On Aug 3, 12:58 pm, NetComrade <netcomradeNS..._at_bookexchange.net>
wrote:
> On Fri, 03 Aug 2007 08:24:10 -0700, EdStevens <quetico_..._at_yahoo.com>
> wrote:
>
>
>
> >Platform: Ora EE 10.2.0.2.0 on HP-UX
>
> >We have a directive to change *all* passwords every 150 days, so I am
> >looking at all of the Oracle 'standard' accounts. I know there are
> >special considerations for DBSNMP and SYSMAN. Looking at MetaLink
> >note 160861.1 and some of the links from there, I'm getting a mixed
> >bag of suggestions on the others -- usually either a simple change
> >with no real effect, to vague descriptions of what the account is for
> >and no mention of considerations for password changes.
>
> >Here are the accounts in question, that exist on our system:
>
> >MGMT_VIEW
>
> >MDSYS (oddly, MDDATA and CTXSYS, which seem to be associated, do not
> >exist)
> >ORDSYS
> >ORDPLUGINS
> >SI_INFORMTN_SCHEMA
> >WMSYS
> >ANONYMOUS
> >XDB
> >EXFSYS
> >DIP
> >TSMSYS
>
> >I'm not even sure the features associated with some of these are even
> >being used, but my question here is do any of these pose problems with
> >changing the passwords (like exist for DBSMNP - password is baked into
> >some other files or procedures) or can they simply be changed like any
> >other user account?
>
> Why can't you determine if they're being used (via audit?) and just
> lock the accounts
> .......
> We run Oracle 9iR2,10gR1/2 on RH4/RH3 and Solaris 10 (Sparc)
> remove NSPAM to email
Already done that, but there is a management requirement that I may
not be able to negotiate away. This is a government system, and often
there are security requirements that have to be adhered to whether
they make sense or not. You and I know a locked account cannot be
accessed, but try explaining that to the bureaucrat that wrote the
regulation, or the ones charged with enforcing it.
Received on Fri Aug 03 2007 - 15:10:49 CDT
