ORA-01017: invalid username/password; cannot login with other users except sys user, Oracle Database 12c?
https://dba.stackexchange.com/questions/278106
-
09-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have setup Oracle Database 12c on my local machine. It was working fine initially but now I cannot login to users' account except the sys user. I have altered users' passwords and tried logging in using SQLPlus and SQL DEVELOPER.
ALTER USER XYZ IDENTIFIED BY XYZ;
I have also checked the parameter SEC_CASE_SENSITIVE_LOGON which is set to FALSE. The users, that I am trying to connect are created in pluggable database i.e orclpdb and they do exist in the pluggable database. I can only login to sys user of pluggable database and root. The username and passwords are correct, I don't know why the oracle is behaving weirdly.
Solution
Why was SEC_CASE_SENSITIVE_LOGON set to false? That is deprecated in 12c. This is a known issue that I encountered many times.
Case-Insensitive Passwords and ORA-1017 Invalid Username or Password
The Oracle Database 12c release 2 (12.2) default authentication protocol is 12 (Exclusive Mode). This protocol requires case-sensitive passwords for authentication. Review your options if you have earlier release password versions.
Starting with Oracle Database 12c release 2 (12.2), the default value for the SQLNET.ORA parameter ALLOWED_LOGON_VERSION_SERVER is changed to 12. This parameter refers to the logon authentication protocol used for the server, not the Oracle Database release.
By default, Oracle no longer supports case-insensitive password-based authentication; only the new password versions (11G and 12C) are allowed. The case-insensitive 10G password version is no longer generated.
...
If the following conditions are true, then you may have accounts that are prevented from logging into the database after upgrading to 12.2:
You are upgrading a server that has user accounts created in an earlier Oracle Database release.
User accounts created in the earlier release use a case-insensitive password version from an earlier release authentication protocol, such as the 10G password version.
Earlier release user accounts have not reset passwords.
The server has been configured with SEC_CASE_SENSITIVE_LOGON set to FALSE, so that it can only authenticate users who have a 10G case-insensitive password version.
...
Option for Servers with Accounts Using Only 10G Password Version
After you upgrade to Oracle Database 12c release 2 (12.2), complete the following procedure to enable accounts using the 10G password version:
Log in as an administrator.
Edit the SQLNET.ORA file to change the SQLNET.ALLOWED_LOGON_VERSION_SERVER setting from the default, 12, to 11 or lower. For example:
SQLNET.ALLOWED_LOGON_VERSION_SERVER=11
After you change to a more permissive SQLNET.ALLOWED_LOGON_VERSION_SERVER setting, expire users’ passwords to require them to change their passwords. For detailed information, refer to Oracle Database Security Guide.
