EdStevens wrote:
> On Aug 4, 1:58 am, DA Morgan <damor..._at_psoug.org> wrote:
>> EdStevens wrote:
>>> On Aug 3, 3:05 pm, DA Morgan <damor..._at_psoug.org> wrote:
>>> <snip>
>>>> I am not aware of a single Oracle password that can not be changed at
>>>> will provided you haven't hard coded it into shell scripts and the like.
>>>> And if you have fix the scripts.
>>>> --
>>>> Daniel A. Morgan
>>>> University of Washington
>>>> damor..._at_x.washington.edu (replace x with u to respond)
>>>> Puget Sound Oracle Users Groupwww.psoug.org
>>> True. What I'm looking for here is where those hard-coded locations
>>> might be for *oracle created* accounts. I've found documentation on
>>> MetaLink for DBSNMP, SYSMAN, and now MGMT_VIEW that require mods to
>>> some config files in addition to the simple ALTER USER .... Just
>>> don't want to overlook any.
>>> Have already locked accounts that the "home office" says are not
>>> needed, and turned on session auditing for use of CREATE SESSION on
>>> those accounts.
>> The hard coded locations are irrelevant if you've done the basics.
>>
>> Set RESOURCE_LIMIT = TRUE in your spfile.
>> Alter the default profile to force password complexity.
>> Alter the default profile to force password expiration.
>> Change every password on an unlocked account.
>> Anything that doesn't work ... you'll know why.
>>
>> Why not look for the hard-coded locations first? Because stupid people
>> do stupid things. There is no logic ... there is no rhyme or reason. The
>> first responsibility is to protect the data not people's egos.
>> --
>> Daniel A. Morgan
>> University of Washington
>> damor..._at_x.washington.edu (replace x with u to respond)
>> Puget Sound Oracle Users Groupwww.psoug.org
>
> Actually, I have done all of the above. What I'm trying to do here is
> address a specific internal requirement that *all* passwords be
> changed every 'n' days. The accounts that belong to human users are
> taken care of themselves when they log on after the account expires.
> Here, I'm addressing the specifically listed accounts created by
> Oracle when the db is created. As mentioned in the original post,
> there are some, *such as* DBSNMP, that are known to have special
> considerations, and I am simply looking to make sure I don't overlook
> other Oracle created accounts that might also have special
> considerations but not be as well-known or well-doucmented as is
> DBSNMP.
Are you using DBSNMP and SYSMAN for anything?
Sadly: Most likely what yuou are going to end up with is a manual procedure.
--
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org
Received on Mon Aug 06 2007 - 10:12:12 CDT
