During one of my last consulting missions, I had to install Oracle Database Vault on an existing Oracle environment. It clearly was not a straigthforward process, since I experienced some weird errors such as: ORA-28003: password verification for the specified password failed, ORA-20001: Password length less than 8, and ORA-01917: user or role ‘LBACSYS’ does not exist.
After having a look at several log files, I found the root causes of this error. Below, you will find a solution in order to bypass this pitfall.
First of all, let’s start by checking that Oracle Database Vault has not been compiled with the current Oracle binaries:
In order to be able to compile Oracle with the Database Vault option, it is mandatory to install Oracle Label Security first. For both components, we can use chopt:
For additional information on the chopt command, please have a look on Yann Neuhaus blog.
Once your Oracle binaries are compiled with both components, we can proceed with DBCA (DataBase Configuration Assistant):
1. Select “Configure Database Options”:
2. Select the database where you want to configure Database Vault:
3. Tick the radio button “Configure Database for local management”:
4. Select the option that fits your Directory Service needs best – in my case: “No, keep the database registrated”:
5. Select Oracle “Label Security”, “Enterprise Manager Repository” and “Oracle Database Vault”:
6. Create a Database Vault Owner with his dedicated password and optionally a Separate Account Manager. You can find more information regarding Database Vault access rights policy on Oracle Documentation on the following address: http://docs.oracle.com/cd/E11882_01/server.112/e23090/getting_started.htm
7. Set the DBSNMP and SYSMAN passwords:
8. Select the connection mode that fits your needs best. In my case it is “Dedicated Server Mode”:
9. A first pop-up appears, informing you that the database will be restarted:
10. A second pop-up appears, informing you about the database where the operations will be performed:
It is possible that you experience the following errors during this installation:
- ORA-28003: password verification for the specified password failed
- ORA-20001: Password length less than 8
ORA-01917: user or role ‘LBACSYS’ does not exist
This error is due to the fact that Oracle is not compliant with its own security policy:
If you have such an error simply disable the password_very_function as described below:
Once the security policy disabled, you can proceed with the Database Vault installation as explained in the beginning of this blog posting. At the end of the installation please simply reactivate the password verify function as described below:
You should then verify that the password very function really is activated:
I hope this will help you to install Oracle Database Vault successfuly!