| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: changing pswds of standard accounts
On Aug 6, 10:12 am, DA Morgan <damor..._at_psoug.org> wrote:
> EdStevens wrote:
> > On Aug 4, 1:58 am, DA Morgan <damor..._at_psoug.org> wrote:
> >> EdStevens wrote:
> >>> On Aug 3, 3:05 pm, DA Morgan <damor..._at_psoug.org> wrote:
> >>> <snip>
> >>>> I am not aware of a single Oracle password that can not be changed at
> >>>> will provided you haven't hard coded it into shell scripts and the like.
> >>>> And if you have fix the scripts.
> >>>> --
> >>>> Daniel A. Morgan
> >>>> University of Washington
> >>>> damor..._at_x.washington.edu (replace x with u to respond)
> >>>> Puget Sound Oracle Users Groupwww.psoug.org
> >>> True. What I'm looking for here is where those hard-coded locations
> >>> might be for *oracle created* accounts. I've found documentation on
> >>> MetaLink for DBSNMP, SYSMAN, and now MGMT_VIEW that require mods to
> >>> some config files in addition to the simple ALTER USER .... Just
> >>> don't want to overlook any.
> >>> Have already locked accounts that the "home office" says are not
> >>> needed, and turned on session auditing for use of CREATE SESSION on
> >>> those accounts.
> >> The hard coded locations are irrelevant if you've done the basics.
>
> >> Set RESOURCE_LIMIT = TRUE in your spfile.
> >> Alter the default profile to force password complexity.
> >> Alter the default profile to force password expiration.
> >> Change every password on an unlocked account.
> >> Anything that doesn't work ... you'll know why.
>
> >> Why not look for the hard-coded locations first? Because stupid people
> >> do stupid things. There is no logic ... there is no rhyme or reason. The
> >> first responsibility is to protect the data not people's egos.
> >> --
> >> Daniel A. Morgan
> >> University of Washington
> >> damor..._at_x.washington.edu (replace x with u to respond)
> >> Puget Sound Oracle Users Groupwww.psoug.org
>
> > Actually, I have done all of the above. What I'm trying to do here is
> > address a specific internal requirement that *all* passwords be
> > changed every 'n' days. The accounts that belong to human users are
> > taken care of themselves when they log on after the account expires.
> > Here, I'm addressing the specifically listed accounts created by
> > Oracle when the db is created. As mentioned in the original post,
> > there are some, *such as* DBSNMP, that are known to have special
> > considerations, and I am simply looking to make sure I don't overlook
> > other Oracle created accounts that might also have special
> > considerations but not be as well-known or well-doucmented as is
> > DBSNMP.
>
> Are you using DBSNMP and SYSMAN for anything?
?!?!?!? uh, dbcontrol? OEM?
>
> Sadly: Most likely what yuou are going to end up with is a manual procedure.
Yes, but a manual procedure that only has to be performed once every 150 days. Not too onerous.
> --
> Daniel A. Morgan
> University of Washington
> damor..._at_x.washington.edu (replace x with u to respond)
> Puget Sound Oracle Users Groupwww.psoug.org
Received on Mon Aug 06 2007 - 10:46:49 CDT
 |
 |