PASSWORD not available from oracle 11g in DBA_USERS view


ALTER USER IDENTIFIED BY VALUES with Oracle 11g
Oracle 11g introduces case-sensitive passwords for databases created with the default Oracle Database 11g enhanced security. With the new initialization parameter SEC_CASE_SENTITIVE_LOGON,
it’s possible to enable or disable password case sensitivity in the database. The default value of this parameter is TRUE:
SQL> SELECT value FROM v$parameter WHERE name = ‘sec_case_sensitive_logon’;
VALUE
—————
TRUE
When we issue a CREATE/ALTER USER IDENTIFIED BY PASSWORD command, both the insensitive and the sensitive password hashes are saved (but the user’s password is sensitive). The two hashes are stored in the SYS.USER$ view (not into the DBA_USERS view):
SQL> CREATE USER anilve IDENTIFIED BY anilve;
User created.
SQL> GRANT connect, resource TO anilve;
Grant succeeded.
SQL> CONNECT anilve/Anilve
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> CONNECT anilve/anilve
Connected.
In the DBA_USERS there is a column, PASSWORD_VERSIONS, which tells us the current version of the password of a particular user. The default version is “10g 11g”:
SQL> SELECT password_versions FROM dba_users WHERE username = ‘ANILVE’ AND password IS NULL;
PASSWORD
——–
10G 11G
If we set the SEC_CASE_SENSITIVE_LOGON parameter to FALSE, both uppercase and lowercase passwords work:
SQL> ALTER SYSTEM SET sec_case_sensitive_logon = FALSE;
System altered.
SQL> CONNECT anilve/ anilve
Connected.
SQL> CONNECT anilve/Anilve
Connected.
In the SYS.USER$, the two hashes are stored in the two column PASSWORD (insensitive password) and SPARE4 (sensitive password):
SQL> SELECT password, spare4 FROM SYS.USER$ WHERE name = ‘ANILVE’;
PASSWORD SPARE4
——————– —————————————————————–
3AA2DE27F5F4B2B5 S:C27DFCE226D1D5EC47FAADE93E8588E5A064BC6E3D1E0BCD2B58E65F083F
If we want to change a password with the clause IDENTIFIED BY VALUES we can use one of the two values, or both. The consequence is that the version of the password will change.
When only the hash of the insensitive password only is used as a value, the password is case insensitive whatever the setting of sec_case_sensitive_logon is:
SQL> ALTER USER anilve IDENTIFIED BY VALUES ’ 3AA2DE27F5F4B2B5′;
User altered.
SQL> SELECT password_versions FROM dba_users WHERE username = ‘ANILVE’;
PASSWORD
——–
10G
SQL> CONNECT anilve/anilve
Connected.
SQL> CONNECT anilve/Anilve
Connected.
When only the hash of the sensitive password only is used as a value, the password is case sensitive and if the setting of SEC_CASE_SENSITIVE_LOGON is on false, the login will always failed because there is no insensitive hash value in the PASSWORD column:
SQL> ALTER USER anilve IDENTIFIED BY VALUES ‘S:C27DFCE226D1D5EC47FAADE93E8588E5A064BC6E3D1E0BCD2B58E65F083F′;
User altered.
SQL> SELECT password_versions FROM dba_users WHERE username = ‘ANILVE’;
PASSWORD
——–
11G
SQL> ALTER SYSTEM set sec_case_sensitive_logon = FALSE;
System altered.
SQL> CONNECT anilve/anilve
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> CONNECT anilve/Anilve
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
If we use both hashes, the password version will be the same and the the sensitivity of the password is related to the value of the SEC_CASE_SENSITIVE_LOGON parameter:
SQL> ALTER USER anilve IDENTIFIED BY VALUES ‘S:C27DFCE226D1D5EC47FAADE93E8588E5A064BC6E3D1E0BCD2B58E65F083F; 3AA2DE27F5F4B2B5′;
User altered.
SQL> SELECT password_versions FROM dba_users WHERE username = ‘ANILVE’;
PASSWORD
——–
10G 11G
The following table is a summary of the password’s sensitivity with Oracle 11g:
http://mtamassia.files.wordpress.com/2010/07/password_11g.png?w=600&h=47

Comments

Post a Comment

Popular posts from this blog

Useful OEM Queries to get Target details from OEM Repository

List Targets with TNS Listener ports configured : SELECT mgmt$target.host_name , mgmt$target.target_name , mgmt$target.target_type , mgmt$target_properties.property_name , mgmt$target_properties.property_value FROM mgmt$target , mgmt$target_properties WHERE ( mgmt$target.target_name = mgmt$target_properties.target_name ) AND ( mgmt$target.target_type = mgmt$target_properties.target_type ) and ( mgmt$target.target_type = 'oracle_listener' ) and ( mgmt$target_properties.property_name = 'Port' ); Devora02       LISTENER_ora02                       oracle_listener Port 1529 Devora01       LISTENER_ora01                       oracle_listener Port 1529 Devora04       LISTENER_ora04                       oracle_listener Port 1529 List Machine_Names, CPU Count & Database Verion for Licensing SELECT mgmt$target.host_name , mgmt$target_properties.property_name , mgmt$target_properties.property_value FROM mgmt$target , mgmt$target_properties WHERE ( mgmt$
Read more

WARNING: Subscription for node down event still pending' in Listener Log

Image
These messages are related to the Oracle TNS Listener's default subscription to the Oracle Notification Service (ONS). In a non-RAC environment it is recommended to disable this subscription.   This feature was introduced in Oracle 10g. SOLUTION Set the following parameter in the listener.ora: SUBSCRIBE_FOR_NODE_DOWN_EVENT_<listener_name>=OFF Where <listener_name> should be replaced with the actual listener name configured in the LISTENER.ORA file. SUBSCRIBE_FOR_NODE_DOWN_EVENT_<listener_name> parameter is to be placed by itself on an empty line. It will be necessary to restart or reload the listener following the addition of this parameter. This will prevent the messages from being written to the log file and may also prevent the TNS Listener from hanging periodically.  See (10g only) NOTE 340091.1 Intermittent TNS Listener Hang, New Child Listener Process Forked Please Note: Setting SUBSCRIBE_FOR_NODE_DOWN_<listener_n
Read more

ORA-65139: Mismatch between XML metadata file and data file

Error: CDB$ROOT@EBTUPRDC> CREATE PLUGGABLE DATABASE EBTUSPRDPDB1 using '/home/oracle/EBTUSPRDC.xml' nocopy tempfile reuse; CREATE PLUGGABLE DATABASE EBTUSPRDPDB1 using '/home/oracle/EBTUSPRDC.xml' nocopy tempfile reuse * ERROR at line 1: ORA-65139: Mismatch between XML metadata file and data file /u05/odb/ORADATA_1/EBTUSPRDC/datafile/system.1531.807800993 for value of fcpsb (2230502002 in the plug XML file, 2230505492 in the data file) Fix: Don't open Non-CDB database until we complete pdb creation other wise we will get above error. Shutdown immediate; startup mount; alter database open read only; create xml file. shutdown immediate; Connect to CDB and Create Pluggable database .
Read more