ORACLE12.2中用户无法登陆报ORA-01017的解决办法

                                                                                             ORACLE12.2中用户无法登陆报ORA-01017的解决办法

错误现象:

在ORACLE12.2中创建一个用户linfy后,登陆:
SQL> show pdbs;
    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
         2 PDB$SEED                       READ ONLY  NO
         3 ORCLPDB                        READ WRITE NO
SQL> alter session set container=orclpdb;
Session altered.
SQL> conn linfy/linfy@orclpdb
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.

原因:将系统参数sec_case_sensitive_logon设置成FALSE导致。

SQL> show parameter sec

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
db_securefile                        string      PREFERRED
optimizer_secure_view_merging        boolean     TRUE
sec_case_sensitive_logon             boolean     FALSE

因分析:

SQL>  select PASSWORD_VERSIONS from cdb_users where username='LINFY';


PASSWORD_VERSIONS
-----------------
11G 12C

参见官方文档:
The new Exclusive Mode default for password-based authentication in Oracle 12.2 conflicts with case-insensitive password configurations. All user login fails with ORA-1017 after upgrade to 12.2 (文档 ID 2075401.1)
http://docs.oracle.com/database/121/NETRF/sqlnet.htm#NETRF2016

具体内容如下:

The ability for a client to authenticate depends on the DBA_USERS.PASSWORD_VERSIONS value on the server for that account.

Note the following implications of setting the value to 12 or 12a:

  • The setting SEC_CASE_SENSITIVE_LOGON=FALSE must not be used because case insensitivity requires the use of the 10G password version. If it is set as FALSE, then user accounts and secure roles become unusable because Exclusive Mode excludes the use of the 10G password version. The SEC_CASE_SENSITIVE_LOGONinitialization parameter enables or disables case sensitivity for passwords.

    Note:

    The use of the Oracle instance initialization parameter  SEC_CASE_SENSITIVE_LOGON  is deprecated in favor of setting the  SQLNET.ALLOWED_LOGON_VERSION_SERVER  parameter to  12  or  12a  to ensure that passwords are treated in a case-sensitive fashion.
解决办法:
SQL> alter system set sec_case_sensitive_logon=TRUE;
System altered.

SQL> conn linfy/linfy@orclpdb
Connected.





来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/543979/viewspace-2138398/,如需转载,请注明出处,否则将追究法律责任。

转载于:http://blog.itpub.net/543979/viewspace-2138398/

你可能感兴趣的:(ORACLE12.2中用户无法登陆报ORA-01017的解决办法)