Wednesday, May 24, 2017

It’s the end for sec_case_sensitive_logon

I’ve been using sec_case_sensitive_logon set to FALSE for quite a while. I do this because many of the scripts I use have been written over the year and the password in them has not always been well managed so to say.  However in 12.2 this has come to a hard stop.  Oracle has been saying this is being deprecated/unsupported and it sure is now!

If you set sec_case_sensitive_logon to FALSE in 12.2 it effectively makes sets the instance to “restricted logins” the only way to connect is with “AS SYSDBA”.   The weird thing is that the error you get doesn’t lead you do this at all.  So with is set to FALSE I’d get this behavior:

SQL> conn op/op
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.

With it set to TRUE:

SQL> conn op/op

It sure would have been nice for something else to be mentioned about this.  I looked in the alert log and nothing there.   None of the trace files mentioned anything useful.  I search OTN and everywhere else.  Fortunately with some help from my buddies via twitter we were able to figure it out.  Thanks Jeremy!

For those of you who might have it in your SPFILE, to remove it from the file so you don't get the annoying "ORA-32004: obsolete or deprecated parameter(s) specified for RDBMS instance" at startup:

 SQL> alter system reset sec_case_sensitive_logon scope=spfile;

No comments:

Post a Comment