Changes in This Release for Oracle Database Enterprise User Security Administrator's Guide
This preface contains the changes in this book for Oracle Database 23ai.
Deprecated Features
This section lists the deprecated features in Oracle Database 23ai.
Deprecation of Enterprise User Security (EUS)
Enterprise User Security (EUS) is deprecated with Oracle Database 23ai.Oracle recommends that you migrate to using Centrally Managed Users (CMU). This feature enables you to directly connect with Microsoft Active Directory without an intervening directory service for enterprise user authentication and authorization to the database. If your Oracle Database is in the cloud, you can also choose to move to one of the newer integrations with a cloud identity provider.
Deprecation of the mkstore wallet management command line tool
Themkstore wallet management command line tool is deprecated with Oracle Database 23ai, and can be removed in a future release.To manage wallets, Oracle recommends that you use the orapki command line tool.
Deprecation of Oracle Virtual Directory with Real Application Security
The use of Oracle Virtual Directory with Oracle Real Application Security is deprecated with Oracle Database 23ai.Using OVD with Oracle Real Application Security is deprecated, because OVD is no longer updated as a separate product
85970-47 Deprecation of SSL External Users Conversion Script
The SSL external users conversion scriptEXTUSRUPGRADE is deprecated in Oracle Database 23ai.
The
extusrupgrade script converted SSL-authenticated external users
in Oracle Database releases earlier than Oracle Database 10g Release 2 (10.2) into
SSL-authenticated external users formats used with Oracle Database 12c Release 1
(12.1) and later releases. There is no longer a relevant upgrade path for using this
script.
Desupported Features
This section lists the desupported features in Oracle Database release 23ai release.
Desupport of Diffie-Hellman Anonymous Ciphers
The use of Diffie-Hellman anonymous ciphers (DH anon) is desupported with Oracle Database 23ai for both outbound connections and for database client/server connections.Removing the DH anon ciphers improves the security for Oracle Database connections.
Desupport of Unix Crypt (or MD5crypt) Password Verifier
The Unix Crypt (MD5crypt) password verifier algorithm is desupported in Oracle Database 23ai server and clients.Enterprise User Security (EUS) customers with users in Oracle Internet Directory (OID) potentially can be using older, less secure password verifiers generated by Unix Crypt, either by OID, or by the operating system, before they were migrated to OID. Compared to current methods to hash the password, Unix Crypt is a less secure algorithm. Oracle Database can no longer authenticate EUS or OID users with the older password verifiers. Oracle recommends that you reset passwords in OID now, using newer, more secure hashing algorithms.
Desupport of Oracle Database 10G Password Verifier
Starting with Oracle Database 23ai, the 10G database password verifier is desupported. The database password verifier for Oracle Database 10g, 10G is no longer supported or available on Oracle Database 23ai. Refer to the database upgrade guide preinstallation chapters for information about how to identify the Oracle Database 10G database password verifiers, and how to update the database user to use the latest and most secure database password verifier cryptography.
Desupport of Oracle Wallet Manager (OWM)
Starting with Oracle Database 23ai, the Oracle Wallet Manager (OWM) is desupported.Oracle recommends using the orapki command line tool to replace OWM.
Desupport of Enterprise User Security User Migration Utility
Starting with Database 23ai, the User Migration Utility (UMU) part of Enterprise User Security (EUS) is desupported.There is no workaround.