ORA - 28040 : No matching authentication protocol

Cause

The parameter DB_ALLOWED_LOGON_VERSION has not been set in the remote database.
DB_ALLOWED_LOGON_VERSION is a new parameter introduced in 10g that allows the DBA to explicitly determine which authentication protocols are allowed by the client or database.
The value specified is the earliest client version level supported by this database.
When clients earlier than the specified version attempt to connect, authentication will fail.

Solution

In the init.ora of the remote (Downstream capture) database, set the following : db_allowed_logon_version=10
Note: Bug 2981553, which is implemented in 10.1.0.2, removes the parameter db_allowed_logon_version. This is replaced by the sqlnet.ora parameter called sqlnet_allowed_logon_version.

SQLNET_ALLOWED_LOGON_VERSIONS

Purpose
Use the parameter SQLNET_ALLOWED_LOGON_VERSIONS to specify whichauthentication protocols are allowed
by the client or database. If the client and database server do not have at least one matching version, then
authentication fails with an error.

Allowed Values

■ 10 for Oracle Database 10g authentication protocols

Note: Additional protocols might support this parameter on certain operating systems. Refer to operating-system specific
documentation for information about additional protocols that support this parameter.

See Also: Oracle Database Net Services Administrator's Guide for information about configuring this parameter

See Also: Oracle Database Advanced Security Administrator's Guide

Profile Parameters
Profile Parameters (sqlnet.ora) 5-7

■ 9 for Oracle9i authentication protocols
■ 8 for Oracle8 authentication protocols
■ 7.3 for Oracle 7.3 authentication protocols

Any value other than 10 could expose vulnerabilities that may have existed in previous version of the authentication protocols. For complete compatibility, set the list of allowable versions for logon to include all versions of database in the system.

Default

10, 9, 8

Example

If both Oracle 8.1.7 and Oracle9i databases are present, then set the parameter as follows:

SQLNET_ALLOWED_LOGON_VERSIONS=(10,9,8)