ORACLE11g REDO_TRANSPORT_USER参数
2013-12-21 12:22
225 查看
一般DataGuard库的搭建,需要从主库获取spfile、standbycontrol以及口令文件,这样DG库才可以和主库同步。
当主库的sys口令进行了修改时,DG库则无法进行同步,会出现
需要解决该错误可以将主库上最新的口令文件传输至DG库,这样主库与DG库则可以重新同步。
同样也可以不用将主库上最新的口令文件传输至DG库上,可以设置REDO_TRANSPORT_USER参数来解决该问题。
在MOS上有详细说明:How to make log shipping to continue work without copying password file from primary to physical standby when changing sys password on primary? (文档 ID 1416595.1)
APPLIES TO:
Oracle Database - Enterprise Edition - Version 11.1.0.6 to 11.2.0.4 [Release 11.1 to 11.2]
Information in this document applies to any platform.
***Checked for relevance on 24-Sep-2013***
The solution applies to 11g and above Data Guard environment or log transport from source database to target database.
GOAL
This is 11.2.0 Data Guard.
Whenever SYS password is changed in Primary DB, you need to copy password file from primary to Standby databases . Otherwise, the log shipping will fail with ora-16191.
Considering the number of Primary databases and Standby databases, it is tedious to copy password files from primary databases to the standby databases.
Is there any workaround to avoid copying of password file from primary to Standby ?
SOLUTION
The password for the sys user needs to be the same on the standby as the primary's when a remote login password file is used for redo transport authentication.
That's why you need to copy the password file from the primary to the standby after changing the sys password on the primary database.
However, the 11g database introduces a new init parameter REDO_TRANSPORT_USER which specifies the name of the user whose password verifier is used when a remote login password file is used for redo transport authentication. This user must have SYSOPER privileges and must have the same password in the database that initiates the redo transport session and in the database that is the target of the redo transport session.
If this parameter is not specified, then the password verifier of the SYS user will be used when a remote login password file is used for redo transport authentication.
Conclusion: As long as you specify REDO_TRANSPORT_USER to a user who has SYSOPER privileges on both the primary and the standby databases, then you don't need to copy the password file from the primary database to the standby database whenever you change the sys password on the primary database.
SQL> GRANT SYSOPER to &USER;
SQL> ALTER SYSTEM SET REDO_TRANSPORT_USER = <user_name> SID='*';
The user you specified for REDO_TRANSPORT_USER must be an existing user in the database which exactly matches the value of the USERNAME column of a row in the V$PWFILE_USERS view and the value of the SYSDBA or SYSOPER column of the row must also be TRUE.
If you need to change the password for the user specified in REDO_TRANSPORT_USER, then you would need to copy the password file from the primary to the standby site.
Reference: http://docs.oracle.com/cd/E11882_01/server.112/e25608/create_ps.htm Oracle® Data Guard Concepts and Administration
11g Release 2 (11.2)
Part Number E25608-03
3.1.2 Configure Redo Transport Authentication
Note: As the redo transport authentication with a remote login password file worked before you changed the sys password, assume
the following are true before and after you changed the sys password on the primary database.
- The Initialization Parameter 'REMOTE_LOGIN_PASSWORDFILE' is set to 'SHARED' or 'EXCLUSIVE' on the Primary and Standby Database.
- The password file on the Primary and Standby Database is located under $ORACLE_HOME/dbs for unix platform or $ORACLE_HOME\database
for Microsoft Windows platform.
- The password file name is called orapw<primary instance_name> for the primary database and orapw<standby instance_name> for the
standby database. The password file name format for the Microsoft Windows platform is pwd<instance_name>.ora.
You could find the instance_name by login as sysdba :
sqlplus / as sysdba
SQL> show parameter instance_name;
- The Initialization Parameter 'SEC_CASE_SENSITIVE_LOGON' is set to false to disable the password case sensitivity in the database for 11g primary and the standby databases.
当主库的sys口令进行了修改时,DG库则无法进行同步,会出现
ORA-01031: insufficient privileges错误。
需要解决该错误可以将主库上最新的口令文件传输至DG库,这样主库与DG库则可以重新同步。
同样也可以不用将主库上最新的口令文件传输至DG库上,可以设置REDO_TRANSPORT_USER参数来解决该问题。
在MOS上有详细说明:How to make log shipping to continue work without copying password file from primary to physical standby when changing sys password on primary? (文档 ID 1416595.1)
APPLIES TO:
Oracle Database - Enterprise Edition - Version 11.1.0.6 to 11.2.0.4 [Release 11.1 to 11.2]
Information in this document applies to any platform.
***Checked for relevance on 24-Sep-2013***
The solution applies to 11g and above Data Guard environment or log transport from source database to target database.
GOAL
This is 11.2.0 Data Guard.
Whenever SYS password is changed in Primary DB, you need to copy password file from primary to Standby databases . Otherwise, the log shipping will fail with ora-16191.
Considering the number of Primary databases and Standby databases, it is tedious to copy password files from primary databases to the standby databases.
Is there any workaround to avoid copying of password file from primary to Standby ?
SOLUTION
The password for the sys user needs to be the same on the standby as the primary's when a remote login password file is used for redo transport authentication.
That's why you need to copy the password file from the primary to the standby after changing the sys password on the primary database.
However, the 11g database introduces a new init parameter REDO_TRANSPORT_USER which specifies the name of the user whose password verifier is used when a remote login password file is used for redo transport authentication. This user must have SYSOPER privileges and must have the same password in the database that initiates the redo transport session and in the database that is the target of the redo transport session.
If this parameter is not specified, then the password verifier of the SYS user will be used when a remote login password file is used for redo transport authentication.
Conclusion: As long as you specify REDO_TRANSPORT_USER to a user who has SYSOPER privileges on both the primary and the standby databases, then you don't need to copy the password file from the primary database to the standby database whenever you change the sys password on the primary database.
SQL> GRANT SYSOPER to &USER;
SQL> ALTER SYSTEM SET REDO_TRANSPORT_USER = <user_name> SID='*';
The user you specified for REDO_TRANSPORT_USER must be an existing user in the database which exactly matches the value of the USERNAME column of a row in the V$PWFILE_USERS view and the value of the SYSDBA or SYSOPER column of the row must also be TRUE.
If you need to change the password for the user specified in REDO_TRANSPORT_USER, then you would need to copy the password file from the primary to the standby site.
Reference: http://docs.oracle.com/cd/E11882_01/server.112/e25608/create_ps.htm Oracle® Data Guard Concepts and Administration
11g Release 2 (11.2)
Part Number E25608-03
3.1.2 Configure Redo Transport Authentication
Note: As the redo transport authentication with a remote login password file worked before you changed the sys password, assume
the following are true before and after you changed the sys password on the primary database.
- The Initialization Parameter 'REMOTE_LOGIN_PASSWORDFILE' is set to 'SHARED' or 'EXCLUSIVE' on the Primary and Standby Database.
- The password file on the Primary and Standby Database is located under $ORACLE_HOME/dbs for unix platform or $ORACLE_HOME\database
for Microsoft Windows platform.
- The password file name is called orapw<primary instance_name> for the primary database and orapw<standby instance_name> for the
standby database. The password file name format for the Microsoft Windows platform is pwd<instance_name>.ora.
You could find the instance_name by login as sysdba :
sqlplus / as sysdba
SQL> show parameter instance_name;
- The Initialization Parameter 'SEC_CASE_SENSITIVE_LOGON' is set to false to disable the password case sensitivity in the database for 11g primary and the standby databases.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 使用action属性接收参数<a href="user/user!add?name=a&age=8">添加用户</a>
- oracle11g 启动报错 缺少系统参数
- Oracle11g版本中未归档隐藏参数
- 删除用户命令userdel不加-r参数会怎样
- oracle11g安装时内核参数设置
- copy_from_user/copy_to_user函数中的buf参数释疑
- fatal: /etc/postfix/master.cf: line 109: bad transport type: user=vuser
- java解析user-agent参数
- [C/C++]建议在异步调用的函数的Callback中预留UserData参数
- [每日一题] 11gOCP 1z0-052 :2013-09-23 Oracle11g 内存参数设置...................................C7
- 参数或变量中有语法错误。 服务器响应为: mail from address must be same as authorization user
- Oracle11g一些重要的初始化参数
- oracle11g安装部分参数修改
- max_user_connections参数设置试验
- Database mount ID mismatch(ORA-16009: invalid redo transport destination )
- 【oracle11g,10】redo日志文件1:实例故障和介质故障,日志组的操作,查看日志内容
- [每日一题] 11gOCP 1z0-052 :2013-09-23 Oracle11g 内存参数设置...................................C7
- Performing User-Managed Database-18.4、Restoring Datafiles and Archived Redo Logs
- rally SLA及existing user参数使用方法
- 【oracle11g,11】redo日志文件2 :日志恢复 (重点)