Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Troubles with changing password for SYS in password file

Re: Troubles with changing password for SYS in password file

From: mariok <mario.kackovic_at_gmail.com>
Date: Sat, 8 Dec 2007 14:25:33 -0800 (PST)
Message-ID: <1c4ef028-17dd-439f-8a7e-9ec8659cefef@t1g2000pra.googlegroups.com> 





On 7. Dec., 23:04 h., sybra..._at_hccnet.nl wrote:


> On Fri, 7 Dec 2007 04:33:31 -0800 (PST), mariok

>

>

>

>

>

> <mario.kacko..._at_gmail.com> wrote:

> >On 7. Dec., 11:43 h., sybrandb <sybra..._at_gmail.com> wrote:

> >> On Dec 6, 7:09 pm, mariok <mario.kacko..._at_gmail.com> wrote:

>

> >> > Extract from manual tells:

>

> >> > "If you issue the ALTER USER statement to change the password for SYS

> >> > after connecting to the database, both the password stored in the data

> >> > dictionary and the password stored in the password file are updated,

> >> > but..."

>

> >> > on my O10gR2 database it works as follows:

>

> >> > 18:37:15 SQL> conn sys/oracle_at_orcl as sysdba

> >> > Connected.

> >> > 18:46:27 SQL> select username, password  from dba_users  where

> >> > username='SYS';

>

> >> > USERNAME        PASSWORD


> >> > --------------- ------------------------------

> >> > SYS             8A8F025737A9097A


>

> >> > 18:48:12 SQL> alter user sys identified by ora;

>

> >> > User altered.

>

> >> > 18:48:59 SQL> select username, password  from dba_users  where

> >> > username='SYS';

>

> >> > USERNAME        PASSWORD


> >> > --------------- ------------------------------

> >> > SYS             03EA201D12FA4679


>

> >> > 18:49:02 SQL> conn sys/ora_at_orcl as sysdba

> >> > Connected.

> >> > 18:49:17 SQL> alter user sys identified by values

> >> > '8A8F025737A9097A';      !!! password is oracle  !!!

>

> >> > User altered.

>

> >> > 18:50:21 SQL> conn sys/oracle_at_orcl as sysdba

> >> > ERROR:


> >> > ORA-01031: insufficient privileges              !!! I cannot connect

> >> > because password isn't changed in passwordfile !!!

>

> >> > Warning: You are no longer connected to ORACLE.

> >> > 18:50:31 SQL> conn sys/ora_at_orcl as sysdba

> >> > Connected.

> >> > 18:51:14 SQL> alter user sys identified by oracle;

>

> >> > User altered.

>

> >> > 18:51:25 SQL> select username, password from dba_users where

> >> > username='SYS';

>

> >> > USERNAME        PASSWORD


> >> > --------------- ------------------------------

> >> > SYS             8A8F025737A9097A


>

> >> > 18:51:34 SQL> conn sys/oracle_at_orcl as sysdba

> >> > Connected.

> >> > 18:51:49 SQL> disc

> >> > Disconnected from Oracle Database 10g Enterprise Edition Release

> >> > 10.2.0.1.0 - Production

> >> > With the Partitioning, OLAP and Data Mining options

>

> >> > So, my conclusion (is that truth?):

>

> >> > I can change password for sys in password file with "alter user sys

> >> > identified by <passwd>" statement, but

> >> > I cannot do that with "alter user sys identified by values '<hash>' "

> >> > statement.

>

> >> > Is there anybody who can tell me how to change  password for sys in

> >> > password file without providing the password itself?

>

> >> IMO disallowing alter user identified by values for SYS is a very good

> >> idea of Oracle.

> >> If you would allow this this would mean anyone can override the SYS

> >> password.

> >> So actually I don't see the problem, or you must be changing your SYS

> >> password on a crowded public place like St Peter's Square.

>

> >> --

> >> Sybrand Bakker

> >> Senior Oracle DBA- Skry? citovaný text -

>

> >> - Zobrazi? citovaný text -

>

> >Thanks for reply

>

> >But I only wanted to know if there is any way how to change password

> >for sys except "alter user" statement or orapwd utility because of

> >unencrypted password.

>

> >Mario K.

>

> I don't see the problem.

> Do you have 100 people looking over your shoulder?

> Do you work on St. Peters Square?

> In front of1600 Pennsylviana Avenue?

> If so or if you are a really slow typist, try connecting as SYS and

> use the password command, or write a SQL script using the ACCEPT

> command with the HIDE clause and the ALTER user command

> For the ACCEPT command seehttp://download.oracle.com/docs/cd/B19306_01/server.102/b14357/ch1200...

>

> Hopefully you didn't hardcode the SYS  password in all of your

> scripts.

>

> Hth

>

> --

> Sybrand Bakker

> Senior Oracle DBA- Skryť citovaný text -

>

> - Zobraziť citovaný text -




Thanks for reply, once more



But  the ACCEPT command isn't the issue.



I have to make this clear:


There are more then 100-databases on more then 50-servers in my
company.


My duty is to change passwords for more then 1000 database
users(schemas, actually) including user SYS on a regular basis.
I cannot do that by typing passwords. I have to automate this process
and therefore I want to use "alter user <usr> identified by values
'<hash>'" statement.


But user SYS is the issue.



Mario K.
Received on Sat Dec 08 2007 - 16:25:33 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US