|Case Sensitive Passwords in Oracle Database 11g Release 1 - Understand the implications and administration of this new security feature in Oracle 11g.|
Greg said...Very precise article. Good job.
Peter Lorenzen said...Nice. Thanks.
By the way is there a way of determining if the password file was created with ingnorecase=y or n?
GJ said...Just a tiny typo in your last point on this page. You typed ignorecase=y as ingnorecase=y you might want to fix that.
Otherwise, great description!
Thanks for the heads-up. The typo is now corrected. :)
ramazan said...hi Tim,
i have question if answer me i' am appreciated to you. We change password for sys user.
for example : alter user sys identified by abc123;
and sec_case_sensitive_logon =FALSE in database.
but bu have an error with logon upper case password.
conn sys/Ab123@db as sysdba
ORA-01017: invalid username or password
what is your opinion?
Remote access to SYS is done via the password file on the server. You need to set ignorecase=y when creating the password file to allow case insensitive access to sys. This is different to logging on locally on the server (without a connect string), which behaves the same as any user.
Ammad said...Thanks so much for very helpful information.
kzsolt said...More funny:
The username at CREATE USER registerd with case sensitive if doubleqouted. But looks like at login the incomming username converted to uppercase and the compared whith case sensitive algo.
Therefore If the username is case sensitive and contain non uppercase characters then not possible to login whith...