DPY-3015: password verifier type 0x1e81 is not supported by python-oracledb in thin mode

[sgpeter1]

This feels like it might be the same thing as several of the other issues mentioned and discussed previously, so I hesitate a bit. The error message is slightly different, though, with a different verifier type mentioned from any of the others.

DPY-3015: password verifier type 0x1e81 is not supported by python-oracledb in thin mode

Are the solutions the same here as the other verifier type issues? Happy to try to work with our DBAs to troubleshoot.

[anthony-tuininga]

@sterlingpetersen, can you indicate what platform you are using? What version of Oracle Database you are using? Also, can you run the following query:

select password_versions from dba_users
where username = 'MY_USER'

where you replace the string 'MY_USER' with the name of the user you were trying to connect as. Thanks!

[sgpeter1]

Platform: Windows-10-10.0.19045-SP0 Oracle Database: 19.19.0.0.0 oracledb.version = 1.4.2

A DBA sent me a screenshot showing password_versions as NULL for me. Checks of other users showed the same. :shrug:

Also got this helpful email.

Our database uses Oracle Internet Directory (OID) for authentication. This method leverages LDAP for users and passwords instead of using locally defined users and passwords. The unsupported verifier type is a common error when connecting certain applications to Oracle databases using OID.

I don’t know what the exact fix is for Python scripts, but you will likely have to include a line in your connection string to indicate the username and password is globally defined (OID) and not local.

We get this same error in SQL Developer, which is resolved by placing this line of text in one of the configuration files: AddVMOption -Doracle.jdbc.thinLogonCapability=o3. Again, I don’t know what the exact line of code should be for Python, but it should be something similar.

[anthony-tuininga]

The thin driver for Python only supports the 11g and 12c password verifiers. Based on your comment about JDBC requiring O3 logon capability -- that is a very old password verifier, even older than the 10g password verifier! I would recommend upgrading the password verifier used if security from the client to server is important. If you either can't or don't want to use a newer password verifier your only option is to enable thick mode.

[anthony-tuininga]

One other thought: perhaps the O3 logon capability is a red herring. It looks like that password verifier is associated with Windows specifically and may be part of a scheme for external (OS) authentication? I don't know enough about that to be able to comment further. Your best option is to enable thick mode for now. Take a look at the documentation for details on how to do that.

[sgpeter1]

Thank you. I was hoping to avoid thick mode, but I'll do that for now.

Based on my own sense of the configuration, I'd also guess it's something to do with an external authentication setup.

I suspect this is also why we can't get the Oracle vscode extension to work. I'd really like to use the current Oracle tooling, especially when onboarding new employees. But alas...

Thanks for your help!

[christianshay]

Hi all, as Sterling contacted me about a similar issue with Oracle Developer Tools for VS Code, I just wanted to add that you can talk to your DBA/OID administrator and ask them to change the verifier being used to a modern one -- one that works with all of the various drivers is SHA512 (0x4815).

[cjbj]

Closing - no update