谈谈Oracle 10g 密码文件

Oracle 10g实例搜索密码文件时默认是搜索$ORACLE_HOME/dbs目录下面的orapw$ORACLE_SID文件，当orapw$ORACLE_SID文件不存在时，则搜索orapw文件，该密码文件主要存放了sysdba，sysoper权限的用户的密码，并以密文的形式保存在密码文件中。
如
[oracle@dbsvr dbs]$ strings orapwzhoul
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
ZHOUL
2026035BE31C0322
但奇怪的是，当我对zhoul用户收回sysdba权限时，该用户还是在密码文件中保存，并用strings命令查看内容似乎“没变”
[oracle@dbsvr dbs]$ strings orapwzhoul
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
ZHOUL
2026035BE31C0322

通过研究发现，Oracle存在一张 X$KZSRT,[K]ernel [Z]ecurity layer [S]ecurity for [R]emote logins remote Password File [T]able entries用于存放sysdba，sysoper权限的用户，而进一步研究发现
SQL>  alter system flush buffer_cache;

System altered.

SQL>  alter system flush shared_pool;

System altered.

SQL> ALTER SESSION SET EVENTS '10046 trace name context forever, level 12';

Session altered.


SQL> select * from x$kzsrt;

ADDR           INDX    INST_ID USERNAME            SYSDBA    SYSOPER      VALID
-------- ---------- ---------- --------------- ---------- ---------- ----------
B7327B1C          0          1 INTERNAL                 1          1          1
B7327B1C          1          1 SYS                      1          1          1
B7327B1C          2          1 ZHOUL                    1          0         0

SQL> ALTER SESSION SET EVENTS '10046 trace name context off';

Session altered.
获取跟踪文件
PARSING IN CURSOR #11 len=21 dep=0 uid=0 oct=3 lid=0 tim=1289695332968015 hv=3270369302 ad='2e3157f0'
select * from x$kzsrt
END OF STMT
PARSE #11:c=19998,e=18975,p=2,cr=17,cu=0,mis=1,r=0,dep=0,og=1,tim=1289695332968008
BINDS #11:
EXEC #11:c=0,e=69,p=0,cr=0,cu=0,mis=0,r=0,dep=0,og=1,tim=1289695332968140
WAIT #11: nam='SQL*Net message to client' ela= 4 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695332968191
FETCH #11:c=1000,e=955,p=0,cr=0,cu=0,mis=0,r=1,dep=0,og=1,tim=1289695332969765
WAIT #11: nam='SQL*Net message from client' ela= 2901 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695332972817
WAIT #11: nam='SQL*Net message to client' ela= 3 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695332972892
FETCH #11:c=0,e=43,p=0,cr=0,cu=0,mis=0,r=1,dep=0,og=1,tim=1289695332972918
*** 2011-11-07 01:40:26.244
WAIT #11: nam='SQL*Net message from client' ela= 5156056 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695338129047
STAT #11 id=1 cnt=2 pid=0 pos=1 obj=0 op='FIXED TABLE FULL X$KZSRT (cr=0 pr=0 pw=0 time=403 us)'
可以看到我们查看x$kzsrt就是直接读取密码文件，而对用户回收sysdba权限并没有在密码文件中删除，而只是修改了状态位而已，status从1改为0。