We know that changed a normal user password has no diffrence between a single instance database and a RAC database,we just have to perform "alter user xxx identified by xxx" and the password will be cheanged.
however,if you want to change the sys password with a RAC database use the same way do in a single-instance database,you will be fail.SYS password is instance specific in RAC databases, so you have to change it in every single instance.Tom Kyte said " do not do things as SYS, sys is
special, sys is magical, sys is special, sys is governed by a set of rules different from the rest of the world. Use 'as sysdba' only to perform maintenance operations like shutdown, startup and the such. "
Martin Nash's a article very good,so I Reprinted here for china(can't view wordprocess.com) ORACLE user.
Pre-11g
The example shows:
Change password on node 1
Connect to node 1 using new password successfully
Validate instance name
Connect to node 2 using new password unsuccessfully
Connect to node 2 using original password successfully
Attempt to change password on node 2 to new password fails as password reuse is restricted in profile assigned to SYS
Copy and rename password file from node 1 to node 2 (command not shown, but I use scp)
Connect to both nodes using same password successfully
11g or later
The example shows:
Change password on node 1
Connect to node 1 using new password successfully
Validate instance name
Connect to node 2 using new password unsuccessfully
Connect to node 2 using original password successfully
Change password on node 2 to new password successful even though password reuse is restricted in profile assigned to SYS
Connect to both nodes using same password successfully
The key point is that the password for SYS is instance specific. I don’t really understand why Oracle have not implemented something that updates the SYS password file on all nodes of a clustered database, but maybe some reason why this would not be desirable behaviour. If there is then I can’t see it. A friend has suggested that one solution to this would be to use symbolic links for each instance to point to a common password file (on shared storage).
however,if you want to change the sys password with a RAC database use the same way do in a single-instance database,you will be fail.SYS password is instance specific in RAC databases, so you have to change it in every single instance.Tom Kyte said " do not do things as SYS, sys is
special, sys is magical, sys is special, sys is governed by a set of rules different from the rest of the world. Use 'as sysdba' only to perform maintenance operations like shutdown, startup and the such. "
Martin Nash's a article very good,so I Reprinted here for china(can't view wordprocess.com) ORACLE user.
Pre-11g
The example shows:
Change password on node 1
Connect to node 1 using new password successfully
Validate instance name
Connect to node 2 using new password unsuccessfully
Connect to node 2 using original password successfully
Attempt to change password on node 2 to new password fails as password reuse is restricted in profile assigned to SYS
Copy and rename password file from node 1 to node 2 (command not shown, but I use scp)
Connect to both nodes using same password successfully
SYS@orcl1> alter user sys identified by temp_pass1;
User altered.
SYS@orcl1> connect sys@orcl1/temp_pass1 as sysdba
Connected.
SYS@orcl1> select instance_name from v$instance;
INSTANCE_NAME
----------------
orcl1
SYS@orcl1> connect sys@orcl2/temp_pass1 as sysdba
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
@> connect sys@orcl2/as sysdba
Connected.
SYS@orcl2> select instance_name from v$instance;
INSTANCE_NAME
----------------
orcl2
SYS@orcl2> alter user sys identified by temp_pass1;
alter user sys identified by temp_pass1
*
ERROR at line 1:
ORA-28007: the password cannot be reused
SYS@orcl2>
Need to copy password file from node 1 and rename at this point (or change profile/resource limit)…
SYS@orcl2> connect sys@kn10st1/temp_pass1 as sysdba
Connected.
SYS@orcl1> select instance_name from v$instance;
INSTANCE_NAME
----------------
orcl1
SYS@orcl1> connect sys@kn10st2/temp_pass1 as sysdba
Connected.
SYS@orcl2> select instance_name from v$instance;
INSTANCE_NAME
----------------
orcl2
SYS@orcl2>
11g or later
The example shows:
Change password on node 1
Connect to node 1 using new password successfully
Validate instance name
Connect to node 2 using new password unsuccessfully
Connect to node 2 using original password successfully
Change password on node 2 to new password successful even though password reuse is restricted in profile assigned to SYS
Connect to both nodes using same password successfully
SYS@orcl1> alter user sys identified by temp_pass1;
User altered.
SYS@orcl1> connect sys@orcl1/temp_pass1 as sysdba
Connected.
SYS@orcl1> select instance_name from v$instance;
INSTANCE_NAME
----------------
orcl1
SYS@orcl1> connect sys@orcl2/temp_pass1 as sysdba
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
@> connect sys@orcl2/as sysdba
Connected.
SYS@orcl2> select instance_name from v$instance;
INSTANCE_NAME
----------------
orcl2
SYS@orcl2> alter user sys identified by temp_pass1;
User altered.
SYS@orcl2> connect sys@orcl1/temp_pass1 as sysdba
Connected.
SYS@orcl1> select instance_name from v$instance;
INSTANCE_NAME
----------------
orcl1
SYS@orcl1> connect sys@orcl2/temp_pass1 as sysdba
Connected.
SYS@orcl2> select instance_name from v$instance;
INSTANCE_NAME
----------------
orcl2
SYS@orcl2>
The key point is that the password for SYS is instance specific. I don’t really understand why Oracle have not implemented something that updates the SYS password file on all nodes of a clustered database, but maybe some reason why this would not be desirable behaviour. If there is then I can’t see it. A friend has suggested that one solution to this would be to use symbolic links for each instance to point to a common password file (on shared storage).
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
