创建用户时的密码校验问题(r2第34天)

作者: admin 分类: 公众号存档            0 次浏览 发布时间: 2014-07-15 13:09

公众号:杨建荣的学习笔记 · 作者:r2第34天 · 发布:2014-07-15 13:09:40 · 原文链接

今天需要在测试环境中做一些性能测试,为了不影响原有的数据,准备创建一个临时的schema。但是创建的时候报了如下的错误。
SQL> create user mig_perf identified by mig_perf;
create user mig_perf identified by mig_perf
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20002: Password same as or similar to user

第一感觉就是开启了密码的校验,11g里面有一个新特性的关于密码的大小写敏感的,会不会有关联呢。似乎有些牵强,但是目前是false选项,表示不对大小写敏感。

SQL> show parameter sen
NAME TYPE VALUE
———————————— ———– ——————————
sec_case_sensitive_logon boolean FALSE

如果还有问题,就需要从profie的角度入手了,比如登录密码超过10次,账户就会锁定,这些都是在profile里面配置的。
来看看能得到什么信息。

select *from dba_profiles order by profile;
SQL> /

PROFILE RESOURCE_NAME RESOURCE LIMIT
—————————— ——————————– ——– —————————————-
DBAMON_PF1 COMPOSITE_LIMIT KERNEL UNLIMITED
DBAMON_PF1 SESSIONS_PER_USER KERNEL 10
DBAMON_PF1 CPU_PER_SESSION KERNEL UNLIMITED
DBAMON_PF1 CPU_PER_CALL KERNEL UNLIMITED
DBAMON_PF1 LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DBAMON_PF1 LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DBAMON_PF1 IDLE_TIME KERNEL UNLIMITED
DBAMON_PF1 CONNECT_TIME KERNEL UNLIMITED
DBAMON_PF1 PRIVATE_SGA KERNEL DEFAULT
DBAMON_PF1 FAILED_LOGIN_ATTEMPTS PASSWORD 10
DBAMON_PF1 PASSWORD_LIFE_TIME PASSWORD UNLIMITED
DBAMON_PF1 PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DBAMON_PF1 PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DBAMON_PF1 PASSWORD_VERIFY_FUNCTION PASSWORD VERIFY_FUNCTION
DBAMON_PF1 PASSWORD_LOCK_TIME PASSWORD .0106
DBAMON_PF1 PASSWORD_GRACE_TIME PASSWORD UNLIMITED
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD VERIFY_FUNCTION_11G
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7

我创建的新用户,没有指定profile,所以会是默认的default profile,对应的”PASSWORD_VERIFY_FUNCTION” 有一些差别。
看来是对于密码安全的加强,来看看相关的简单测试,看看密码验证还都做了那些校验。
SQL> create user mig_perf identified by mig_perf1;
create user mig_perf identified by mig_perf1
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20005: Password same as or similar to user name

SQL> create user mig_perf identified by abc;
create user mig_perf identified by abc
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password length less than 8

SQL> create user mig_perf identified by abcabc12;
User created.

SQL> drop user mig_perf;
User dropped.

当然了“PASSWORD VERIFY_FUNCTION_11G”其实是一个function来实现的。具体的细节可以在$ORACLE_HOME/rdbms/admin/utlpwdmg.sql中查看。
> ls -lrt utlpwd*
-rw-r–r– 1 oraccbs1 dba 11555 Aug 13 2006 utlpwdmg.sql

— This script sets the default password resource parameters
— This script needs to be run to enable the password features.
— However the default resource parameters can be changed based
— on the need.
— A default password complexity function is also provided.
— This function makes the minimum complexity checks like
— the minimum length of the password, password not same as the
— username, etc. The user may enhance this function according to
— the need.
— This function must be created in SYS schema.
— connect sys/<password> as sysdba before running the script

CREATE OR REPLACE FUNCTION verify_function_11G
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
n boolean;
m integer;
differ integer;
isdigit boolean;
ischar boolean;
ispunct boolean;
db_name varchar2(40);
digitarray varchar2(20);
punctarray varchar2(25);
chararray varchar2(52);
i_char varchar2(10);
simple_password varchar2(10);
reverse_user varchar2(32);

BEGIN
digitarray:= ‘0123456789’;
chararray:= ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ’;
。。。。

而且在11g的数据字典里也有所体现,可以看到如下的用户密码是10g,11g的
在dba_users中有一列 password_version
******************************************************************************************************
* General Details *
******************************************************************************************************
USERNAME Default Tablespace CREATED PROFILE PASSWORD_V
————————- ——————– ——— ———- ———-
MIG_PERF DATAS01 31-MAR-14 DEFAULT 10G 11G

一些相关的链接如下:
How To Enforce Mixed Case Passwords When sec_case_sensitive_logon = true? (Doc ID 1307555.1)
ORA-603 ORA-604 ORA-1001 ORA-28003 when PASSWORD_VERIFY_FUNCTION Returns FALSE (Doc ID 1264842.1) –这是一个11.2.0.2以前的bug
ORA-28003 Error When Use ‘Password Complexity Verification’ (Doc ID 132096.1) –alter user identified by 错误的WA

admin

杨建荣,《Oracle DBA工作笔记》《MySQL DBA工作笔记》作者,dbaplus社群发起人之一,腾讯云TVP,现任竞技世界系统部经理,拥有十多年数据库开发和运维经验,目前专注于开源技术、运维自动化和性能调优

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注