Oracle’s Password File: remote_login_passwordfile

Oracle’s password file helps you to authenticate the database until the instance has been started. As you can guess, the password cannot be saved in DB , because DBAs will not be able to access database until instance is started.

There are two methods to authentication the DBA:

1. OS authentication.

2. Password file authentication.

The initialization parameter remote_login_passwordfile indicates which method should be used.

Available Values:

1. NONE : No password file is used.  Authentication happens via OS.

2. EXCLUSIVE: This is a default value. Password file can only be used by one database. It enables you to grant SYSDBA or SYSOPER privileges to the users other than SYS. You are also able to change their passwords, which can’t be done in SHARED mode.

Note: Entries in password file is created automatically when you grant SYSDBA or SYSOPER privileges to the user. If user has any of these privileges, entry exists in password file. If you revoke  both of them entry will be deleted automatically.

To check what user entries are located in passwordfile:

select * from v$pwfile_users;

3. SHARED: Means password file is shared and one or more database can use it. But this also means that ONLY SYS user can be added to the password file. And you are not able to change its password.  

Note: Password file can contain non-SYS users, only if they were added before the value of this parameter has been changed to SHARED.

Note:  In Real Application Clusters each instance must have the same value.

Password file is created with the orapwd.