When we move schemas in one database or from it to another by datapump, we sometimes can not login to moved schemas with its password.
CAUSE:
Password has version (10G or 11G) in 11G database. Version usage is controlled by parameter.
HASH PROCESS:
a. in 10G
passphrase + username are used to generate hash
b. in 11G
passphrase + salt are userd to generate hash.
c. sec_case_sensitive_logon parameter is used to control password authentication method.
sec_case_sensitive_logon -> TRUE : 11G authentication
sec_case_sensitive_logon -> FALSE : 10G authentication
SYNOMINAL:
move schema TEST (11G) to TEST1 (10G) : need reset pass
move schema TEST (11G) to TEST (10G) : might need reset pass if 10G hash value is not correct
move schema TEST (11G) to TEST1 (11G): no need to reset pass
move schema TEST (11G) to TEST (11G): no need to reset pass
move schema TEST (10G) to TEST (10G) : no need to reset pass
move schema TEST (10G) to TEST1 (10G) : need reset pass
move schema TEST (10G) to TEST (11G) : might need reset pass if 11G hash value is not null or correct
move schema TEST (10G) to TEST1 (11G) : need reset pass if 11G hash value is not correct
EXPLANATION:
Two hash values are stored in 11G database. One is for back-track to 10G pass authentication and the other one for new 11G authentication.
to check what hash was stored:
select username, password_versions from dba_users;
results can be:
10G
11G
10G 11G
to check the hash values
select name, password,spare4 from sys.user$;
password column is 10G hash value
spare4 column is 11G hash value(3-42) and its salt harsh value(43-63)
Reference:
http://www.notesbit.com/index.php/scripts-oracle/oracle-11g-new-password-algorithm-is-revealed-by-seclistsorg/
http://www.petefinnigan.com/sha1.sql
http://docs.oracle.com/cd/E11882_01/server.112/e25513/dynviews_1101.htm#sthref3208
http://askdba.org/weblog/2008/11/how-to-changerestore-user-password-in-11g/
No comments:
Post a Comment