Password verification during Oracle user Creation
We need to perform some performance tests in the test environment today. In order not to affect the original data, we need to create a temporary schema. However, the following error is reported during creation.
SQL> create user mig_perf identified by mig_perf;
Create user mig_perf identified by mig_perf
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20002: Password same as or similar to user
The first thing I feel is that I have enabled password verification. There is a new feature in the 11g that is case sensitive to the password. Will it be associated. It seems a little far-fetched, but the current option is false, indicating that it is not case sensitive.
SQL> show parameter sen
NAME TYPE VALUE
-----------------------------------------------------------------------------
Sec_case_sensitive_logon boolean FALSE
If there is still a problem, you need to start with profie. For example, if the logon password is more than 10 times, the account will be locked. These are all configured in the profile.
To see what information can be obtained.
Select * from dba_profiles order by profile;
SQL>/
PROFILE RESOURCE_NAME RESOURCE LIMIT
--------------------------------------------------------------------------------------------------------------
DBAMON_PF1 COMPOSITE_LIMIT KERNEL UNLIMITED
DBAMON_PF1 SESSIONS_PER_USER KERNEL 10
DBAMON_PF1 CPU_PER_SESSION KERNEL UNLIMITED
DBAMON_PF1 CPU_PER_CALL KERNEL UNLIMITED
DBAMON_PF1 LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DBAMON_PF1 LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DBAMON_PF1 IDLE_TIME KERNEL UNLIMITED
DBAMON_PF1 CONNECT_TIME KERNEL UNLIMITED
DBAMON_PF1 PRIVATE_SGA KERNEL DEFAULT
DBAMON_PF1 FAILED_LOGIN_ATTEMPTS PASSWORD 10
DBAMON_PF1 PASSWORD_LIFE_TIME PASSWORD UNLIMITED
DBAMON_PF1 PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DBAMON_PF1 PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DBAMON_PF1 PASSWORD_VERIFY_FUNCTION PASSWORD VERIFY_FUNCTION
DBAMON_PF1 PASSWORD_LOCK_TIME PASSWORD. 0106
DBAMON_PF1 PASSWORD_GRACE_TIME PASSWORD UNLIMITED
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD VERIFY_FUNCTION_11G
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7
The profile is not specified for the new user I created, so it will be the default profile. There are some differences in the corresponding "PASSWORD_VERIFY_FUNCTION.
It seems that the security of the password is enhanced. Let's take a look at the relevant simple tests and see what verification has been done for the password verification.
SQL> create user mig_perf identified by mig_perf1;
Create user mig_perf identified by mig_perf1
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20005: Password same as or similar to user name
SQL> create user mig_perf identified by abc;
Create user mig_perf identified by abc
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password length less than 8
SQL> create user mig_perf identified by abcabc12;
User created.
SQL> drop user mig_perf;
User dropped.
Of course, "PASSWORD VERIFY_FUNCTION_11G" is actually implemented by a function. For details, see $ Oracle_HOME/rdbms/admin/utlpwdmg. SQL.
> Ls-lrt utlpwd *
-Rw-r -- 1 oraccbs1 dba 11555 Aug 13 2006 utlpwdmg. SQL
-- This script sets the default password resource parameters
-- This script needs to be run to enable the password features.
-- However the default resource parameters can be changed based
-- On the need.
-- A default password complexity function is also provided.
-- This function makes the minimum complexity checks like
-- The minimum length of the password, password not same as
-- Username, etc. The user may enhance this function according
-- The need.
-- This function must be created in SYS schema.
-- Connect sys/<password> as sysdba before running the script
Create or replace function verify_function_11G
(Username varchar2,
Password varchar2,
Old_password varchar2)
RETURN boolean IS
N boolean;
M integer;
Differ integer;
Isdigit boolean;
Ischar boolean;
Ispunct boolean;
Db_name varchar2 (40 );
Digitarray varchar2 (20 );
Punctarray varchar2 (25 );
Chararray varchar2 (52 );
I _char varchar2 (10 );
Simple_password varchar2 (10 );
Reverse_user varchar2 (32 );
BEGIN
Digitarray: = '000000 ';
Chararray: = 'abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxy ';
....
It is also reflected in the 11 GB Data Dictionary. We can see that the following user passwords are 10 GB and 11 GB.
There is a password_version column in dba_users.
**************************************** **************************************** **********************
* General Details *
**************************************** **************************************** **********************
USERNAME Default Tablespace created profile PASSWORD_V
--------------------------------------------------------------------------
MIG_PERF DATAS01 31-MAR-14 DEFAULT 10G 11G
Some related links are as follows:
How To Enforce Mixed Case Passwords When sec_case_sensitive_logon = true? (Docid 1307555.1)
ORA-603 ORA-604 ORA-1001 ORA-28003 when PASSWORD_VERIFY_FUNCTION Returns FALSE (Doc ID 1264842.1) -- this is a bug before 11.2.0.2
ORA-28003 Error When Use 'password Complexity Verification '(Doc ID 132096.1) -- alter user identified by Error WA
--------------------------------------------------------------------------------
Installing Oracle 12C in Linux-6-64
Install Oracle 11gR2 (x64) in CentOS 6.4)
Steps for installing Oracle 11gR2 in vmwarevm
Install Oracle 11g XE R2 In Debian
--------------------------------------------------------------------------------