Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Verifying passwords have been changed in oracle

Re: Verifying passwords have been changed in oracle

From: Kevin Grant <X.Tenag_at_znvyobk.th.rqh.nh>
Date: 10 Nov 2002 22:53:26 GMT
Message-ID: <Xns92C35A6E1AA80KGRANTBNEQLDAU@132.234.250.31> 





sweh_at_spuddy.mew.co.uk (Stephen Harris) wrote in
news:9s3mqa.o5c.ln_at_spuddy.org: 



> Which is why I don't _want_ to attempt to connect as system/manager

> because of the audit logs this would generate.




Stephen,



This may or may not help.  We run a semi regular check on our databases to 
ensure that passwords have not been set to the same as the username.  
PeopelSoft precludes, as far as I'm aware, the use of Oracle's password 
verification precedures.



It is based upon the theory that a given password for a given username will 
encrypt to the same value no matter what the database or OS version. (I've 
tried this on Solaris 7/8/9 & Linux using Oracle 7/8/9).  Eg: The encrypted 
password for KEVIN on a Redhat 7.2 box running Oracle 9.2 is the same as 
the encrypted password for KEVIN on Solaris 2.6 running Oracle 7.3.4.



So maybe you could find out what the default encrypted password for the 
SYSTEM user is and then compare this to the encrypted SYSTEM password in 
the databases that you want to test.  It's a thought...



Kev.
Received on Sun Nov 10 2002 - 16:53:26 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US