Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: changing pswds of standard accounts

Re: changing pswds of standard accounts

From: EdStevens <quetico_man_at_yahoo.com>
Date: Mon, 06 Aug 2007 07:52:24 -0700
Message-ID: <1186411944.827856.28820@q75g2000hsh.googlegroups.com> 





On Aug 4, 1:58 am, DA Morgan <damor..._at_psoug.org> wrote:


> EdStevens wrote:

> > On Aug 3, 3:05 pm, DA Morgan <damor..._at_psoug.org> wrote:

> > <snip>

>

> >> I am not aware of a single Oracle password that can not be changed at

> >> will provided you haven't hard coded it into shell scripts and the like.

> >> And if you have fix the scripts.

> >> --

> >> Daniel A. Morgan

> >> University of Washington

> >> damor..._at_x.washington.edu (replace x with u to respond)

> >> Puget Sound Oracle Users Groupwww.psoug.org

>

> > True.  What I'm looking for here is where those hard-coded locations

> > might be for *oracle created* accounts.  I've found documentation on

> > MetaLink for DBSNMP, SYSMAN, and now MGMT_VIEW that require mods to

> > some config files in addition to the simple ALTER USER ....  Just

> > don't want to overlook any.

>

> > Have already locked accounts that the "home office" says are not

> > needed, and turned on session auditing for use of CREATE SESSION on

> > those accounts.

>

> The hard coded locations are irrelevant if you've done the basics.

>

> Set RESOURCE_LIMIT = TRUE in your spfile.

> Alter the default profile to force password complexity.

> Alter the default profile to force password expiration.

> Change every password on an unlocked account.

> Anything that doesn't work ... you'll know why.

>

> Why not look for the hard-coded locations first? Because stupid people

> do stupid things. There is no logic ... there is no rhyme or reason. The

> first responsibility is to protect the data not people's egos.

> --

> Daniel A. Morgan

> University of Washington

> damor..._at_x.washington.edu (replace x with u to respond)

> Puget Sound Oracle Users Groupwww.psoug.org




Actually, I have done all of the above.  What I'm trying to do here is
address a specific internal requirement that *all* passwords be
changed every 'n' days.  The accounts that belong to human users are
taken care of themselves when they log on after the account expires.
Here, I'm addressing the specifically listed accounts created by
Oracle when the db is created.  As mentioned in the original post,
there are some, *such as* DBSNMP, that are known to have special
considerations, and I am simply looking to make sure I don't overlook
other Oracle created accounts that might also have special
considerations but not be as well-known or well-doucmented as is
DBSNMP.

Received on Mon Aug 06 2007 - 09:52:24 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US