Re: password iin dba_users - Oracle 11

From: Jared Still <>
Date: Wed, 21 Jan 2009 09:27:31 -0800
Message-ID: <>

On Wed, Jan 21, 2009 at 5:48 AM, John Hallas <
> wrote:

> Jared,
> I understood that the old style password hash was there to support a
> database which has been migrated from 10g to 11g and converted to use the
> new case sensitive passwords.
> As an ex 10g user changes his password or has an alter user command run
> against him he changes from the old hash to the new hash (which also
> includes case sensitivity) which is the reason why there is room to
> accommodate both hash versions.

I don't claim to know exactly why the hash and sha1 passwords are both included in
sys.user$, but that doesn't seem to fit the bill.

on an database

SQL> create user scott identified by tiger

SQL >select name, password, spare4
from sys.user$
where type#=1
and name = 'SCOTT';


--------------- --------------------
SCOTT           F894844C34402B67


1 row selected.

An interesting aside:

After exp/imp an application schema from 10.2 to using the same password
as in the old database, one of the clients could no longer connect.

The client is IIRC.

The fix was to recreate the password, all in uppercase.

Somewhere in the authentication process, the password that was input in lower case was being converted to upper case. That doesn't seem all that unusual when you consider that the old authentication was case insensitive (upper case)

It is strange that only this client was affected. I've used 9i clients to connect
to 11g databases without issue, using lower case passwords.

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

Received on Wed Jan 21 2009 - 11:27:31 CST

Original text of this message