Creating a Password File in ASM Disk Group

Oracle allows storing the password file in an ASM disk group, enhancing security, high availability, and centralized management for both RAC and non-RAC environments.

This post covers two methods to create a password file in ASM:

  1. Using ORAPWD (Command-Line Method)
  2. Using ASMCMD PWCREATE (Recommended for Oracle 12c and Above)

Step 1: Verify the Current Password File

Before creating a new password file, check if one already exists.

Run the following SQL command as SYSDBA:


SELECT name, value FROM v$parameter 
WHERE name = 'remote_login_passwordfile';

Expected Output:


NAME                           VALUE
---------------------------------------------
remote_login_passwordfile      EXCLUSIVE

This confirms that the password file is enabled.

To check the privileged users:


SELECT * FROM v$pwfile_users;

Step 2: Identify the ASM Disk Group

List the available ASM disk groups where the password file can be stored:


SELECT name, state FROM v$asm_diskgroup;

Example Output:


NAME            STATE
----------------------------
+DATA           MOUNTED
+RECO           MOUNTED

Choose a disk group (e.g., +DATA) to store the password file.

Method 1: Create a Password File Using ORAPWD

The orapwd utility creates a password file in an ASM disk group.

Step 2.1: Create the Password File

Run the following command as the oracle user:


orapwd file='+DATA/PWDFILE/pwdPRDPRE' 
password=YourPassword entries=10 force=y
  • file='+DATA/PWDFILE/pwdPRDPRE' → Specifies the ASM disk group and filename.
  • password=YourPassword → Sets the SYS user password.
  • entries=10 → Defines the maximum number of privileged users.
  • force=y → Overwrites an existing password file if one exists.

Note: No specific format version is provided to ensure compatibility with all Oracle versions.

Step 2.2: Verify Password File Creation

Check if the password file exists in ASM:


SELECT name FROM v$asm_alias WHERE group_number IN 
      (SELECT group_number FROM v$asm_diskgroup WHERE name = 'DATA') 
      AND name LIKE 'pwd%';

Expected Output:


NAME
----------
pwdPRDPRE

Method 2: Create a Password File Using ASMCMD PWCREATE (12c and Above)

Oracle 12c and above provide the ASMCMD pwcreate command to create password files in ASM.

Step 2.1: Access ASMCMD

Log in to ASM Command Line:


asmcmd

Step 2.2: Create the Password File

Run the following command:


pwcreate --dbuniquename PRDPRE +DATA/PWDFILE/pwdPRDPRE YourPassword
  • --dbuniquename PRDPRE → Specifies the database unique name.
  • +DATA/PWDFILE/pwdPRDPRE → Defines the ASM location for the password file.
  • YourPassword → Sets the SYS password.

Step 2.3: Confirm the Password File in ASM


ls +DATA/PWDFILE/

Expected Output:


pwdPRDPRE

Step 3: Update the Database to Use the ASM Password File

Once the password file is created in ASM, update the remote_login_passwordfile parameter:


ALTER SYSTEM SET remote_login_passwordfile='EXCLUSIVE' SCOPE=SPFILE;

Restart the database to apply changes:


SHUTDOWN IMMEDIATE;
STARTUP;

Step 4: Verify Password File and Privileges

Check if the database is using the newly created password file:


SELECT * FROM v$pwfile_users;

If users like SYS appear, the password file is functioning correctly.

Grant SYSDBA/SYSOPER access to additional users if required:


GRANT SYSDBA TO my_user;
GRANT SYSOPER TO another_user;

Step 5: Backup and Restore the Password File

Although ASM provides redundancy, it is advisable to back up the password file periodically.

To back up the password file:


asmcmd cp +DATA/PWDFILE/pwdPRDPRE /backup/pwdPRDPRE.bak

To restore it:


asmcmd cp /backup/pwdPRDPRE.bak +DATA/PWDFILE/pwdPRDPRE



Please do like and subscribe to my youtube channel: https://www.youtube.com/@foalabs If you like this post please follow,share and comment