ORACLE12.2中使用者無法登陸報ORA-01017的解決辦法

錯誤現象：

在ORACLE12.2中建立一個使用者linfy後，登陸:
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 ORCLPDB READ WRITE NO
SQL> alter session set container=orclpdb;
Session altered.
SQL> conn linfy/linfy@orclpdb
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.

原因：將系統引數sec_case_sensitive_logon設定成FALSE導致。

SQL> show parameter sec

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
db_securefile string PREFERRED
optimizer_secure_view_merging boolean TRUE
sec_case_sensitive_logon boolean FALSE

原因分析：

SQL> select PASSWORD_VERSIONS from cdb_users where username='LINFY';

PASSWORD_VERSIONS
-----------------
11G 12C

參見官方文件：
The new Exclusive Mode default for password-based authentication in Oracle 12.2 conflicts with case-insensitive password configurations. All user login fails with ORA-1017 after upgrade to 12.2 (文件 ID 2075401.1)

具體內容如下：

The ability for a client to authenticate depends on the DBA_USERS.PASSWORD_VERSIONS value on the server for that account.

Note the following implications of setting the value to 12 or 12a:

The setting SEC_CASE_SENSITIVE_LOGON=FALSE must not be used because case insensitivity requires the use of the 10G password version. If it is set as FALSE, then user accounts and secure roles become unusable because Exclusive Mode excludes the use of the 10G password version. The SEC_CASE_SENSITIVE_LOGONinitialization parameter enables or disables case sensitivity for passwords.

Note:
The use of the Oracle instance initialization parameter SEC_CASE_SENSITIVE_LOGON is deprecated in favor of setting the SQLNET.ALLOWED_LOGON_VERSION_SERVER parameter to 12 or 12a to ensure that passwords are treated in a case-sensitive fashion.

解決辦法：
SQL> alter system set sec_case_sensitive_logon=TRUE;
System altered.

SQL> conn linfy/linfy@orclpdb
Connected.

ORACLE12.2中使用者無法登陸報ORA-01017的解決辦法