1. Enterprise User Security Administrator's Guide
  2. Changes in This Release for Oracle Database Enterprise User Security Administrator's Guide

Changes in This Release for Oracle Database Enterprise User Security Administrator's Guide

This preface contains the changes in this book for Oracle Database 23ai.

Deprecated Features

This section lists the deprecated features in Oracle Database 23ai.

Deprecation of the mkstore wallet management command line tool

The mkstore wallet management command line tool is deprecated with Oracle Database 23ai, and can be removed in a future release.

To manage wallets, Oracle recommends that you use the orapki command line tool.

Deprecation of Enterprise User Security (EUS)

Enterprise User Security (EUS) is deprecated with Oracle Database 23ai.

Oracle recommends that you migrate to using Centrally Managed Users (CMU). This feature enables you to directly connect with Microsoft Active Directory without an intervening directory service for enterprise user authentication and authorization to the database. If your Oracle Database is in the cloud, you can also choose to move to one of the newer integrations with a cloud identity provider.

Deprecation of Oracle Virtual Directory with Real Application Security

The use of Oracle Virtual Directory with Oracle Real Application Security is deprecated with Oracle Database 23ai.

Using OVD with Oracle Real Application Security is deprecated, because OVD is no longer updated as a separate product

Desupported Features

This section lists the desupported features in Oracle Database release 23ai release.

Desupport of Diffie-Hellman Anonymous Ciphers

The use of Diffie-Hellman anonymous ciphers (DH anon) is desupported with Oracle Database 23ai for both outbound connections and for database client/server connections.

Removing the DH anon ciphers improves the security for Oracle Database connections.

Desupport of Unix Crypt (or MD5crypt) Password Verifier

The Unix Crypt (MD5crypt) password verifier algorithm is desupported in Oracle Database 23ai server and clients.

Enterprise User Security (EUS) customers with users in Oracle Internet Directory (OID) potentially can be using older, less secure password verifiers generated by Unix Crypt, either by OID, or by the operating system, before they were migrated to OID. Compared to current methods to hash the password, Unix Crypt is a less secure algorithm. Oracle Database can no longer authenticate EUS or OID users with the older password verifiers. Oracle recommends that you reset passwords in OID now, using newer, more secure hashing algorithms.

Desupport of Oracle Database 10G Password Verifier

Starting with Oracle Database 23ai, the 10G database password verifier is desupported.

The database password verifier for Oracle Database 10g, 10G is no longer supported or available on Oracle Database 23ai. Refer to the database upgrade guide preinstallation chapters for information about how to identify the Oracle Database 10G database password verifiers, and how to update the database user to use the latest and most secure database password verifier cryptography.

Desupport of Oracle Wallet Manager (OWM)

Starting with Oracle Database 23ai, the Oracle Wallet Manager (OWM) is desupported.

Oracle recommends using the orapki command line tool to replace OWM.

Desupport of Enterprise User Security User Migration Utility

Starting with Database 23ai, the User Migration Utility (UMU) part of Enterprise User Security (EUS) is desupported.

There is no workaround.