Once all of your users have the minimum level of hash that you require, set the sqlnet.allowed_logon_version_client and sqlnet.allowed_logon_version_server parameter on your server as described here ( ) to enforce that minimum level of authentication protocol usage going forward. You will have to use your best judgement on how to force each user to change their password.
Assuming that they have clients like sqlplus that support handling expired passwords, you can force users to do it themselves by expiring their accounts with ALTER USER username PASSWORD EXPIRE Īs warned however, not all client applications can handle this and may just prevent the user from logging in entirely.
You cannot do it for them without knowing what the actual password was (knowing the 10G hash will not help). If there are in fact users with only a 10G hash as shown above, then they must reset their password to have Oracle create valid hashes for 11G or 12C authentication protocols.
If they also have 11G or 12C (or whatever is the minimum level you desire them to have) then there is no need to change or update individual users - just skip to setting the sqlnet.ora parameters described below to enforce the minimum authentication protocol usage you desire.Ĭheck your password hash versions for each user with this query: select username, password_versions from dba_users order by 2 The exercise of updating the password hash that you reference is only necessary if you have users that only have a 10G password hash.
0 kommentar(er)
