DB connection - user SYS with wrong password

Hi all

One strange thing I noticed with the SYS user as Oracle 9i (who has never worked on earlier versions), it is that I can connect to SYS as SYSDBA with wrong password user as well! Please guide how to avoid this...
(I have looked for a solution online but could not find any :())
SQL> CONN SYS/AAA@TEST AS SYSDBA
Connected.
SQL> DISC
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> CONN SYS/BBB@TEST AS SYSDBA
Connected.
SQL>
SQL> DISC
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
* 009 *.

There is nothing wrong, and nothing should be, IMO, prevented.
When you connect to the server as a user in the Group dba (Unix) or group ora_dba (Windows), you are an advanced user and authentication of the o/s applies to you, and you don't need a password .
Login as the owner of the software (oracle) all the time, what do many DBA, is a bad idea in any case, you can remove anyufile o/s level.

Strategies to avoid it:
-Make sure that your account is not in the groups I mentioned
or
-disable authentication of the o/s of editiing sqlnet.ora

The two procedures are documented.

Finally, note someone who has root access can move easily.

-------------------
Sybrand Bakker
Senior Oracle DBA

Tags: Database

Similar Questions

  • Successive connection LDAP fails after the first LDAP authorization: with wrong password

    Hello

    I am currently integration Oracle CC & B utility to LDAP (Sun Directory Server java - SunOne), but I made a post here because CC & B delegates the task of authentication to the server Weblogic (I user WLS version 10).

    In Weblogic, I configured two authentication providers:
    1. the principal is the LDAP authentication provider (defined as optional control indicator)
    2. secondary education is the default authentication provider (defined as optional control indicator)

    Currently, some users of CC & B are stored in LDAP, and some other (more users system) are stored in the default authentication provider.

    To help you make the problem more clear, I did the test with followingscenario:
    1. user LDUser2 (stored in LDAP) login with correct passwrod-> success
    2. the sysuser user (stored in the default authentication provider) connect with incorrect password-> access denied (what is good and normal)
    3. the LDUser2 (stored in LDAP) user login with password-> successful OK
    4. the sysuser user (stored in the default authentication provider) connect with correct password-> successful OK
    5. the user (stored in LDAP) LDUser2 connect with the incorrect password-> denied access, which is normal. However, from this point, the problem starts
    6. the user (stored in LDAP) LDUser2 connect with the right password-> rejected access KO is the problem
    7. connection (also stored in LDAP as LDUser2) LDUser1 with the right password of the user-> big problem of access denied KO
    8. the LDUser7 user (stored in the default authentication provider) connect with the right password-> successful access
    9 restart the server resets the situation, but once a user is stored in the LDAP connection with a wrong password (5 point number), attempts by users stored in LDAP fail.

    It seems that after the first LDAP authentication with wrong password, all users stored in LDAP connection attempts will fail.

    Help, please.
    Thank you.

    Jeffry

    Hello

    The connection attempt is made on console weblogic with the same result?

    If I'm not wrong, until WLS 10.3 it is a problem reported where once the user connects with password and username incorrect, all attempts after that results in the failure of the connection.

    The patch is available with up to 10.3 WLS support

    This might be the question however need to check.

  • attempts to connect with wrong password / expired... Security

    Hello

    I need to know a view dictionary that indicates the user who is trying to connect with wrong password.
    In fact history of connection to the oracle user account.

    indicate the procedure please or configurations for this.

    Thanks in advance.
    AJ

    No, the extent of the Im aware you can't see this (in Oracle) via the dba_audit tables

  • configure error message for locking user even with correct password entry.

    Is there a way to view pages of credentials not valid error when a locked user enters a bad password? But if the same locked user enters a correct password, I want to show locked user error page. As a general rule, assume that a user is in the locked state. But if the user enters a wrong password or correct, I want to display different error pages. Is it possible to configure in OAM?

    There is no way of Quinte-traction before you get there. Account lockout = locking of account regardless of the truth of the password. Thus, as a sort of roundabout, what can be done is: in the URL of account lockout, give a page jsp or a servlet; in this jsp / servlet, read the username and password (the password will come in this jsp?) and make calls to asdk you can know if the password is correct or not.

    Another approach: have nothing in the account lockout url, but have an authentication failure URL. In this url, call a servlet, and then create asdk calls to see if he came here because of the locked a/c, or bad password. Pass the username in a cookie. in this approach, you can do without the user entered password; ASDK call to see if the user is locked.

    I hope this helps.

  • trace the IP / user login database with wrong password machine

    Hi all
    I would like to find information of machine or IP address of the user who is trying to connect to the database with incorrect password.

    I'm on 11g. Please can I know whether it is possible to obtain this information and if yes then how to configure.

    Thank you.

    1 enable auditing of database with pararameter AUDIT_TRAIL

    SQL> show parameter audit_trail;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_trail                          string      DB_EXTENDED

    2 enable auditing of the session

    SQL> audit session;

Audit succeeded.

    3. check the DBA_AUDIT_TRAIL view:

    SQL> select os_username, userhost, username, action_name, timestamp, returncode
  2  from dba_audit_trail
  3  where returncode=1017;

OS_USERNAME
--------------------------------------------------------------------------------
USERHOST
--------------------------------------------------------------------------------
USERNAME                       ACTION_NAME                  TIMESTAMP RETURNCODE
------------------------------ ---------------------------- --------- ----------
pierre
WORKGROUP\PC-de-pierre
HR                             LOGON                        22-FEB-11       1017

    1017 means Oracle ORA-1017 error:

    oerr ora 1017
01017, 00000, "invalid username/password; logon denied"
// *Cause:
// *Action:

    OS_USERNAME is the name of the user account that is trying to connect to Oracle BONES
    USERHOST is the name of the computer where the executable tried to connect.

    Edited by: P. Forstmann on 22 Feb. 2011 13:39

    Edited by: P. Forstmann on 22 Feb. 2011 13:41

  • SlateBookx2: I closed my session with wrong password and I can connect is no longer

    Hey,.

    I blocked my Slatebook session with my usual password before you turn it off. I must have typed wrong twice. Earlier this afternoon, I went from the Tablet, entered the password, and the display shows "wrong password". I've tried dozens of variants (including the cap lock), nothing works.

    Is there a way to reset everything, even if that means reformatting of the Tablet?

    Any suggestion is appreciated.

    Thank you

    Hi Sapiens,

    I would off the tablet of the keyboard if you are only working with the tablet. Try now the power button and selecting "Power Off" when it appears on the screen. Once the unit is off, follow these instructions to reset the unit to the power off state: factory reset instructions.

    Please mark this message as the accepted answer if I solved it your problem.

    Thank you

    hsimo

  • Can not connect to laptop with windows password 8 after update

    Have a new laptop (ASUS) with windows 8. The laptop using my live account from microsoft for the login screen. After that the first windows update, I can not log on the laptop and had to have Best Buy reload windows 8 and start over. There is no way to unlock this processor without the password. This happened once more. I can log in to my account windowslive using a different processor, but cannot unlock the password of login by using the same password, as I did before the update. Other ideas that take over to Best Buy and getting the laptop with windows 7?

    Hi WillieReed,
    Thanks for posting on the Microsoft community!
    Do you see the error codes/messages when you try to connect?

    Here are some solutions: -.
     
    1. ensure that Microsoft account services are running, go to the page of the service status.

    2 reset your password from Microsoft
    To reset your password, or get help with a password and other problems with your Microsoft account, go to reset your password.

    3. check the length of your password
    Make sure that your Microsoft account password length is not more than 16 characters. The current maximum limit is clearly indicated during your initial account registration Microsoft upward, but may not be clear during a password change. The password change process to enter more than 16 characters, but your account will not accept anything more than 16 characters. You can change your password from Microsoft by clicking on change your password. (You may need to connect to your Microsoft account before you can access this Web page.)

    4. get on your Microsoft account to check if its been blocked or pirate by following the link below
    http://Windows.Microsoft.com/en-us/Windows-8/get-back-blocked-hacked-account

     

    5. you can also follow the link below if you have forgotten your Windows password
    http://Windows.Microsoft.com/en-us/Windows-8/forgot-Windows-password

     

    Hope this solves the problem, you can write back to us and we will be happy to help you further.

  • Cannot access my user account with my password and I have not forgotten my password

    I had previously logged into my account and that he would change my password. At first he asked me the current password, then the new password and I typed all this information in. However, he later said that the password was incorrect and that I did not understand why it was inaccurate, since I had just used this password to log on to the account. So I decided to log on my account and try logging in and for some reason any, he says that the password is incorrect. Is it possible that you can help me?

    Hi Ed22,

    Thank you for visiting the website of Microsoft Windows Vista Community. Microsoft technical support engineers cannot help you recover the passwords of the files and Microsoft who are lost or forgotten product features
    For more information about the lost passwords, please see the following Knowledge Base Article:

    http://support.Microsoft.com/kb/189126

    Chris
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Connecting to a remote database (slowed down) with the password file authentication

    Hi all

    I was wondering if it is possible to connect to a remote database is stopped (idle instance) as user sys with sysdba privileges? It is said in the Oracle book - one to page 210 in the section - operating system and the file password authentication:

    Connection with authentication by password file or operating system is always possible, any State of the instance and the database are in and it is necessary to issue commands to START or STOP.

    Above indicates that it is possible, but I can't do it.

    I managed to connect to the remote database that was in mode nomount (see below for more details).

    When I first tried to connect to a remote database (idle instance) using the password file authentication, it gave due to error:
    sqlplus sys@ORCL as sysdba
    SQL * more: Production of the version 11.2.0.3.0 Fri dec 21 13:59:28 2012

    Copyright (c) 1982, 2011, Oracle. All rights reserved.

    Enter the password:
    ERROR:
    ORA-12514: TNS:listener is not currently of service requested in connect
    descriptor of

    Enter the user name:

    After the start of the database in nomount mode I was getting following error:
    sqlplus sys@ORCL as sysdba
    SQL * more: Production of the version 11.2.0.3.0 Fri dec 21 13:48:36 2012

    Copyright (c) 1982, 2011, Oracle. All rights reserved.

    Enter the password:
    ERROR:
    ORA-12528: TNS:listener: all appropriate instances are blocking new connections

    Enter the user name:

    Then I added the clause (UR = A) my listener.ora file and after that it work and I was able to connect:
    sqlplus sys@ORCL as sysdba
    SQL * more: Production of the version 11.2.0.3.0 Fri dec 21 14:04:49 2012

    Copyright (c) 1982, 2011, Oracle. All rights reserved.

    Enter the password:

    Connected to:
    Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production
    With partitioning, OLAP, Data Mining and Real Application Testing options


    SQL >

    I have all the entries of necessairly in tnsnames.ora on my local host.

    Also, I have no problems when connecting as user sys with sysdba when the DB is open, but can't get it working on an idle instance.

    I know I can use OS authentication but want to know if there is a mistake in the book or I'm doing something wrong.

    Kind regards
    Dawid

    Edited by: 978239 2012-12-21 06:24

    I was wondering if it is possible to connect to a remote database is stopped (idle instance) as user sys with sysdba privileges?

    You can, but you need to statically register the database with the listener.

  • work as user SYS have password on the computer of the Oracle

    Hi all

    my need is to work as user SYS with the Oracle server administrator password. I am beginner in Oracle administration. I have no password for SYS. But I have administrator access to the Oracle server. What should I do to restore the regular user password?

    Thanks in advance.

    Are you able to connect as a Windows user who is in the ORA_DBA group?  If so, you should be able to connect as SYS without password.  From a command line, you can

    sqlplus / as sysdba

    If you do this, you can restore any desired password.

    Justin

  • Expiry of the password for user SYS and SYSTEM

    My database 11g 2 on Redhat 5 has sys and system user password expired
    SQL> select username,account_status,EXPIRY_DATE
 from dba_users where username like 'SYS%';
  2
USERNAME                       ACCOUNT_STATUS                   EXPIRY_DA
------------------------------ -------------------------------- ---------
SYSMAN                         OPEN
SYSTEM                         OPEN                             15-FEB-11
SYS                            OPEN                             15-FEB-11
    But I can still connect the databsae with expired password t.

    Should I worry about the expiration of the password of the user these? For a normal user, I can not connect with expired password

    Dear user13148231,

    Here's an illustration;

    SQL> alter user sys account lock;

User altered.
SQL> select username, account_status, lock_date, expiry_date from dba_users where USERNAME='SYS';

USERNAME                      ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
------------------------------------------------------
SYS                                      LOCKED                           20-AUG-10      23-FEB-09

SQL> host sqlplus sys/password@opttest as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:25:43 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> alter user sys identified by password password expire;

User altered.

SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';

USERNAME                      ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
------------------------------------------------------
SYS                                EXPIRED & LOCKED                 20-AUG-10   20-AUG-10

SQL> host sqlplus sys/password@opttest as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:27:02 2010

Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> alter user sys identified by password account unlock;

SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';

USERNAME                       ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
------------------------------ -------------------------------- --------- ---------
SYS                            OPEN

    Even if the State expired and locked it's OK to connect to the database for the user SYS.

    SQL> alter user ogan identified by password account lock password expire;

User altered.

SQL> select username, account_status, lock_date, expiry_date from dba_users where username='OGAN';

USERNAME                       ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
------------------------------ -------------------------------- --------- ---------
OGAN                           EXPIRED & LOCKED                 20-AUG-10 20-AUG-10

SQL> conn ogan/password
ERROR:
ORA-28000: the account is locked

Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> alter user ogan account unlock;

User altered.

SQL> conn ogan/password@opttest
ERROR:
ORA-28001: the password has expired

Changing password for ogan
New password:
Retype new password:
Password changed
Connected.
SQL>

    Ogan

  • I lost my e-mail because that too many attempts to connect you with bad passwords

    I lost my email address. Reason given by MS: too many attempts to connect with wrong passwords. I tried only three times, and one of the Angioma plan was correct. I have since received a PIN number new mailing address, but there is no progress in the recovery of old one that contains vital mail. MS says system overwhelmed by a similar request and I will undermine only by putting in another application. Anyone else out there in the same boat? I'm based in France, but English is the preferred language for this kind of problem!
    * original title - ask and will undermine only if I put in another request. Everyone in the same boat? *

    Hello

    I'm sorry, but we cannot help with hotmail problems in these forums in response to vista

    Please repost your question in hotmail in the hotmail link below forums

    http://windowslivehelp.com/product.aspx?ProductID=1

  • ORA-01031: insufficient privileges with user SYS when I try to log

    Hello

    When I try to connect to our database with the user SYS via TOAD he gives below error.
    ORA-01031: insufficient privileges

    If I use SQLPLUS "/ as sysdba" it's conningting but if I try to use another tool like TOAD I can't connect.

    You could someone help me what is the problem andhow can I connect the user SYS with TOAD.
    version of database is 9.2.0.8.

    Thank you and best regards,

    You set remote_login_passwordfile exclusive.

  • Cannot connect on rman after the user sys password change

    Hello
    After to change the password for user sys does not connect with: target rman.
    Can someone help me?

    Eder

    OK, good luck, if your problem is resolved, examine fence wire and reward the answers 'correct' and 'useful '...

  • Error in creating a Net connection with the user "sys" DBA

    I can log in as user "sys" on site, but can not
    connect as user sys as a network connection.

    situation #1: connect locally... no problem...

    [oracle@localhost ~] $ sqlplus

    SQL * more: Production of release 11.2.0.1.0 sam may 12 23:31:39 2012

    Copyright (c) 1982, 2009, Oracle. All rights reserved.

    Enter the user name: sys as sysdba
    Enter the password:

    Connected to:
    Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production

    situation #2: network connection... "sys" error message - no sufficient privileges...

    SQL > connect sys@orcl as sysdba
    Enter the password:
    ERROR:
    ORA-01031: insufficient privileges

    situation #3: connect network as user 'system'... no problem...

    SQL > connect system@orcl
    Enter the password:
    Connected.

    GabyPR wrote:
    I can log in as user "sys" on site, but can not
    connect as user sys as a network connection.

    situation #1: connect locally... no problem...

    [oracle@localhost ~] $ sqlplus

    SQL * more: Production of release 11.2.0.1.0 sam may 12 23:31:39 2012

    Copyright (c) 1982, 2009, Oracle. All rights reserved.

    Enter the user name: sys as sysdba
    Enter the password:

    Connected to:
    Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production

    situation #2: network connection... "sys" error message - no sufficient privileges...

    SQL > connect sys@orcl as sysdba
    Enter the password:
    ERROR:
    ORA-01031: insufficient privileges

    be GRATEFUL in this case; otherwise anyone can connect to DB from anywhere 'as sysdba'

Maybe you are looking for