Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> Re: changing pswds of standard accounts

Re: changing pswds of standard accounts

From: EdStevens <>
Date: Mon, 06 Aug 2007 07:37:10 -0700
Message-ID: <>

On Aug 3, 12:42 pm, wrote:
> On Fri, 03 Aug 2007 08:24:10 -0700, EdStevens <>
> wrote:
> >Platform: Ora EE on HP-UX
> >We have a directive to change *all* passwords every 150 days, so I am
> >looking at all of the Oracle 'standard' accounts. I know there are
> >special considerations for DBSNMP and SYSMAN. Looking at MetaLink
> >note 160861.1 and some of the links from there, I'm getting a mixed
> >bag of suggestions on the others -- usually either a simple change
> >with no real effect, to vague descriptions of what the account is for
> >and no mention of considerations for password changes.
> >Here are the accounts in question, that exist on our system:
> >MDSYS (oddly, MDDATA and CTXSYS, which seem to be associated, do not
> >exist)
> >XDB
> >DIP
> >I'm not even sure the features associated with some of these are even
> >being used, but my question here is do any of these pose problems with
> >changing the passwords (like exist for DBSMNP - password is baked into
> >some other files or procedures) or can they simply be changed like any
> >other user account?
> >Thanks.
> http://www.petefinnigan.comor'Project Lockdown' by Arup Nanda.
> According to him tne dbsnmp password is not in procedures, don't knwo
> where you got that fairy tale from.
> --
> Sybrand Bakker
> Senior Oracle DBA

I didn't say the DBSNMP password (specifically) was in a procedure (specifically), so no, I wasn't buying into a fairy tale.

What I *did* do was reference DBSNMP as an example of a password that required special consideration when changing it. I then said that such special considerations might be due to the passwords begin baked into "other files *or* procedures" (emphasis not in original quote).

As a matter of fact, the DBSNMP password *is* contained in $ORACLE_HOME/<host_sid>/sysman/emd/targets.xml, albeit in encrypted form. The process for changing it is described in MetaLink note 259387.1. Similar procedures exist for SYSMAN (note 259379.1). It is these notes that caused me to seek additional information on other standard usernames.

But thanks for the references. Received on Mon Aug 06 2007 - 09:37:10 CDT

Original text of this message