Well, that's interesting.

If it we're me , I'd reset all the non-application (users) passwords to a
temp password and expire them to have the users enter a new password at
logon.

Password expiration and prompting only works across OCI calls and not JDBC
however so you may have to give them the "alter user" statement so they can
reset their password after logging in with the temp password.

Chris

On Nov 14, 2018 5:26 PM, "Jeff Chirco" <***@gmail.com> wrote:

I am working on upgrading our 11.2.0.4 database to 12.2.0.1. In this 11g
database we had sec_case_sensitive_logon disabled but I am enabling it in
12c. I have users with "PASSWORD_VERSIONS" set to "10G 11G', and on the
12c side I have SQLNET.ALLOWED_LOGON_VERSION_SERVER = 10 set in sqlnet.ora

However I am noticing that when I try to connect in 12c I have to enter the
password in the same case that it was originally created on 11g even though
password case sensitivity was off. I thought the sqlnet setting of
ALLOWED_LOGON_VERSION_SERVER=10 would allow this?

My ideal behavior would be: in 12c users allow previously created users to
authenticate with any case password, but for newly created users (or users
that change their password) foce password case sensitivity. We have a lot
of users and some of them may not realize what case they originally created
their password with.

Let me know if you think this is possible.

Thanks,

Jeff

To my knowledge, there's no way to do what you want.

There is the sec_case_sensitive_logon parameter, which defaults to TRUE.
If you set to FALSE, it will work like it did in 11g, but every time you
start the database, you'll get a warning that deprecated parameters are set.

-Mark

We were down that road a few years back. If I remember correctly, any password entered from 11 and onwards will be stored with case. Only 10G passwords are really without case. When sec_case_sensitive_logon is enabled, then all 11G passwords onward must be entered in the same case as they were set.

In reality, when there are no passwords rules enforcing mxed case, passwords will be entered in all lower caps, mostly. In our case it only caused very few problems.

Regards Niels


Fra: oracle-l-***@freelists.org <oracle-l-***@freelists.org> PÃ¥ vegne af Jeff Chirco
Sendt: 14. november 2018 23:25
Til: oracle-l-freelist <oracle-***@freelists.org>
Emne: Password case sensitivity 11g to 12c

I am working on upgrading our 11.2.0.4 database to 12.2.0.1. In this 11g database we had sec_case_sensitive_logon disabled but I am enabling it in 12c. I have users with "PASSWORD_VERSIONS" set to "10G 11G', and on the 12c side I have SQLNET.ALLOWED_LOGON_VERSION_SERVER = 10 set in sqlnet.ora

However I am noticing that when I try to connect in 12c I have to enter the password in the same case that it was originally created on 11g even though password case sensitivity was off. I thought the sqlnet setting of ALLOWED_LOGON_VERSION_SERVER=10 would allow this?

My ideal behavior would be: in 12c users allow previously created users to authenticate with any case password, but for newly created users (or users that change their password) foce password case sensitivity. We have a lot of users and some of them may not realize what case they originally created their password with.

Let me know if you think this is possible.

Thanks,

Jeff