oracle 12c ORA-28040: No matching authentication protocol method

Due to the password validation rules in 12c, including 12.1. * and 12.2. * versions, the new database failed to login with the correct password.
Question 1: No matching authentication protocol
Official Reference Documents: http://docs.oracle.com/database/121/NETRF/sqlnet.htm#NETRF2010
There are mainly two parameters involved here:
SQLNET.ALLOWED_LOGON_VERSION and SQLNET.ALLOWED_LOGON_VERSION_SERVER
The explanation is as follows:

From official documents:

SQLNET.ALLOWED_LOGON_VERSION_CLIENT
Purpose

To set the minimum authentication protocol allowed for clients, and when a server is acting as a client, such as connecting over a database link, when connecting to Oracle Database instances.

Usage Notes

The term VERSION in the parameter name refers to the version of the authentication protocol, not the Oracle Database release.

If the version does not meet or exceed the value defined by this parameter, then authentication fails with an ORA-28040: No matching authentication protocol error.

alues

12a for Oracle Database 12c Release 1 (12.1) release 12.1.0.2 or later

12 for the critical patch updates CPUOct2012 and later Oracle Database 11g authentication protocols (recommended)

11 for Oracle Database 11g authentication protocols (default)

10 for Oracle Database 10g authentication protocols

8 for Oracle8i authentication protocol

Default

11

Example

If an Oracle Database 12c database hosts a database link to an Oracle Database 10g database, then the SQLNET.ALLOWED_LOGON_VERSION_CLIENT parameter should be set as follows in order for the database link connection to proceed:

SQLNET.ALLOWED_LOGON_VERSION_CLIENT=10
SQLNET.ALLOWED_LOGON_VERSION_SERVER
Purpose

To set the minimum authentication protocol allowed when connecting to Oracle Database instances.

Usage Notes
The term VERSION in the parameter name refers to the version of the authentication protocol, not the Oracle Database release.

If the client version does not meet or exceed the value defined by this parameter, then authentication fails with an ORA-28040: No matching authentication protocol error or an ORA-03134: Connections to this server version are no longer supported error.

 Values



12a for Oracle Database 12c release 12.1.0.2 or later authentication protocols (strongest protection)

12 for the critical patch updates CPUOct2012 and later Oracle Database 11g authentication protocols (recommended)

11 for Oracle Database 11g authentication protocols (default)

10 for Oracle Database 10g authentication protocols

9 for Oracle9i Database authentication protocol

8 for Oracle8i Database authentication protoco

Question 2: User name password error

Since the 12c password is preceded by a "C\", the password creation rules need to be rewritten here:

alter system set common_user_prefix='' scope=spfile

Since we first write the password and then change the password verification rules, we will make mistakes even if we log in with the correct password.
Here we need to re-alter the user password in the database to authenticate the password properly.

Because I installed EMCC on my side and connected 12c through weblogic, because I used the weblog version 1036, my parameters were set as follows:

SQLNET.ALLOWED_LOGON_VERSION_SERVER=11

Tags: Database Oracle Weblogic Attribute

Posted on Fri, 08 Feb 2019 13:42:17 -0500 by Mzor