Oracle 18c orapwd 命令 OPW-00029 Password complexity failed
Tags: Oracle
18c创建密码文件报错:
OPW-00029: Password complexity failed for SYS user : Password must contain at least 8 characters.
解决:
1 | orapwd file=orapwrac18cphy password=lhr format=12 force=y |
当忘记sys口令的时候,可以使用orapwd命令重建口令文件。但是在Oracle 18c中却会报OPW-00029的错误。
1 2 3 4 5 6 | [oracle@www.cndba.cn dbs]$ sqlplus -version SQL*Plus: Release 18.0.0.0.0 - Production Version 18.3.0.0.0 [oracle@www.cndba.cn dbs]$ orapwd file=/u01/app/oracle/product/18.3.0/db_1/dbs/orapwcndba password='oracle' OPW-00029: Password complexity failed for SYS user : Password must contain at least 8 characters. [oracle@www.cndba.cn dbs]$ |
这是因为Oracle 增强了密码验证函数:ora12c_verify_function
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/dbseg/configuring-authentication.html#GUID-F09749BF-2881-4EE5-B59D-041E4796BAC4
1 2 3 4 5 6 7 8 | The ora12c_verify_function function fulfills the Department of Defense Database Security Technical Implementation Guiderequirements. This function checks for the following requirements when users create or modify passwords: The password contains no fewer than 8 characters and includes at least one numeric and one alphabetic character. The password is not the same as the user name or the user name reversed. The password is not the same as the database name. The password does not contain the word oracle (such as oracle123). The password differs from the previous password by at least 8 characters. The password contains at least 1 special character. |
所以解决方法有两种:
1. 在指定符合验证函数的密码
1 2 | [oracle@www.cndba.cn dbs]$ orapwd file=/u01/app/oracle/product/18.3.0/db_1/dbs/orapwcndba password='$www.cndba.cn$666' [oracle@www.cndba.cn dbs]$ |
2. 在orapwd命令中指定format到12.2 之前的版本。 该参数默认是12.2. 根据命令帮助,将format指定为12即可。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [oracle@www.cndba.cn dbs]$ orapwd -h Usage 1: orapwd file=<fname> force={y|n} asm={y|n} dbuniquename=<dbname> format={12|12.2} delete={y|n} input_file=<input-fname> 'sys={y | password | external(<sys-external-name>) | global(<sys-directory-DN>)}' 'sysbackup={y | password | external(<sysbackup-external-name>) | global(<sysbackup-directory-DN>)}' 'sysdg={y | password | external(<sysdg-external-name>) | global(<sysdg-directory-DN>)}' 'syskm={y | password | external(<syskm-external-name>) | global(<syskm-directory-DN>)}' [oracle@www.cndba.cn dbs]$ orapwd file=/u01/app/oracle/product/18.3.0/db_1/dbs/orapwcndba password='oracle' format=12 [oracle@www.cndba.cn dbs]$ |
When I tried to create a password file for a 12.2 database, it initially failed with my favorite (simple) password:
1 2 | [oracle@uhesse dbs]$ orapwd file=$ORACLE_HOME/dbs/orapwprima password=oracle OPW-00029: Password complexity failed for SYS user : Password must contain at least 8 characters. |
Two options to resolve this: Either provide a password that passes the complexity check, like:
1 | [oracle@uhesse dbs]$ orapwd file=$ORACLE_HOME/dbs/orapwprima password=Very_Complex§1 |
Or create the password file in 12.1 format (default being 12.2 format)
1 2 3 | [oracle@uhesse dbs]$ orapwd describe file=orapwprimaPassword file Description : format=12.2 [oracle@uhesse dbs]$ rm orapwprima[oracle@uhesse dbs]$ orapwd file=$ORACLE_HOME/dbs/orapwprima password=oracle format=12 [oracle@uhesse dbs]$ orapwd describe file=orapwprimaPassword file Description : format=12 |
The only drawback of the 12.1 format seems to be the lack of support for granting administrative privileges to external users and enabling SSL and Kerberos authentication for administrative users, according to the documentation . Which means for me I will keep my passwords simple
