Home -> Mailing Lists -> Oracle-L -> RE: Password file timestamp

RE: Password file timestamp

From: Johnson, George <George.Johnson_at_gam.com>
Date: Tue, 21 Jul 2009 08:08:06 +0100
Message-ID: <A4AF649BCC498F47B854200B42DEC119055C9C08_at_MSAS-LDN90P.global.gam.com> 





I have noticed under our Solaris versions 9205, 10 and 11 that if
you change the password of any user, irrespective of SYSDBA grant or
not, the password file gets "touched" and the file timestamp is updated.
I have only observed this on our systems and my Linux test box. Creation
of user doesn't seem to trigger it, but subsequently changing the
password does, even if the user has no grants at all, not even create
session.
 


Here's a sample from a 10.2.0.3:
 
 


BANNER





Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bi



SQL> select name from v$database;
 


NAME





LDND2

 
SQL> !ls -ltr orapwLDND2


-rw-r-----   1 oracle   dba         3584 Jul 21 08:02 orapwLDND2

 


SQL> select to_char(sysdate, 'dd-mon-yyyy hh24:mi') from dual;
 


TO_CHAR(SYSDATE,'





21-jul-2009 08:04
 


SQL> create user gxj3 identified by fred;
 


User created.
 


SQL> select * from v$pwfile_users where username = 'GXJ3';
 


no rows selected



SQL> !ls -ltr orapwLDND2


-rw-r-----   1 oracle   dba         3584 Jul 21 08:02 orapwLDND2

 


SQL> alter user gxj3 identified by fred;
 


User altered.
 


SQL> select to_char(sysdate, 'dd-mon-yyyy hh24:mi') from dual;
 


TO_CHAR(SYSDATE,'





21-jul-2009 08:04
 


SQL> !ls -ltr orapwLDND2


-rw-r-----   1 oracle   dba         3584 Jul 21 08:04 orapwLDND2

 
 


    Rgds






From: oracle-l-bounce_at_freelists.org


[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Ram Raman
Sent: 21 July 2009 03:00


To: Jared Still


Cc: ORACLE-L


Subject: Re: Password file timestamp




Thanks Jared. 
 


We do not execute those commands. It still has changes to the files.
This happens with most prodcution databases. I realize that password
file has information about sysdba users, entries and the password. 




On Mon, Jul 20, 2009 at 7:34 PM, Jared Still <jkstill_at_gmail.com> wrote:




        GRANT|REVOKE SYSDBA|SYSOPER to <USER> would do it. 


	Jared Still
	Certifiable Oracle DBA and Part Time Perl Evangelist
	
	
	
	
	On Mon, Jul 20, 2009 at 4:47 PM, Ram Raman <veeeraman_at_gmail.com>


wrote:
        

                 


                Listers,
                 


                We have auditing enabled via a third party software and
one of the things they are auditing is $OH/dbs/passwordfiles. The
password files seem to get updated and it shows up in the audit reports.

                 


                I am trying to research on what is causing it, but have
been unsuccessful. I came across this one, which does not seem to answer
the question:


http://asktom.oracle.com/pls/asktom/f/f?p=100:11:0::::P11_QUESTION_ID:23
18668671089.


                I tried creating a test user and locking and unlocking
that user, but the password file timestamp did not change in the test
case. I tried a user with DBA privs, that did not change it either.
                 


                Anyone knows what causes the update of the password
files when we dont change the passwords.  
                 


                Version is 10.2.
                 
                


                Ram.
 


 Please consider the environment before printing




This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this email.
Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required.
To the extent this email has been sent to you by any GAM company domiciled in the EU, being GAM (U.K.) Limited, GAM Sterling Management Limited, GAM International Management Limited, GAM London Limited, GAM Fund Management Limited, or GAM Fonds Marketing GmbH i.L., please note the following details in respect of each such company: - GAM (U.K.) Limited (a company limited by shares and registered in England and Wales with company number 01664573); - GAM Sterling Management Limited (a company limited by shares and registered in England and Wales with company number 01750352); - GAM International Management Limited (a company limited by shares and registered in England and Wales with company number 01802911); - GAM London Limited (a company limited by shares and registered in England and Wales with company number with Company Number 00874802) Each of Registered Office: 12 St. James's Place, London, SW1A 1NX
GAM Sterling Management Limited, GAM International Management Limited and GAM London Limited are each authorised and regulated by the Financial Services Authority. GAM Fund Management Limited (a company limited by shares and registered in Ireland with no. 156828) of Registered Office: George's Court 54-62 Townsend Street Dublin 2, Ireland 
GAM Fonds Marketing GmbH, i.L. (a company limited by shares and registered in Germany under No. HRB 66857) of Friedrichstrasse 154, D-10117 Berlin, Germany. The competent Commercial Register is "Amtsgericht Charlottenburg" in Berlin. Liquidator: Daniel Durrer.



--



http://www.freelists.org/webpage/oracle-l
Received on Tue Jul 21 2009 - 02:08:06 CDT












Original text of this message