Mkstore Enforces Its Own Password Policy On Database Accounts (Doc ID 1294970.1)

Last updated on FEBRUARY 12, 2011

Applies to:

Oracle Server - Enterprise Edition - Version: 11.1.0.6 to 11.1.0.7 - Release: 11.1 to 11.1
Information in this document applies to any platform.

Symptoms

Mkstore enforces it's own password policy when creating a credential.  This is happening only when mkstore prompts you for the password. If the password is provided directly then the password policy is not enforced. Because of this it is not possible to define securely the credentials.




[oracle@seclin4 adump]$ mkstore -wrl . -create
Enter password:
Enter password again:
[oracle@seclin4 adump]$
[oracle@seclin4 adump]$
[oracle@seclin4 adump]$ mkstore -wrl . -createCredential 11106 scott tiger
Enter wallet password:
Create credential oracle.security.client.connect_string1
[oracle@seclin4 adump]$ mkstore -wrl . -deleteCredential 11106
Enter wallet password: e
Delete credential
Delete 1



[oracle@seclin4 adump]$ mkstore -wrl . -createCredential 11106 scott
Your secret/Password is missing in the command line
Enter your secret/Password:
Invalid Password....
PASSWORD_POLICY : Passwords must have a minimum length of eight characters and
contain alphabetic characters combined with numbers or special characters.
Enter your secret/Password:
Invalid Password....
PASSWORD_POLICY : Passwords must have a minimum length of eight characters and
contain alphabetic characters combined with numbers or special characters.
[oracle@seclin4 adump]$

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms