Enabling Case-Sensitive Passwords with E-Business Release 12

Password security and complexity is often a concern for security and audit teams.  With the recent release of patch 12964564, Oracle E-Business Suite Release 12.1.1 with a minimum database level of 11gR1 now supports password case sensitivity.  Let's review this database feature in greater detail.  

Password case sensitivity was introduced with Oracle Database 11gR1.  Passwords were not case sensitive in earlier versions.  For Oracle database versions prior to 11gR1, the passwords "Manager", "MANAGER", and "manager" were all equivalent.  In an 11gR1 database and higher with password case sensitivity turned on, each of these passwords, "Manager", "MANAGER" and "manager" are unique passwords with unique hash values.  

Password case sensitivity is turned on by default for any newly created 11gR1 or higher database .  The database parameter for this feature is SEC_CASE_SENSITIVE_LOGON:

  • When this parameter is set to TRUE, password case sensitivity is enabled.
  • When set to FALSE, it is disabled.  
The DBA_USERS view now has a PASSWORD_VERSIONS column that indicates the database release in which the password was created or last modified. 

If you have migrated from a prior database version to 11gR1 and SEC_CASE_SENSITIVE_LOGON is set to true, the default behavior is as follows:
  • Existing users must first initiate a password change for password case sensitivity to be enforced
  • New users created in the 11g database will automatically use password case sensitivity 

The following example on a generic database -- not an E-Business Suite database -- illustrates how the password case sensitivity feature works in 11g.

First, a new user, "newuser1",  is created in an 11g database.

Next, information from the DBA_USERS view is displayed.

The following shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is disabled.

Finally, the following  shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is enabled.


For instructions on how to enable password case sensitivity with EBS R12.1.1 running on the 11gR1 Database and higher, please refer to the following MOS documentation:

Related Articles

Comments:

There's a bit of extra info needed, for
"sec_case_sensitive_logon: When set to FALSE, password case sensitivity is disabled."
Please remember that in 11g, if SQLNET.ALLOWED_LOGON_VERSION is set to 11,
that only the 11G verifier would be generated for newly-created users (look in DBA_USERS.PASSWORD_VERSIONS column to determine the verifiers which exist for any given user account), or if the user's password was changed, and the 11G verifier is always case sensitive, irrespective of the setting of sec_case_sensitive_logon. So if only an 11G verifier exists for an account, that authentication to that account would only ever take place WITH case sensitivity. Just my two cents.

Posted by guest on January 19, 2012 at 10:21 AM PST #

Hello

A follow up question on case sensitivity. There are a lot of posts on case sensitivity and passwords, but does Oracle EBS support case sensitive user names? I know the database supports case sensitive users, but is there a setting in EBS to enable this in the screens?

Magnus

Posted by guest on January 15, 2013 at 01:14 AM PST #

Hello, Magnus,

EBS usernames are not case sensitive. As far as I'm aware, there's no plans for this. Can you elaborate on your use-case? For example, are you synchronizing the E-Business Suite namespace with an external LDAP that's case-sensitive?

Regards,
Steven

Posted by Steven Chan on January 16, 2013 at 08:46 AM PST #

Hello Steven

Thank you for your reply.
Yes, that is exactly what we are doing.

Regards,

Magnus

Posted by guest on January 30, 2013 at 11:49 PM PST #

Hello Stevan,
I have been told by Oracle Support that the patch 12964564 can only be applied if I am on EBS version 12.1.3. All this while, I was under the impression that if I apply the two pre-req patches for 12964564 (R12.ATG_PF.B.delta.3 & R12.AD.B.delta.3), I could have this patch applied on 12.1.1. The initial paragraph of this blog entry also indicates the same.

Can you throw some light on this?

Regards, Jithin.

Posted by guest on February 20, 2013 at 12:12 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today