ITPub博客

首页 > 数据库 > Oracle > ORACLE12.2中用户无法登陆报ORA-01017的解决办法

ORACLE12.2中用户无法登陆报ORA-01017的解决办法

原创 Oracle 作者:hunterjoy 时间:2017-05-04 10:39:18 0 删除 编辑

                                                                                             ORACLE12.2中用户无法登陆报ORA-01017的解决办法

错误现象:

在ORACLE12.2中创建一个用户linfy后,登陆:
SQL> show pdbs;
    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
         2 PDB$SEED                       READ ONLY  NO
         3 ORCLPDB                        READ WRITE NO
SQL> alter session set container=orclpdb;
Session altered.
SQL> conn linfy/linfy@orclpdb
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.

原因:将系统参数sec_case_sensitive_logon设置成FALSE导致。

SQL> show parameter sec

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
db_securefile                        string      PREFERRED
optimizer_secure_view_merging        boolean     TRUE
sec_case_sensitive_logon             boolean     FALSE


因分析:

SQL>  select PASSWORD_VERSIONS from cdb_users where username='LINFY';


PASSWORD_VERSIONS
-----------------
11G 12C

参见官方文档:
The new Exclusive Mode default for password-based authentication in Oracle 12.2 conflicts with case-insensitive password configurations. All user login fails with ORA-1017 after upgrade to 12.2 (文档 ID 2075401.1)
http://docs.oracle.com/database/121/NETRF/sqlnet.htm#NETRF2016

具体内容如下:

The ability for a client to authenticate depends on the DBA_USERS.PASSWORD_VERSIONS value on the server for that account.

Note the following implications of setting the value to 12 or 12a:

  • The setting SEC_CASE_SENSITIVE_LOGON=FALSE must not be used because case insensitivity requires the use of the 10G password version. If it is set as FALSE, then user accounts and secure roles become unusable because Exclusive Mode excludes the use of the 10G password version. The SEC_CASE_SENSITIVE_LOGONinitialization parameter enables or disables case sensitivity for passwords.

    Note:

    The use of the Oracle instance initialization parameter SEC_CASE_SENSITIVE_LOGON is deprecated in favor of setting the SQLNET.ALLOWED_LOGON_VERSION_SERVER parameter to 12 or 12a to ensure that passwords are treated in a case-sensitive fashion.
解决办法:
SQL> alter system set sec_case_sensitive_logon=TRUE;
System altered.

SQL> conn linfy/linfy@orclpdb
Connected.





来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/543979/viewspace-2138398/,如需转载,请注明出处,否则将追究法律责任。

下一篇: docker安装MySQL
请登录后发表评论 登录
全部评论

注册时间:2007-12-31

  • 博文量
    156
  • 访问量
    352010