Starting with Oracle Database 22.214.171.124 the orapwd utility – used to create Password Files for remote authentication – enforces complexity rules for the provided password.
When you try to create a password file with a less secure password, the orapwd terminates with an OPW-00029 error.
The provided password must succeed the validation of the following password characteristics (extracted from the orapwd utility code).
- Password must contain at least 8 characters
- Password must not contain double quotes
- Password must contain at least 1 letter
- Password must contain at least 1 digit
- Password must contain at least 1 special character
- Password must not contain the username
- Password must not contain username reversed
Use strong password
To get rid of the above error, provide a password which fulfills all complexity requirements.
Create Password File in 12c format
If you cannot set a strong password, you can use the old 12c Release 1 format using the format parameter – the default for this parameter is 12.2.
Using the older 12c format has the disadvantage, that the following features are not supported.
- Granting administrative privileges to external users
- Enable SSL and Kerberos authentication for administrative users
But you have the possibilty to migrate a Password File to a newer format. During this migration the password complexity rules are ignored. You have to use different names for the involved Password Files.
A strong password for remote authentication using SYSDBA, SYSBACKUP etc. privilege is a good starting point to archieve a higher level of security accessing the database from the outside. The decision of Oracle to enforce a strong(er) password during creation time of the Password File is a little but good enhancement of the orapwd utility.
To verify the format of your Password File, just use the describe command of the orapwd utility.