Oracle ORAPWD
UNIX syntax:
orapwd file=$ORACLE_HOME/dbs/orapw$ORACLE_SID password=the_secret_password
UNIX example:
orapwd file=/u01/app/oracle/product/11.2.0/db_1/dbs/orapwkrengerdb password=the_secret_password
Windows syntax:
orapwd file=%ORACLE_HOME%\database\PWD%ORACLE_SID%.ora password=the_secret_password
Windows example:
orapwd file=D:\oracle\app\product\11.2.0\db_1\database\PWDKRENGERDB.ora password=the_secret_password
Creating a Password File with ORAPWD
ORAPWD FILE=filename [ENTRIES=numusers] [FORCE={Y|N}] [IGNORECASE={Y|N}]
Argument | Description |
---|---|
FILE |
Name to assign to the password file. You must supply a complete path. If you supply only a file name, the file is written to the current directory. |
ENTRIES |
(Optional) Maximum number of entries (user accounts) to permit in the file. |
FORCE |
(Optional) If y , permits overwriting an existing password file. |
IGNORECASE |
(Optional) If y , passwords are treated as case-insensitive. |
ORAPWD Command Line Argument Descriptions
Platform | Required Name | Required Location) |
---|---|---|
UNIX and Linux | orapwORACLE_SID |
ORACLE_HOME/dbs |
Windows | PWDORACLE_SID.ora |
ORACLE_HOME\database |
Create the Oracle Password
Log on to the database as an administrative user.
Shutdown the database.
On Linux/UNIX:
cd $ORACLE_HOME/dbs
, Windows:cd %ORACLE_HOME%\database
Issue the
orapwd
command:$ orapwd Usage: orapwd file=[fname] password=[sys password] entries=[users] force=[y/n] ignorecase=[y/n] nosysdba=[y/n] $ orapwd file=orapwTEST01 password=geeklab ignorecase=n
file
– name of password file (required)password
– password for SYS will be prompted if not specified at command lineentries
– maximum number of distinct DBA (optional)force
– whether to overwrite existing file (optional)ignorecase
– passwords are case-insensitive (optional)nosysdba
– whether to shut out the SYSDBA logon (optional Database Vault only, deprecated in 11.2)
Add the below parameter in the pfile of the
TEST01
database instance:REMOTE_LOGIN_PASSWORDFILE=exclusive
After all the above has been done, run this statement:
SQL> STARTUP; SQL> select * from v$pwfile_users;
Should this statement return any records, attempt a passwordfile authenticated sysdba connection. Should the connection work, everything is working fine. If the statement returns no records, the database instance must be restarted.
Adding Users to a Password File
Creating a Password File and Adding New Users to It
Follow the instructions for creating a password file as explained in “Creating a Password File with ORAPWD”.
Set the
REMOTE_LOGIN_PASSWORDFILE
initialization parameter toEXCLUSIVE
. (This is the default.)Note:
REMOTE_LOGIN_PASSWORDFILE
is a static initialization parameter and therefore cannot be changed without restarting the database.Connect with
SYSDBA
privileges as shown in the following example, and enter theSYS
password when prompted:CONNECT SYS AS SYSDBA
Start up the instance and create the database if necessary, or mount and open an existing database.
Create users as necessary. Grant
SYSDBA
orSYSOPER
privileges to yourself and other users as appropriate. See “Granting and Revoking SYSDBA and SYSOPER Privileges”, later in this section.
Maintaining a Password File
Expanding the Number of Password File Users
Identify the users who have
SYSDBA
orSYSOPER
privileges by querying theV$PWFILE_USERS
view.Delete the existing password file.
Follow the instructions for creating a new password file using the
ORAPWD
utility in “Creating a Password File with ORAPWD”. Ensure that theENTRIES
parameter is set to a number larger than you think you will ever need.Follow the instructions in “Adding Users to a Password File”.
Removing a Password File
If you determine that you no longer require a password file to authenticate users, you can delete the password file and then optionally reset the REMOTE_LOGIN_PASSWORDFILE
initialization parameter to NONE
. After you remove this file, only those users who can be authenticated by the operating system can perform SYSDBA
or SYSOPER
database administration operations.