In the file sqlnet.ora, located in $ORACLE_HOME/network/admin folder, add the following line:
SQLNET.AUTHENTICATION_SERVICES=(NONE)
Try logging in again by using "/ as sysdba":
No doubt this will prevent the access of "/ as sysdba" when connected as the 'oracle' user (oracle owner account) but the DBA can easily comment the configuration parameter in SQLNET.ORA - if he has the required permisssion on the file.
To avoid this, change the ownership of the sqlnet.ora file to 'root' or any other functional OS user, and provide a read permission to dba/oinstall group.
chown root:oinstall sqlnet.ora
chmod 640 sqlnet.ora
You have stop accessing by changing the permission at OS level. You can also stop accessing at Oracle level just by change the parameter to SQL.AUTHENTICATION=(NONE) in sqlnet.ora file .
ReplyDeleteHave nic tym
Hey Neeraj,
ReplyDeleteThanks for the comment. I am a little unclear, are you agreeing with me or telling me an alternate method?
What I have explained above is at Oracle level by adding the parameter in sqlnet.ora.
I added the changing the owner & permissions part just to add more security - so that oracle user cannot go back and remove that parameter.
If I am wrong, please let me know. :)
Cheers!
Hi Rizwan,
DeleteThanks for your suggestion.
My requirement is to block access of sys or system user from Client or from remote access.
As you block the "/ as sysdba's" access on server site but it allows client users to connect as sys as sysdba if he provides the correct password.
But i want to block sys access from client(Remote) as well as / as sysdba access on local server(local server-where db resides).
Please suggest me what to do?????