Before applying the patch below, the _CRYPTO_LEVEL parameter does not exist.

209586c - Stabilization and patch for SHA256 password encryption feature

1. For new installations

The _CRYPTO_LEVEL parameter must be set in the .TIP file.

_CRYPTO_LEVEL = 0 (MD5)
_CRYPTO_LEVEL = 1 (SHA256)

2. When applying a binary patch

1) MD5 → SHA256 Run stem.sql 

_CRYPTO_LEVEL = 1 

Restart DB

tbsql sys/tibero 

Recreate passwords for all users except sys
alter user tibero identified by tmax

2) SHA256 → MD5

Run @$TB_HOME/scripts/crypto_system_zero.sql
_CRYPTO_LEVEL = 0
Restart DB

Connect with tbsql sys/tibero

Recreate passwords for all users except sys
alter user tibero identified by tmax

3) MD5 -> MD5

Run @$TB_HOME/scripts/systbl_crypto_system.sql

This table is not directly used but is required in relation to the dba_roles view.

If this table is not created, errors may occur when changing account passwords.

4) SHA256 -> SHA256

Execute the following SQL as the sys account.

This process temporarily removes the system attribute of the _shadow_password table and adds a unique constraint to the user_id column.

delete from _shadow_password a where rowid > (select min(rowid) from _shadow_password b where b.user_id = a.user_id);
update sys._dd_obj set flags = 0 where owner_id = 0 and name = '_SHADOW_PASSWORD';
commit;
alter system flush ddc all;
alter table sys._shadow_password add unique (user_id);
update sys._dd_obj set flags = 4 where owner_id = 0 and name = '_SHADOW_PASSWORD';
commit;
alter system flush ddc all;