I try to enable Database Vault on an existing 12.2 database.
A proper document to follow is How To Enable Database Vault in a 12c database ? (Doc ID 2112167.1)
At some point it tells to run
@$ORACLE_HOME/rdbms/admin/catmac.sql system temp <system_password>
unfortunately this fails with
CREATE USER dvsys IDENTIFIED BY "D_DVSYSPW" * ERROR at line 1: ORA-28003: password verification for the specified password failed ORA-20025: Password must contain at least 1 digit(s)(you need to spool the results into a file to find it in the output stream)
The reason is obvious:
SQL> select * from dba_profiles where resource_name='PASSWORD_VERIFY_FUNCTION' and Profile='DEFAULT'; PROFILE RESOURCE_NAME RESOURCE LIMIT COM ------------------------------ -------------------------------- -------- ---------------------------------------- --- DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD ORA12C_VERIFY_FUNCTION NO
and so is the solution:
alter profile default limit PASSWORD_VERIFY_FUNCTION null; @$ORACLE_HOME/rdbms/admin/catmac.sql system temp <system_password>alter profile default limit PASSWORD_VERIFY_FUNCTION ORA12C_VERIFY_FUNCTION;
Oracle requires to disable a security feature to enable another one.
In this sandbox environment it's not a specific, hand-made password verify function. It's the default one from oracle.
It would be very nice if oracle would test it's security features to run with each other.
There is no problem for me, but I'm wondering how serious (holistic) Oracle takes "security"?