Asynch Hot Log mode does not use hot (online) redo logs

Similar Messages

• When occurs crash recovery,why use active online redo log not archived log?

  If current redo log had archived, but it's still 'ACTIVE'. As we all know, archived log is just an archived copy of the current redo log which is still 'ACTIVE', they have the same data. But why use active online redo log not archived log for crash recovery?(I think, if crash recovery can use archived log, then whether the online redo log is 'ACTIVE' or not, it can be overwritten)
  Quote:
  Re: v$log : How redo log file can have a status ACTIVE and be already archived?
  Hemant K Chitale
  If your instance crashes, Oracle attempts Instance Recovery -- reading from the Online Redo Logs. It doesn't need ArchiveLogs for Instance Recovery.
  TanelPoder
  Whether the log is already archived or not doesn't matter here, when the instance crashes, Oracle needs some blocks from that redolog. Archivelog is just an archived copy of the redolog, so you could use either the online or achive log for the recovery, it's the same data in there (Oracle reads the log/archivelog file header when it tries to use it for recovery and validates whether it contains the changes (RBA range) in it what it needs).

  Aman.... wrote:
  John,
  Are you sure that the instance recovery (not the media recovery) would be using the archived redo logs? Since the only thing that would be lost is the isntance, there wouldn't be any archived redo log generated from the Current redo log and the previous archived redo logs, would be already checkpointed to the data file, IMHO archived redo logs won't participate in the instance recovery process. Yep, shall watch the video but tomorrow .
  Regards
  Aman....
  That's what I said. Or meant to say. If Oracle used archivelogs for instance recovery, it would not be possible to recover in noarchive log mode. So recovery relies exclusively on the online log.
  Sorry I wasted your time, I'll try to be less ambiguous in future

• Standby not applying the online redo logs

  Hi,
  The redo apply process does not seem to apply the current logs to the standby database.
  The output from the query
  Select last_change#, sequence# from v$standby_log;
  LAST_CHANGE# GROUP# SEQUENCE#
  4 0
  10120537 5 8586
  6 0
  7 0
  gives me the current SCN as that of the primary.
  But the CURRENT_SCN from v$database on the standby lags from that of the output above.
  Select CURRENT_SCN from v$database;
  CURRENT_SCN
  10119641
  The STATUS and PROCESS information from the v$managed_standby show the following:
  PROCESS STATUS SEQUENCE#
  ARCH CONNECTED 0
  ARCH CONNECTED 0
  ARCH CONNECTED 0
  ARCH CONNECTED 0
  RFS IDLE 0
  RFS IDLE 0
  RFS IDLE 8586
  RFS IDLE 0
  RFS IDLE 0
  RFS IDLE 0
  RFS IDLE 0
  PROCESS STATUS SEQUENCE#
  MRP0 APPLYING_LOG 8586
  Any thoughts on why the standby has not applied the recived logs from the primary?
  I am currently using version Oracle 11.2.0.2 for Active dataguard setup. I currently have a primary server and one standy server.
  Thanks

  I had sent the output of the queries in the earlier post. Here it is again
  The output for the query
  select thread#, max(sequence#) from v$archived_log group by thread#; (on primary)
  THREAD# MAX(SEQUENCE#)
  1 8585
  The output for
  select thread#, max(sequence#) from v$archived_log where applied = 'YES' group by thread#; (on standby)
  THREAD# MAX(SEQUENCE#)
  1 8585
  Also the query
  select LAST_CHANGE#, STATUS from V$STANDBY_LOG;
  gives me the current scn generated at the primary.
  LAST_CHANGE# STATUS
  10149990 ACTIVE
  10146538 ACTIVE
  10150844 ACTIVE
  But the current_scn from v$database is lagging.
  select current_scn from v$database;
  CURRENT_SCN
  10146535
  Also the query
  select  THREAD#, LOW_SEQUENCE#, HIGH_SEQUENCE# from v$archive_gap;
  returns no rows. So there are no archive logs missing on the standby either.
  So I beleive that the RFS has recieved the logs from the primary but the logs have not been applied at the standby.
  Thanks

• Online redo logs on a physical standby?

  A question on REDO logs on physical standby databases. (10.2.0.4 db on Windows 32bit)
  My PRIMARY has 3 ONLINE REDO groups, 2 members each, in ..ORADATA\LOCP10G
  My PHYSICAL STANDBY has 4 STANDBY REDO groups, 2 members each, in ..ORADATA\SBY10G
  I have shipping occurring from the primary in LGWR, ASYNC mode - max availablility
  However I notice the STANDBY also has ONLINE REDO logs, same as the PRIMARY, in the ..ORADATA\SBY10G folder
  According to the 10g Dataguard docs, section 2.5.1:
  "Physical standby databases do not use an online redo log, because physical standby databases are not opened for read/write I/O."
  I have tried to drop these on the STANDBY when not in apply mode, but I get the following:
  SQL> ALTER DATABASE RECOVER MANAGED STANDBY DATABASE CANCEL;
  Database altered.
  SQL> ALTER DATABASE DROP LOGFILE GROUP 3;
  ALTER DATABASE DROP LOGFILE GROUP 3
  ERROR at line 1:
  ORA-01275: Operation DROP LOGFILE is not allowed if standby file management is
  automatic.
  I also deleted them while the STANDBY instance was idle, but it recreated them when moved to MOUNT mode.
  So my question is why is my PHYSICAL recreating and using these, if the docs say the shouldn't?
  I saw the same error mentioned here: prob. with DataGuard
  Is this a case of the STANDBY needing at least a notion of where the REDO logs will need to be should a failover occur, and if the files are already there, the standby database CONTROLFILE will hold onto them, as they are not doing any harm anyway?
  Or, is this a prooduct of having management=AUTOMATIC - i.e. the database will create these 'automatically'
  Ta
  bt

  According to the 10g Dataguard docs, section 2.5.1:
  "Physical standby databases do not use an online redo log, because physical standby databases are not opened for read/write I/O."yes, those are used when database is open.
  You should not perform any changes in Standby. Even if those exist online redo log files, whats the difficulty you have seen?
  These will be used whenever you performed switchover/failover. So nothing to worry on this.
  Is this a case of the STANDBY needing at least a notion of where the REDO logs will need to be should a failover occur, and if the files are already there, the standby database CONTROLFILE will hold onto them, as they are not doing any harm anyway?Then oracle functionality itself harm if you think in that way. When they not used in open then what the harm with that?
  Standby_File_management --> for example if you add any datafile, those information will be in archives/redos once they applied on standby those will be added automatically when it is set to AUTO if its manual, then it creates a unnamed file in $ORACLE_HOME/dbs location later you have to rename that file and recovery need to perform .
  check this http://docs.oracle.com/cd/B14117_01/server.101/b10755/initparams206.htm
  HTH.

• Best practice - online redo logs and virtualization

  I have a 10.1.0.4 instance (soon to be migrated to 11gr2) running under Windows Server 2003.
  We use a non-standard disk distribution scheme -
  on the c: drive we have oracle_home as well as directories for control files and online redo logs.
  on the d: drive we have datafiles
  on the e: drive we have archive log files and another directory with online redo logs and another copy of control file
  my question is this:
  is it smart practice to have ANY online redo logs or control file on the same spindle with archive logs?
  Our setup works fairly well but we are in the process of migrating the instance first to ESX server and SAN and then secondly to 11gtr2 64bit under server 2008 64 and when we bring up our instance on the VM for testing we find that benchmarking the ESX server (dual Xeon 3.4ghz with 48gb RAM running against FalconStor NSS SAN with 15k SAS disks over iSCSI) against the production physical server (dual Xeon 2.0ghz with 4gb RAM using direct attached SATA 7200rpm drives) we find that some processes run faster on the ESX box and some run 40-100% slower. Running Statspack seems to identify lots of physical read waits as well as some waits for redo and controlfiles.
  Is it possible that in addition to any overhead introduced by ESX and iSCSI (we are running Jumbo Frames over 1gb) we may have contention because the archive logs are on the same "spindle" (virtual) as the online redo and control files?
  We're looking at multiple avenues to bring the 2 servers in line from a performance standpoint - db configuration, memory allocation, possible move to 10gb network, possible move to SSD storage tray, possible application rewrites. But from the simplest low hanging fruit idea, if these files should not be on the same spindle thats an easy change to make and possibly eke out an improvement.
  Ideas?
  Mike

  Hi,
  "Old" Oracle standard is to use as many spindles as possible.
  It looks to me, you have only 1 disk with several partitions on it ??
  In my honest opinion you should anyway start by physically seperating OS from Oracle, so let the C: drive to the Windows OS
  Take another physical seperate D: drive to install you application.
  Use yet another set of physical drives, preferably in RAID10 setup, for your database and redo logs
  And finally yet another disk for the archive logs.
  We have recently configured a Windows 2008 server with an 11G Db, which pretty much follows the above setup.
  All non RAID10 disks are RAID1 ( mirror ) and we even have some SSD's for hot tables and redo-logs.
  The machine, or must I say the database, operates like a high speed train, very, very fast.
  Ofcourse keep in mind the number of cores ( not only for licensing ) and the amount of memory.
  Try to prevent the system from swapping, because that is a performance killer!
  Edit: And even if you put a virtual layer in between, try to seperate the virtual disks as much as possible over physical disks
  Success!
  FJFranken
  Edited by: fjfranken on 7-okt-2011 7:19

• Online redo logs vs backup

  Below quoted sentence is from Oracle documentation
  "Online redo logs, unlike archived logs, should never be backed up. The chief danger
  associated by having backups of online redo logs is that you may accidentally restore
  those backups without meaning to, and corrupt your database"
  Can any one explain , how the database will be corrupted if we backup online redo logs. I am having a hard time to understand this quote
  thanks for your help
  shajan

  Redo log file contents is very dynamic. It changes minute after minute, so a backup is useless if you try to do it online. (In fact there is no command to perform such backup).
  Let's suppose you shutdown (normal, immediate or transactional) The contents of the redo log files become useless as the checkpoint process has already taken place, so it is enough to have a copy of all of the consistent datafiles to have the last applied transaccion.
  In a recovery scenario with archivelog it is important to keep all of the requiered archivelog files plus all of the online redo log files.
  In case of a missing logfile it is useless to have a backup of it. If you ever had one, and you tried to restore it, an error would arise, warning you that the contents of the logfile is inconsistent with the expected scn. The only way you can succeed is to have them multiplexed and have them on different paths, just to reduce to probability of loosing all of the members of a group.
  rman does not perform backup of redo log files. Classical theory of backup/recovery states that during a hot backup it must be backed up the archive log files, not the redo log files.

• Physical Standby Online Redo log  files,

  Hi,
  I'm trying to create a physical standby database (10.2.0.3). I'm a little confused about the requirement for online redo logs on the standby.
  in my standby alert log I get the following when I issue:
  SQL> alter database recover managed standby database disconnect from session
  "ORA-00313: open failed for members of log group 1 of thread 1
  ORA-00312: online log 1 thread 1: '/appl/oradata/prod/prod_1_redo_01_02.log'
  ORA-27037: unable to obtain file status
  SVR4 Error: 2: No such file or directory
  Additional information: 3"
  /appl/oradata/prod/prod_1_redo_01_02.log is the path to the location of the online redo logs on the production system. This file does not exist on the standby filesystem so the error is correct.
  I assume that it gets this information from the standby control file I created on the production system and copied over to the standby.
  Do I need to copy the online redo logs from the primary over to the standby site or do I need to create online redo logs on the standby?
  Does the standby need to have redo log files?
  I'm not talking about 'standby log files' of the type created using 'alter database add standby log file'. I've not got that far yet.
  I just need to establish if a physical standby requires online redo log files?
  Thanks in advance,
  user234564

  I wanted to update this thread since I've been dealing with the exact same errors. The basic question is: "does a physical standby need the online redo logs?"
  Answer: Not really, until one wants to switchover or failover (and become a primary database). Furthermore, whenever the MRP process is started, Oracle prepares for a possible switchover/failover by "clearing" the online redo logs (MetaLink note# 352879.1). It is not a big deal, since Oracle will build the actual redo files when the "alter database open resetlogs" is accomplished during a "role transition."
  In our situation, we have decided to use our standby for nightly exports. We stop MRP, open the database read-only, then restart MRP. We built these standby DBs with RMAN. The RMAN duplicate process will not build the online redo log files until the database is opened for read/write (with resetlogs). However, we haven't had a need for read/write (i.e. a switchover).
  Thus, every morning we have been getting the same errors that "user234564" posted above. At first the errors seemed scary, then we realized they were just a nusiance. In order to clean things up, all I did was just "cp" our stanby redo logs (SRL) into our online redo directories ensuring the names matched what was in v$logfile. When I restarted MRP, the alert log clearly showed Oracle clearing these "newly found" online redo logs.

• The file structure online redo log, archived redo log and standby redo log

  I have read some Oracle documentation for file structure and settings in Data Guard environment. But I still have some doubts. What is the best file structure or settings in Oracle 10.2.0.4 on UNIX for a data guard environment with 4 primary databases and 4 physical standby databases. Based on Oracle documents, there are 3 redo logs. They are: online redo logs, archived redo logs and standby redo logs. The basic settings are:
  1. Online redo logs --- This redo log must be on Primary database and logical standby database. But it is not necessary to be on physical standby database because physical standby is not open. It doesn't generate redo log. However, if don't set up online redo log on physical standby, when primary failover and switch standby as primary. How can standby perform without online redo logs? In my standby databases, online redo logs have been set up.
  2. Archived redo logs --- It is obviously that primary database, logical and physical standby database all need to have this log file being set up. Primary use it to archive log files and ship to standby. Standby use it to receive data from archived log and apply to database.
  3. Standby redo logs --- In the document, it says A standby redo log is similar to an online redo log, except that a standby redo log is used to store redo data received from another database. A standby redo log is required if you want to implement: The maximum protection and maximum availability levels of data protection and Real-time apply as well as Cascaded destinations. So it seems that this standby redo log only should be set up on standby database, not on primary database. Am my understanding correct? Because I review current redo log settings on my environment, I have found that Standby redo log directory and files have been set up on both primary and standby databases. I would like to get more information and education from experts. What is the best setting or structure on primary and standby database?

  FZheng:
  Thanks for your input. It is clear that we need 3 type of redo logs on both databases. You answer my question.
  But I have another one. In oracle ducument, it says If you have configured a standby redo log on one or more standby databases in the configuration, ensure the size of the current standby redo log file on each standby database exactly matches the size of the current online redo log file on the primary database. It says: At log switch time, if there are no available standby redo log files that match the size of the new current online redo log file on the primary database. The primary database will shut down
  My current one data gurard envirnment setting is: On primary DB, online redo log group size is 512M and standby redo log group size is 500M. On the standby DB, online redo log group size is 500M and standby redo log group size is 750M.
  This was setup by someone I don't know. Is this setting OK? or I should change Standby Redo Log on standby DB to 512M to exactly meatch with redo log size on primary?
  Edited by: 853153 on Jun 22, 2011 9:42 AM

• Why does my iphone 4s gets really hot even though im not using it, battery drain's 2% every 5 minutes.. and its just in my pocket,. what will i do?

  why does my iphone 4s gets really hot even though im not using it, battery drain's 2% every 5 minutes.. and its just in my pocket,. what will i do?

  some thing is runnng in the back ground. Or your email is struck. Deleted all emails and reboot phone and add them one by one. Or your sim cards has problem. Replace sim card. If nothing works drain battery then recharge battery to 100% full charge.

• HT201304 I have been trying for two weeks to log into iTunes using my Bank of America Visa Debit card but no progress. Is it that iTunes does not use debit card, I only have a debit card and  Not credit card, so does it mean I can't use iTunes .?

  I have been trying for two weeks to log into iTunes using my Bank of America Visa Debit card but no progress. Is it that iTunes does not use debit card, I only have a debit card and  Not credit card, so does it mean I can't use iTunes .?

  I believe if you haven't already setup an itunes account, if you have access to computer with iTunes installed , you can create an iTunes account on that computer with no credit/debit card and then just buy iTunes cards at your local retailer to get credits.

• Viewsonic 2431wm does not use full width in 1920x1080 mode

  HI Folks,
  I've recently replaced a failed Viewsonic 2433wm monitor with a 2431wm.  My Mac Pro 5,1 has the 1GB Radeon HD5770 video HBA and is a 2 monitor configuration.  The previous pair of 2433wm's functioned wonderfully at the 1920x1080@60Hz settings.
  However, with the new 2431wm attached, the displayed image does not use the full width of the screen.  I've tried manually adjusting the horizontal settings and using the monitor's Auto Image Adjust with no change.  I've also installed the latest drivers from the Viewsonic site.
  For grins, I borrowed a colleague's 2433wm and it immediately worked as expected with no changes on the monitor or my Mac Pro.  Also, setting the 2431wm's resolution to 1680x1024 uses the entire screen width.
  Does anyone have tips about the 2431wm or manual OS X settings that could resolve this?
  Thanks,
  Tim

  When using a CRT, the phosphor is painted on the display much more widely. The maximum resolutions used are always far less than the maximum the display could produce IF we were to tune it to absolutely perfectly hit every Phosphor dot. But if you did this, you would have to adjust your display ever time a new picture went up on it.
  An LCD display does not wave an electron gun around and light up some phosphor dots. The dots are addressed directly. Optimum resolution is EXACTLY every dot that the manufacturer placed on the glass -- no more, no less.
  If you chose any resolution other than the optimum resolution, the display may try to approximate what you asked for and fill the display -- or may not. If it does fill the screen, it will be a poor imitation of the best picture you can possibly get from the display.
  My recommendation: Find out what is the optimum or recommended resolution is for your specific display, set your display to that resolution, and do not change it.

• Logging out does not drop me to console but a black screen

  Recent pacman -Syu upgraded me to latest xorg-server and I have this problem: logging out does not drop me back to console but a black screen and after 30 seconds, a blinking cursor. Nothing works and I have to reboot. If I choose to reboot (instead of logout) I get the same result except that eventually the computer reboots. Using nv - no problems. Using simple nvidia (single screen) - no problem. (I have a monitor and tv-out setup). Problem remains whether I use xfce4 or fluxbox. And the ctrl-alt-backspace keyboard shortcut results in the same black screen. Xorg.0.log tells me nothing. Before the upgrade, no problem.
  I usually use startx and I have ck-launch-session etc in my .xinitrc. I use the latest nvidia-96xx driver and have no other X problem. Everything works, including the tv-out.
  This is a minor inconvenience really and I usually switch to a console and as root killall X if I need to log myself out for any reason. But if anyone as a clue as to why this is so, or suffers the same problem, do let me know. Thanks.

  Thanks guys...
  @ckristi - I don't use kdm. I startx from console when I want to go into X.
  @madtux - I guess I will have to read up on kernel mode setting and KMS - I actually don't know what you are referring to although I have seen KMS refered to in this forum with reference to xorg. Any links? Do note no problems with nv and single monitor nvidia. Hopefully the cure is not worse than the disease.

• Screen Saver does not use selected Screen Saver when activated

  Screen Saver does not use selected Screen Saver when activated. After "Start screen saver" elapse time has been reached, a blank black full screen is displayed. I can activate the selected screen saver by using the hot corners function. Any help with this matter will be greatfully received.

  Hi again sassey,
  You're assuming correctly. Simply change the settings so that your screen saver activates before the sleep settings.
  Hope this solves your problem...

• Pam.conf does not use ldap for password length check when changing passwd

  I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
  I have dsee 6.0 installed on a solaris 10 server (client).
  I have a solaris 9 server (server) set up to use ldap authentication.
  bash-2.05# cat /var/ldap/ldap_client_file
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_SERVERS= X, Y
  NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
  NS_LDAP_AUTH= tls:simple
  NS_LDAP_SEARCH_REF= FALSE
  NS_LDAP_SEARCH_SCOPE= one
  NS_LDAP_SEARCH_TIME= 30
  NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
  NS_LDAP_CACHETTL= 43200
  NS_LDAP_PROFILE= tls_profile
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_BIND_TIME= 10
  bash-2.05# cat /var/ldap/ldap_client_cred
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
  NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
  bash-2.05# cat /etc/nsswitch.conf
  # /etc/nsswitch.ldap:
  # An example file that could be copied over to /etc/nsswitch.conf; it
  # uses LDAP in conjunction with files.
  # "hosts:" and "services:" in this file are used only if the
  # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
  # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
  passwd: files ldap
  group: files ldap
  # consult /etc "files" only if ldap is down.
  hosts: files dns
  ipnodes: files
  # Uncomment the following line and comment out the above to resolve
  # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
  # IPv4 addresses are searched in all of the ipnodes databases before
  # searching the hosts databases. Before turning this option on, consult
  # the Network Administration Guide for more details on using IPv6.
  #ipnodes: ldap [NOTFOUND=return] files
  networks: files
  protocols: files
  rpc: files
  ethers: files
  netmasks: files
  bootparams: files
  publickey: files
  netgroup: ldap
  automount: files ldap
  aliases: files ldap
  # for efficient getservbyname() avoid ldap
  services: files ldap
  sendmailvars: files
  printers: user files ldap
  auth_attr: files ldap
  prof_attr: files ldap
  project: files ldap
  bash-2.05# cat /etc/pam.conf
  #ident "@(#)pam.conf 1.20 02/01/23 SMI"
  # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # PAM configuration
  # Unless explicitly defined, all services use the modules
  # defined in the "other" section.
  # Modules are defined with relative pathnames, i.e., they are
  # relative to /usr/lib/security/$ISA. Absolute path names, as
  # present in this file in previous releases are still acceptable.
  # Authentication management
  # login service (explicit because of pam_dial_auth)
  login auth requisite pam_authtok_get.so.1 debug
  login auth required pam_dhkeys.so.1 debug
  login auth required pam_dial_auth.so.1 debug
  login auth binding pam_unix_auth.so.1 server_policy debug
  login auth required pam_ldap.so.1 use_first_pass debug
  # rlogin service (explicit because of pam_rhost_auth)
  rlogin auth sufficient pam_rhosts_auth.so.1
  rlogin auth requisite pam_authtok_get.so.1
  rlogin auth required pam_dhkeys.so.1
  rlogin auth binding pam_unix_auth.so.1 server_policy
  rlogin auth required pam_ldap.so.1 use_first_pass
  # rsh service (explicit because of pam_rhost_auth,
  # and pam_unix_auth for meaningful pam_setcred)
  rsh auth sufficient pam_rhosts_auth.so.1
  rsh auth required pam_unix_auth.so.1
  # PPP service (explicit because of pam_dial_auth)
  ppp auth requisite pam_authtok_get.so.1
  ppp auth required pam_dhkeys.so.1
  ppp auth required pam_dial_auth.so.1
  ppp auth binding pam_unix_auth.so.1 server_policy
  ppp auth required pam_ldap.so.1 use_first_pass
  # Default definitions for Authentication management
  # Used when service name is not explicitly mentioned for authenctication
  other auth requisite pam_authtok_get.so.1 debug
  other auth required pam_dhkeys.so.1 debug
  other auth binding pam_unix_auth.so.1 server_policy debug
  other auth required pam_ldap.so.1 use_first_pass debug
  # passwd command (explicit because of a different authentication module)
  passwd auth binding pam_passwd_auth.so.1 server_policy debug
  passwd auth required pam_ldap.so.1 use_first_pass debug
  # cron service (explicit because of non-usage of pam_roles.so.1)
  cron account required pam_projects.so.1
  cron account required pam_unix_account.so.1
  # Default definition for Account management
  # Used when service name is not explicitly mentioned for account management
  other account requisite pam_roles.so.1 debug
  other account required pam_projects.so.1 debug
  other account binding pam_unix_account.so.1 server_policy debug
  other account required pam_ldap.so.1 no_pass debug
  # Default definition for Session management
  # Used when service name is not explicitly mentioned for session management
  other session required pam_unix_session.so.1
  # Default definition for Password management
  # Used when service name is not explicitly mentioned for password management
  other password required pam_dhkeys.so.1 debug
  other password requisite pam_authtok_get.so.1 debug
  other password requisite pam_authtok_check.so.1 debug
  other password required pam_authtok_store.so.1 server_policy debug
  # Support for Kerberos V5 authentication (uncomment to use Kerberos)
  #rlogin auth optional pam_krb5.so.1 try_first_pass
  #login auth optional pam_krb5.so.1 try_first_pass
  #other auth optional pam_krb5.so.1 try_first_pass
  #cron account optional pam_krb5.so.1
  #other account optional pam_krb5.so.1
  #other session optional pam_krb5.so.1
  #other password optional pam_krb5.so.1 try_first_pass
  I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
  May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
  May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
  May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
  May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
  May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
  May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
  May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
  May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
  May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
  May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
  May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
  May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
  If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
  bash-2.05$ passwd
  passwd: Changing password for VV
  Enter existing login password:
  New Password:
  passwd: Password too short - must be at least 8 characters.
  Please try again
  May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
  May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
  May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
  May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
  May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
  May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
  May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
  I am using the default policy on the directory server which states a minimum password length of 6 characters.
  server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
  pwd-accept-hashed-pwd-enabled : N/A
  pwd-check-enabled : off
  pwd-compat-mode : DS6-mode
  pwd-expire-no-warning-enabled : on
  pwd-expire-warning-delay : 1d
  pwd-failure-count-interval : 10m
  pwd-grace-login-limit : disabled
  pwd-keep-last-auth-time-enabled : off
  pwd-lockout-duration : disabled
  pwd-lockout-enabled : off
  pwd-lockout-repl-priority-enabled : on
  pwd-max-age : disabled
  pwd-max-failure-count : 3
  pwd-max-history-count : disabled
  pwd-min-age : disabled
  pwd-min-length : 6
  pwd-mod-gen-length : 6
  pwd-must-change-enabled : off
  pwd-root-dn-bypass-enabled : off
  pwd-safe-modify-enabled : off
  pwd-storage-scheme : CRYPT
  pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
  pwd-strong-check-enabled : off
  pwd-strong-check-require-charset : lower
  pwd-strong-check-require-charset : upper
  pwd-strong-check-require-charset : digit
  pwd-strong-check-require-charset : special
  pwd-supported-storage-scheme : CRYPT
  pwd-supported-storage-scheme : SHA
  pwd-supported-storage-scheme : SSHA
  pwd-supported-storage-scheme : NS-MTA-MD5
  pwd-supported-storage-scheme : CLEAR
  pwd-user-change-enabled : off
  Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
  . It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
  I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
  Edited by: ericduggan on Sep 8, 2008 5:30 AM

  you can try passwd -r ldap for changing the ldap passwds...

• I have a mac which plays the boot sound but the screen stays black. Recovery mode does not work, as the keyboard is wireless. What do I do?

  What it says in the title.
  I have an older mac and it worked perfectly until about an hour ago when I shut it down because we needed the room dark for a presentation and the screen saver was putting out light.
  Now it won't turn back on. It plays the start up music but the screen stays blank.
  The CMD+OPT+R for recovery mode doesn't do anything, the keyboard is wireless so the command doesn't get to the computer and that's the only keyboard I have since that's the one it came with.
  I'm looking at making a USB recovery disk but it says that I should click on "Options" in the Disk Utility but there is no options button or menu to click.
  From here: OS X: About Recovery Disk Assistant in step 3 I get stuck.
  Also it says that if I make a drive on this computer which has an older OS it might not work on the broken machine with Mavericks.
  This machine literally worked and I turned it off and now it does not work and there seems to be nothing I can do... ***...

  kodemage wrote:
  well, then recovery mode does not work. I've tried all the key combinations I've seen on line. Command+R, Command+Option+R, Command+Option+P+R, none of these work.
  I don't believe there is anything we can do on a forum to help then, you need to take it into a AASP and have it professionaly diagnosed. If you don't know how to locate an AASP in your area you can begin by using Contact Apple for support and service
  Good luck.