Subscribe to Posts by Email

Subscriber Count

    701

Disclaimer

All information is offered in good faith and in the hope that it may be of use for educational purpose and for Database community purpose, but is not guaranteed to be correct, up to date or suitable for any particular purpose. db.geeksinsight.com accepts no liability in respect of this information or its use. This site is independent of and does not represent Oracle Corporation in any way. Oracle does not officially sponsor, approve, or endorse this site or its content and if notify any such I am happy to remove. Product and company names mentioned in this website may be the trademarks of their respective owners and published here for informational purpose only. This is my personal blog. The views expressed on these pages are mine and learnt from other blogs and bloggers and to enhance and support the DBA community and this web blog does not represent the thoughts, intentions, plans or strategies of my current employer nor the Oracle and its affiliates or any other companies. And this website does not offer or take profit for providing these content and this is purely non-profit and for educational purpose only. If you see any issues with Content and copy write issues, I am happy to remove if you notify me. Contact Geek DBA Team, via geeksinsights@gmail.com

Pages

Dataguard 11g: Log shipping – No more sys password hassles

We all know that sys password is required and should be same on both the primary and standby databases, and many times during switchover, failover we encountered, ORA-01017: invalid username/password; logon denied, due to password mismatch etc.

From 11g Onwards, a new parameter REDO_TRANSPORT_USER has been introduced to overcome this issue,

different user can transmit the redo who has sysoper privileges and no hassles on sys password any more.

 

Alter system set redo_transport_user=dbauser scope=both;

 

According to documentation:-

REDO_TRANSPORT_USER specifies the name of the user whose password verifier is used when a remote login password file is used for redo transport authentication. This user must have SYSOPER privileges and must have the same password in the database that initiates the redo transport session and in the database that is the target of the redo transport session.

If this parameter is not specified, then the password verifier of the SYS user will be used when a remote login password file is used for redo transport authentication.

 

Old Story Basics of secure redo transmission:-

Each database must use a remote login password file. In a Data Guard configuration, all physical and snapshot standby databases must use a copy of the password file from the primary database, and that copy must be refreshed whenever the SYSOPER or SYSDBA privilege is granted or revoked, and after the password of any user with these privileges is changed.

When a password file is used for redo transport authentication, the password of the user account used for redo transport authentication is compared between the database initiating a redo transport session and the target database. The password must be the same at both databases to create a redo transport session.

By default, the password of the SYS user is used to authenticate redo transport sessions when a password file is used.

Now new story:-

Different user password for redo transport authentication by setting this parameter redo_transmission_user to the name of any user who has been granted the SYSOPER privilege, Please note this parameter must be same in both standby/primary databases.

Be aware:-  If the user name exceeds you may encounter this, or if the non resolved username as well.

ORA-16828: invalid value specified for REDO_TRANSPORT_USER ...

 

-Thanks

Geek DBA

Comments are closed.