(<syskm-external-name>)>
ASMCMD
pwcopy <=Copies
a password file to the specified location.
pwcreate <=Creates
a password file at the specified location.
pwdelete <=Deletes
a password file at the specified location.
pwget <=Returns the location of the password file.
pwmove <=Moves the location of the password file.
pwset <=Sets the location of the password file.
pwget <=Returns the location of the password file.
pwmove <=Moves the location of the password file.
pwset <=Sets the location of the password file.
orapwusr <=Adds,
drops, or changes an Oracle ASM password user
Attractive section of content. I just stumbled upon your blog and in accession capital to assert that I get actually enjoyed account your blog posts. Anyway I will be subscribing to your feeds and even I achievement you access consistently fast. shipping container sizes and prices
ReplyDeleteOracle Database And Asm Password File Administration >>>>> Download Now
ReplyDelete>>>>> Download Full
Oracle Database And Asm Password File Administration >>>>> Download LINK
>>>>> Download Now
Oracle Database And Asm Password File Administration >>>>> Download Full
>>>>> Download LINK iF