Re: password iin dba_users - Oracle 11
- From: Jared Still <jkstill@xxxxxxxxx>
- To: John Hallas <John.Hallas@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 21 Jan 2009 09:27:31 -0800
On Wed, Jan 21, 2009 at 5:48 AM, John Hallas <John.Hallas@xxxxxxxxxxxxxxxxxx
> wrote:
> Jared,
>
> I understood that the old style password hash was there to support a
> database which has been migrated from 10g to 11g and converted to use the
> new case sensitive passwords.
>
> As an ex 10g user changes his password or has an alter user command run
> against him he changes from the old hash to the new hash (which also
> includes case sensitivity) which is the reason why there is room to
> accommodate both hash versions.
>
>
I don't claim to know exactly why the hash and sha1 passwords are both
included in
sys.user$, but that doesn't seem to fit the bill.
on an 11.1.0.7 database
SQL> create user scott identified by tiger
SQL >select name, password, spare4
from sys.user$
where type#=1
and name = 'SCOTT';
NAME PASSWORD SPARE4
--------------- --------------------
--------------------------------------------------------------------------------
SCOTT F894844C34402B67
S:3B126204ED23F157CD3F7212B44F7D88BA971E36167AD91F24AD5D5027B7
1 row selected.
An interesting aside:
After exp/imp an application schema from 10.2 to 11.1.0.7 using the same
password
as in the old database, one of the clients could no longer connect.
The client is 9.2.0.6/7 IIRC.
The fix was to recreate the password, all in uppercase.
Somewhere in the authentication process, the password that was input in
lower case was being converted to upper case. That doesn't seem all
that unusual when you consider that the old authentication was case
insensitive (upper case)
It is strange that only this client was affected. I've used 9i clients to
connect
to 11g databases without issue, using lower case passwords.
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
Other related posts:
