或许你不知的ORACLE秘密系列一
Oracle 11g introduces Case-sensitive passwords for database authentication. Along with this if you wish to change the password (temporarily) and reset it back to old , you will find that password field in dba_users is empty. Prior to 11g we could use following technique to change/restore password
SQL> create user liu identified by liu;User created. www.zzzyk.com
SQL> grant create session to liu;Grant succeeded.
SQL> conn sys as sysdbaEnter password:Connected.
SQL> select username,password from dba_users where username='LIU';
USERNAME PASSWORD
------------------------------ ------------------------------
LIU 9DEC0D889E8E9A6B
SQL> alter user amit identified by abc;
User altered.
SQL> conn amit/abc www.zzzyk.com
Connected.
SQL> conn sys as sysdba
Enter password:
Connected.
SQL> alter user LIU identified by values'9DEC0D889E8E9A6B';
User altered.
SQL> conn liu/liu
Connected.
In 11g if you query password field, itwill return NULL.
SQL> select username,password fromdba_users where username='LIU';
USERNAME PASSWORD
------------------------------------------------------------
LIU
Let’s first see Case-sensitive passwordfeature in 11g and then steps to change/restore passwords
SYS@orcl>create user LIU IDENTIFIED BYLIU;
用户已创建。
SYS@orcl>GRANT CONNECT TO LIU;
授权成功。
SYS@orcl>conn liu/liu
ERROR:
ORA-01017: invalid username/password;logon denied
警告:您不再连接到 ORACLE。
@>CONN LIU/LIU
已连接。
LIU@orcl>
This behavior is controlled by“sec_case_sensitive_logon”initialization paramter. If the value is true then it will enforce casesensitive passwords
LIU@orcl>conn / as sysdba
已连接。
SYS@orcl>SHO PARAMETER PFILE
NAME TYPE VALUE
----------------------------------------------- ------------------------------
spfile string \opt\DBHOME_1\DATABASE\SPFILE
ORCL.ORA
SYS@orcl>sho parameter sec_case_sensi
NAME TYPE VALUE
----------------------------------------------- ------------------------------
sec_case_sensitive_logon boolean TRUE
SYS@orcl>alter system setsec_case_sensitive_logon=false;
系统已更改。
SYS@orcl>conn liu/liu
已连接。
LIU@orcl>alter system setsec_case_sensitive_logon=true;
alter system setsec_case_sensitive_logon=true
*
第 1行出现错误:
ORA-01031:权限不足
LIU@orcl>conn / as sysdba
已连接。
SYS@orcl>alter system setsec_case_sensitive_logon=true;
系统已更改。
SYS@orcl>conn liu/LIU;
已连接。
LIU@orcl>conn liu/liu
ERROR:
ORA-01017: invalid username/password; logondenied
警告:您不再连接到 ORACLE。
Now to reset the password in 11g, we needto query spare4 column in user$ table
@>conn / as sysdba
已连接。
SYS@orcl>select spare4 from user$ wherename='LIU';
SPARE4
----------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------
S:813731A84040EA2C4DF1545B869495ECA28C81486A11E5E19344F88BA312
SYS@orcl>ALTER USER LIU IDENTIFIED BYABC;
用户已更改。
SYS@orcl>CONN LIU/ABC
已连接。
LIU@orcl>CONN / AS SYSDBA
已连接。
SYS@orcl>ALTER USER LIU IDENTIFIEDBY VALUES'S:813731A84040EA2C4DF1545B869495ECA28C81486A11E5E19344F88BA312';
用户已更改。
SYS@orcl>CONN LIU/ABC
ERROR:
ORA-01017: invalid username/password;logon denied
警告:您不再连接到 ORACLE。
@>CONN / AS SYSDBA
已连接。
SYS@orcl>conn LIU/LIU
已连接。
LIU@orcl>
As per Metalink Note429465.1 , view DBA_USERS has new column PASSWORD_VERSIONS rendered as follows:
decode(length(u.password),16,'10G',NULL)||NVL2(u.spare4, '11G ' ,NULL)
for example:
SYS@orcl>SELECT USERNAME,PASSWORD_VERSIONSFROM DBA_USERS WHERE USERNAME='LIU';
USERNAME PASSWORD
------------------------------ --------
LIU 11G
SYS@orcl>SELECT USERNAME,PASSWORD_VERSIONSFROM DBA_USERS WHERE USERNAME IN ('SYS','DNA','LIU');
USERNAME PASSWORD
------------------------------ --------
SYS 10G 11G
DNA 10G 11G
LIU 11G
In this case it means both old andnew-style hash values are available for the users--SYS,DNA, the new hash valueis stored in the USER$.SPARE4 column, as long as this remains NULL it means thepassword has not been changed since the migration and the user will have theold case insensitive password.
SYS@orcl>CREATE USER LIU2 IDENTIFIED BYLIU2;
用户已创建。
SYS@orcl>SELECTUSERNAME,PASSWORD_VERSIONS FROM DBA_USERS WHERE USERNAME IN('SYS','DNA','LIU','LIU2');
USERNAME PASSWORD
------------------------------ --------
SYS 10G 11G
LIU 11G
LIU2 10G 11G
DNA 10G 11G
As I had reset passwordusing only spare4 string, password will be case -sensitive irrespective ofsetting for sec_case_sensitive_logon parameter value
Upd