REMOTE_LOGIN_PASSWORDFILE


Property Description

Parameter type

String

Syntax

REMOTE_LOGIN_PASSWORDFILE = { shared | exclusive | none }

Default value

exclusive

Modifiable

No

Basic

Yes

Oracle RAC

Multiple instances must have the same value.


REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file.

Values

  • shared

    One or more databases can use the password file. The password file can contain SYS and non-SYS users.

    When REMOTE_LOGIN_PASSWORDFILE is set to shared:

    • The SYS password cannot be changed. If you try, the password change operation fails with "ORA-28046: Password change for SYS disallowed."

    • The password of any user who has SYS* admin privileges (SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, SYSKM) cannot be changed. If you try, the password change operation fails with "ORA-01999: password file cannot be updated in SHARED mode."

    • Grants of SYS* admin privileges (SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, SYSKM) to individual users are not allowed. For example, grant sysdba to scott fails with "ORA-01999: password file cannot be updated in SHARED mode." Similarly, revoke of SYS* admin privileges fails.

    • If the password file does not exist, then the behavior is the same as setting REMOTE_LOGIN_PASSWORDFILE to none.

  • exclusive

    The password file can be used by only one database. The password file can contain SYS and non-SYS users.

    When REMOTE_LOGIN_PASSWORDFILE is set to exclusive, if the password file does not exist, then the behavior is the same as setting REMOTE_LOGIN_PASSWORDFILE to none.

  • none

    Oracle ignores any password file. Therefore, privileged users must be authenticated by the operating system.

When remote login is attempted (such as sqlplus sys/password_for_sys@tns_name_of_database as sysdba), then:

  • If a password file does not exist, error "ORA-01031: insufficient privileges" will be raised.

  • If the password is incorrect, error "ORA-01017: invalid username/password; logon denied" will be raised.

  • If the username is incorrect, error "ORA-01031: insufficient privileges" will be raised.

Note:

If you change REMOTE_LOGIN_PASSWORDFILE to exclusive or shared from none, then ensure that the password file is synchronized with the dictionary passwords. See Oracle Database Administrator's Guide for more information.