Enabling Case-Sensitive Passwords with E-Business Release 12

Password security and complexity is often a concern for security and audit teams.  With the recent release of patch 12964564, Oracle E-Business Suite Release 12.1.1 with a minimum database level of 11gR1 now supports password case sensitivity.  Let's review this database feature in greater detail.  

Password case sensitivity was introduced with Oracle Database 11gR1.  Passwords were not case sensitive in earlier versions.  For Oracle database versions prior to 11gR1, the passwords "Manager", "MANAGER", and "manager" were all equivalent.  In an 11gR1 database and higher with password case sensitivity turned on, each of these passwords, "Manager", "MANAGER" and "manager" are unique passwords with unique hash values.  

Password case sensitivity is turned on by default for any newly created 11gR1 or higher database .  The database parameter for this feature is SEC_CASE_SENSITIVE_LOGON:

  • When this parameter is set to TRUE, password case sensitivity is enabled.
  • When set to FALSE, it is disabled.  
The DBA_USERS view now has a PASSWORD_VERSIONS column that indicates the database release in which the password was created or last modified. 

If you have migrated from a prior database version to 11gR1 and SEC_CASE_SENSITIVE_LOGON is set to true, the default behavior is as follows:
  • Existing users must first initiate a password change for password case sensitivity to be enforced
  • New users created in the 11g database will automatically use password case sensitivity 

The following example on a generic database -- not an E-Business Suite database -- illustrates how the password case sensitivity feature works in 11g.

First, a new user, "newuser1",  is created in an 11g database.

Next, information from the DBA_USERS view is displayed.

The following shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is disabled.

Finally, the following  shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is enabled.


For instructions on how to enable password case sensitivity with EBS R12.1.1 running on the 11gR1 Database and higher, please refer to the following MOS documentation:

Related Articles

Comments:

There's a bit of extra info needed, for
"sec_case_sensitive_logon: When set to FALSE, password case sensitivity is disabled."
Please remember that in 11g, if SQLNET.ALLOWED_LOGON_VERSION is set to 11,
that only the 11G verifier would be generated for newly-created users (look in DBA_USERS.PASSWORD_VERSIONS column to determine the verifiers which exist for any given user account), or if the user's password was changed, and the 11G verifier is always case sensitive, irrespective of the setting of sec_case_sensitive_logon. So if only an 11G verifier exists for an account, that authentication to that account would only ever take place WITH case sensitivity. Just my two cents.

Posted by guest on January 19, 2012 at 10:21 AM PST #

Hello

A follow up question on case sensitivity. There are a lot of posts on case sensitivity and passwords, but does Oracle EBS support case sensitive user names? I know the database supports case sensitive users, but is there a setting in EBS to enable this in the screens?

Magnus

Posted by guest on January 15, 2013 at 01:14 AM PST #

Hello, Magnus,

EBS usernames are not case sensitive. As far as I'm aware, there's no plans for this. Can you elaborate on your use-case? For example, are you synchronizing the E-Business Suite namespace with an external LDAP that's case-sensitive?

Regards,
Steven

Posted by Steven Chan on January 16, 2013 at 08:46 AM PST #

Hello Steven

Thank you for your reply.
Yes, that is exactly what we are doing.

Regards,

Magnus

Posted by guest on January 30, 2013 at 11:49 PM PST #

Hello Stevan,
I have been told by Oracle Support that the patch 12964564 can only be applied if I am on EBS version 12.1.3. All this while, I was under the impression that if I apply the two pre-req patches for 12964564 (R12.ATG_PF.B.delta.3 & R12.AD.B.delta.3), I could have this patch applied on 12.1.1. The initial paragraph of this blog entry also indicates the same.

Can you throw some light on this?

Regards, Jithin.

Posted by guest on February 20, 2013 at 12:12 AM PST #

I am working on EBS 12.2.4 and database is upgraded to 12.1.0.1. Whenever I start the databae I am getting message "ORA-32004: obsolete or deprecated parameter(s) specified for RDBMS instance". I know the reason of the above mesage, because of I am using parameter "sec_case_sensitive_logon = FALSE" in init.ora.

How I can remove this parameter, is it possible to apply above patch on R12.2.4 environment

Posted by guest on October 26, 2014 at 11:56 AM PDT #

Hello, Guest,

I'm sorry to hear that you've encountered an issue with this.

We can provide general conceptual guidance here, but I'm afraid that this blog isn't the best place to get technical support for specific issues like the one that you're working through.

Your best bet would be to log a formal Service Request via My Oracle Support (formerly Metalink) to get one of our specialists engaged.

Please feel free to forward your Service Request number to me if it gets stuck in the support process for some reason.

Regards,
Steven

Posted by Steven Chan on October 27, 2014 at 10:21 AM PDT #

Thank you , I raised an SR

Posted by Satheesh Kumar on October 27, 2014 at 08:41 PM PDT #

This is my SR 3-9794179511

Posted by Satheesh Kumar on October 28, 2014 at 04:51 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Search

Categories
Archives
« August 2015
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today