I have a fairly simple C-program, which connects to Oracle databases using the olog() function:
if (olog(&lda, NULL,
(OraText *)user, -1,
(OraText *)password, -1,
(OraText *)sid, sidlen,
OCI_LM_DEF)) {
errx(EX_NOPERM, "Logging into Oracle failed: %s",
oraerr(&lda, buf, sizeof(buf)));
}
This usually just works... Recently we started deploying new Oracle servers (version 19c) and found the above code failing with ORA-01017 (invalid credentials), even though the same username/password are working with other tools (such as sqlplus).
What finally helped was:
- Set SQLNET.ALLOWED_VERSION_CLIENT=8.
- Reset the passwords -- to the same strings -- after the above change.
Why were these manipulations necessary? I understand, that olog() is an old API, but, as long as it is still included in the client library (we now use 18c on the client), it should "just work", shouldn't it?
It is not any less secure, than the newer OCILogon() -- both take username and password in clear text. So why does using olog() require gimmicks on the server to work -- and fails with a bogus error-message until the gimmicks are applied?
Perhaps, there is a way to make it work -- such as by setting something in the lda-structure (currently I simply bzero it before calling olog()).
(To those, who'd switch topic to tell me to change the API: no, I cannot do that, because the same program still needs to compile against much older Oracle-clients on some of our systems.)