REMOTE_LOGIN_PASSWORDFILE

REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file.

Values

• shared

  One or more databases can use the password file. The password file can contain SYS and non-SYS users.

  When REMOTE_LOGIN_PASSWORDFILE is set to shared:

  • The SYS password cannot be changed. If you try, the password change operation fails with "ORA-28046: Password change for SYS disallowed."

  • The password of any user who has SYS* admin privileges (SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, SYSKM) cannot be changed. If you try, the password change operation fails with "ORA-01999: password file cannot be updated in SHARED mode."

  • Grants of SYS* admin privileges (SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, SYSKM) to individual users are not allowed. For example, grant sysdba to scott fails with "ORA-01999: password file cannot be updated in SHARED mode." Similarly, revoke of SYS* admin privileges fails.

  • If the password file does not exist, then the behavior is the same as setting REMOTE_LOGIN_PASSWORDFILE to none.

• exclusive

  The password file can be used by only one database. The password file can contain SYS and non-SYS users.

  When REMOTE_LOGIN_PASSWORDFILE is set to exclusive, if the password file does not exist, then the behavior is the same as setting REMOTE_LOGIN_PASSWORDFILE to none.

• none

  Oracle ignores any password file. Therefore, privileged users must be authenticated by the operating system.

When remote login is attempted (such as sqlplus sys/password_for_sys@tns_name_of_database as sysdba), then:

• If a password file does not exist, error "ORA-01031: insufficient privileges" will be raised.

• If the password is incorrect, error "ORA-01017: invalid username/password; logon denied" will be raised.

• If the username is incorrect, error "ORA-01031: insufficient privileges" will be raised.