Oracle ORAPWD#
UNIX syntax:
orapwd file=$ORACLE_HOME/dbs/orapw$ORACLE_SID password=the_secret_password
UNIX example:
orapwd file=/u01/app/oracle/product/11.2.0/db_1/dbs/orapwkrengerdb password=the_secret_password
Windows syntax:
orapwd file=%ORACLE_HOME%\database\PWD%ORACLE_SID%.ora password=the_secret_password
Windows example:
orapwd file=D:\oracle\app\product\11.2.0\db_1\database\PWDKRENGERDB.ora password=the_secret_password
Creating a Password File with ORAPWD#
ORAPWD FILE=filename [ENTRIES=numusers] [FORCE={Y|N}] [IGNORECASE={Y|N}]
| Argument | Description |
|---|---|
FILE |
Name to assign to the password file. You must supply a complete path. If you supply only a file name, the file is written to the current directory. |
ENTRIES |
(Optional) Maximum number of entries (user accounts) to permit in the file. |
FORCE |
(Optional) If y, permits overwriting an existing password file. |
IGNORECASE |
(Optional) If y, passwords are treated as case-insensitive. |
ORAPWD Command Line Argument Descriptions
| Platform | Required Name | Required Location) |
|---|---|---|
| UNIX and Linux | orapwORACLE_SID |
ORACLE_HOME/dbs |
| Windows | PWDORACLE_SID.ora |
ORACLE_HOME\database |
Create the Oracle Password#
Log on to the database as an administrative user.
Shutdown the database.
On Linux/UNIX:
cd $ORACLE_HOME/dbs, Windows:cd %ORACLE_HOME%\databaseIssue the
orapwdcommand:$ orapwd Usage: orapwd file=[fname] password=[sys password] entries=[users] force=[y/n] ignorecase=[y/n] nosysdba=[y/n] $ orapwd file=orapwTEST01 password=geeklab ignorecase=n
file– name of password file (required)password– password for SYS will be prompted if not specified at command lineentries– maximum number of distinct DBA (optional)force– whether to overwrite existing file (optional)ignorecase– passwords are case-insensitive (optional)nosysdba– whether to shut out the SYSDBA logon (optional Database Vault only, deprecated in 11.2)
Add the below parameter in the pfile of the
TEST01database instance:REMOTE_LOGIN_PASSWORDFILE=exclusive
After all the above has been done, run this statement:
SQL> STARTUP; SQL> select * from v$pwfile_users;
Should this statement return any records, attempt a passwordfile authenticated sysdba connection. Should the connection work, everything is working fine. If the statement returns no records, the database instance must be restarted.
Adding Users to a Password File#
Creating a Password File and Adding New Users to It
Follow the instructions for creating a password file as explained in “Creating a Password File with ORAPWD”.
Set the
REMOTE_LOGIN_PASSWORDFILEinitialization parameter toEXCLUSIVE. (This is the default.)Note:
REMOTE_LOGIN_PASSWORDFILEis a static initialization parameter and therefore cannot be changed without restarting the database.Connect with
SYSDBAprivileges as shown in the following example, and enter theSYSpassword when prompted:CONNECT SYS AS SYSDBA
Start up the instance and create the database if necessary, or mount and open an existing database.
Create users as necessary. Grant
SYSDBAorSYSOPERprivileges to yourself and other users as appropriate. See “Granting and Revoking SYSDBA and SYSOPER Privileges”, later in this section.
Maintaining a Password File#
Expanding the Number of Password File Users
Identify the users who have
SYSDBAorSYSOPERprivileges by querying theV$PWFILE_USERSview.Delete the existing password file.
Follow the instructions for creating a new password file using the
ORAPWDutility in “Creating a Password File with ORAPWD”. Ensure that theENTRIESparameter is set to a number larger than you think you will ever need.Follow the instructions in “Adding Users to a Password File”.
Removing a Password File
If you determine that you no longer require a password file to authenticate users, you can delete the password file and then optionally reset the REMOTE_LOGIN_PASSWORDFILE initialization parameter to NONE. After you remove this file, only those users who can be authenticated by the operating system can perform SYSDBA or SYSOPER database administration operations.