測試環境19c

本地登入無異常，建立測試使用者，電腦Plsql登入提示報錯ORA-28040，處理後再次登入提示密碼錯誤，最後重置密碼再次登入OK？

通過這個問題再次測試及反思：

1.ORA-28040

[oracle@d2:/u03/app/oracle/product/19.0.0/db_1/network/admin]$ sqlplus cc/cc@192.168.60.45:1521/pp1
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Jul 24 22:32:19 2020
Version 19.5.1.0.0
Copyright (c) 1982, 2019, Oracle.  All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 
 
19.0.0.0.0 - Production
Version 19.5.1.0.0
SQL> 

[oracle@d2:/u03/app/oracle/product/19.0.0/db_1/network/admin]$ oerr ora 28040
28040, 0000, "No matching authentication protocol"
// *Cause:  There was no acceptable authentication protocol for 
//          either client or server.
// *Action: The administrator should set the values of the
 
//          SQLNET.ALLOWED_LOGON_VERSION_SERVER and 
//          SQLNET.ALLOWED_LOGON_VERSION_CLIENT parameters, on both the
//          client and on the server, to values that match the minimum 
//          version software supported in the system. 
//          This error is also raised when the client is authenticating to 
 
//          a user account which was created without a verifier suitable for
//          the client software version. In this situation, that account's 
//          password must be reset, in order for the required verifier to
//          be generated and allow authentication to proceed successfully.

$ cd $ORACLE_HOME/  
$ cd network/admin/
$ vi sqlnet.ora
SQLNET.ALLOWED_LOGON_VERSION_SERVER=10
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=10
SQLNET.ALLOWED_LOGON_VERSION=8
新增SQLNET引數即可，允許客戶端向下相容。

2.再次登入提示密碼錯誤？ 我測試環境自己建立的密碼我不知道？What

2.1 註釋SQLNET引數，重啟DB，回退最初情況
[oracle@d2:/u03/app/oracle/product/19.0.0/db_1/network/admin]$ cat sqlnet.ora   
#SQLNET.ALLOWED_LOGON_VERSION_SERVER=10
#SQLNET.ALLOWED_LOGON_VERSION_CLIENT=10
#SQLNET.ALLOWED_LOGON_VERSION=8
18c: All user connections fail with ORA-01017 except SYS when SEC_CASE_SENSITIVE_LOGON=FALSE (Doc ID 2502204.1)    
SEC_CASE_SENSITIVE_LOGON is set to false
The SEC_CASE_SENSITIVE_LOGON parameter is deprecated in 18C. It is retained for backward compatibility only.
Please check the value of SEC_CASE_SENSITIVE_LOGON parameter?
sqlplus / as sysdba
show parameter SEC_CASE_SENSITIVE_LOGON
In case it is set to false, please set it to true and try again to connect.
ALTER SYSTEM set SEC_CASE_SENSITIVE_LOGON=true;

The new Exclusive Mode default for password-based authentication in Oracle 12.2 conflicts with case-insensitive password
 configurations. All user login fails with ORA-1017 after upgrade to 12.2 (Doc ID 2075401.1)    
  Option 1.
  - Remove the deprecated instance initialization parameter
    sec_case_sensitive_logon setting of FALSE (or set
    sec_case_sensitive_logon to TRUE, the default),

  Option 2.
   - Relax the SQLNET.ALLOWED_LOGON_VERSION_SERVER setting
     in the sqlnet.ora file to a more permissive setting,
     e.g. SQLNET.ALLOWED_LOGON_VERSION_SERVER=11, as described
     in the release notes section 2.12.3.1 entitled "Bug 22031049".
   - With this option, you will also need to change the user password again so the DBA_USERS.PASSWORD_VERSIONS will get a 10G value.
     however the DES based verifier is outdated and should only be used in exceptional cases when legacy client applications
 still need it.

2.2建立測試使用者，觀察預設使用者版本

SQL> create user test1 identified by test1; 
SQL> select username,account_status,password_versions from dba_users where username='TEST1';
 USERNAME ACCOUNT_STATUS PASSWORD_VERSIONS 

---------- -------------------------------- -----------------

 TEST1 OPEN 11G 12C 
PLSQL連線提示密碼錯誤！無法連線成功
 1.PLSQL內嵌Oracle客戶端版本如下： 
Client Shared Library 32-bit - 10.2.0.5.0 
2.操作 
$ vi sqlnet.ora 
SQLNET.ALLOWED_LOGON_VERSION_SERVER=10 
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=10 
SQLNET.ALLOWED_LOGON_VERSION=8 對使用者密碼重置後 

3.再次連線成功無異常？？？ 
what? select * from sys.user$ where name='TEST1'; 
SQL> alter user test1 identified by test1; 
USER# NAME TYPE# PASSWORD SPARE4 
old   112   TEST1 1 S:4DBA24F74F1646350DAEB60073E8F72EB8A2C22A056EEF5EC041321A7451;T:CCE7B7C7816CDBB

4552B70EA36FEBB8678F80FD39868D34CA715B1C9FE431B15B39F500836735C17C3399F34AC0BD36AEEB9825
2D633EC9E0741B3CDB62B8C6D39D560F21300ADBE8C8465F322AB8CF6 
new 112 TEST1 1 22F2E341BF4B8764
 S:140AEAA0D267A26DF10E5563A7FC0B3F693359142AA00152BB69F8353C39;T:213D18A097EA5000E569394C26
2FCFD2CCF89FF2EA00749FE643417728CFB017C8E28E9A2C36A5F2E748DB8E0237F1BDF943DF32DC77FCAAE1D8171CD
4BF01B97132108782DDED756980D31CCDD38966 
可以發現SPARE4的值修改過
 SQL> select username,account_status,password_versions from dba_users where username='TEST1';
 USERNAME ACCOUNT_STATUS PASSWORD_VERSIONS 

-------------------- -------------------------------- ----------------- 
TEST1 OPEN 10G 11G 12C 
重點是重置密碼後,Oracle由預設的建立使用者的密碼版本是11g/12c 相容性增加到了10G,因此客戶端再次連線使用相同的密碼，可以正確連線到。 
猜測密碼錯誤是由於Oracle對不同密碼相容性計算的方法不同，因此相同的密碼在跨版本識別是無法識別，需要密碼重置後，Oracle判斷選擇一個合適的版本，
伺服器端能正確解析密碼，從而登入成功。
或者理解為版本不支援，重置密碼後，向下相容，能否正常登陸。