Skip to main content
๐Ÿ““ Tibero Online Manual Click here ๐Ÿ““

Search

Welcome to Tibero GTS!

Unable to Access Passwords Containing Special Characters After Encryption Method Change

Document Type | Troubleshooting

Category | Security

Applicable Product Version | 6FS06

Document Number | TSETS003

 

Issue

When changing the encryption method from MD5 to SHA256 in Tibero6 FS06_CS_1806, passwords containing special characters cannot be accessed.
 
 
 

Cause

If the database is created using create database instead of tb_newmount, the SHA256 password encryption method is not properly applied. (tb_newmount: creates the database and then executes system.sh.)
  • system.sh adds one row for the sys account in the _shadow_password table each time it is run
 
When changing from MD5 to SHA256, the MD5 password for the sys account remains.
  • When switching from SHA256 to MD5 and then changing the password for accounts previously using SHA256, the SHA256 password still exists in shadow_password
  • The .passwd file in $TB_HOME/database/$TB_SID/ is not properly retained
 
 
 

Solutions

Apply a patch to stabilize the SHA256 password encryption function and improve the Patch Task.
(Applied patch: 209586c)
Caution
Apply the patch through technical support provided by Tmax Tibero. 
 

MD5 -> SHA256 Change Procedure

1. Check Current Status

select username, password from dba_users;
select * from vt_parameter where name = '_CRYPTO_LEVEL';
 โ†’ _CRYPTO_LEVEL = 0 // md5
      _CRYPTO_LEVEL = 1 // sha256

 

2. Check Existing Users' Passwords

Before changing from MD5 to SHA256, verify the passwords of existing users. After changing to SHA256, users cannot log in with the old passwords, so you need to reset passwords using alter user.

 

3. Execute $TB_HOME/scripts/crypto_system.sql (SYS Account)

Run $TB_HOME/scripts/crypto_system.sql from the SYS account.
This script creates the necessary system tables for SHA authentication, and the SYS account password is reset to the default. (Default: tibero)
--ex) After running crypto_system.sql

USERNAME      PASSWORD
----------    ------------------------
md5) SYS      A6sRMebBoEvNcvxfFJIcVw==
sha256) SYS   SHADOW PASSWORD
 
 

4. Add Parameter (tip file)

Add the parameter _CRYPTO_LEVEL=1 to the tip file. 

 

5. Change CRYPTO_LEVEL

alter system set _CRYPTO_LEVEL=1;

 

6. Verify sys/tibero Login

 

7. Reset Existing Users' Passwords

--Example
alter user syscat identified by syscat;
Caution
Do not use special characters or punctuation marks (') when setting passwords.

 

 

 
 

Related to