Re: Troubles with changing password for SYS in password file

From: sybrandb <sybrandb_at_gmail.com>
Date: Fri, 7 Dec 2007 02:43:33 -0800 (PST)
Message-ID: <1d0de8a7-7e04-4f9c-aa9f-0890d360057e@r60g2000hsc.googlegroups.com>

On Dec 6, 7:09 pm, mariok <mario.kacko..._at_gmail.com> wrote:
> Extract from manual tells:
>
> "If you issue the ALTER USER statement to change the password for SYS
> after connecting to the database, both the password stored in the data
> dictionary and the password stored in the password file are updated,
> but..."
>
> on my O10gR2 database it works as follows:
>
> 18:37:15 SQL> conn sys/oracle_at_orcl as sysdba
> Connected.
> 18:46:27 SQL> select username, password from dba_users where
> username='SYS';
>
> USERNAME PASSWORD
> --------------- ------------------------------
> SYS 8A8F025737A9097A
>
> 18:48:12 SQL> alter user sys identified by ora;
>
> User altered.
>
> 18:48:59 SQL> select username, password from dba_users where
> username='SYS';
>
> USERNAME PASSWORD
> --------------- ------------------------------
> SYS 03EA201D12FA4679
>
> 18:49:02 SQL> conn sys/ora_at_orcl as sysdba
> Connected.
> 18:49:17 SQL> alter user sys identified by values
> '8A8F025737A9097A'; !!! password is oracle !!!
>
> User altered.
>
> 18:50:21 SQL> conn sys/oracle_at_orcl as sysdba
> ERROR:
> ORA-01031: insufficient privileges !!! I cannot connect
> because password isn't changed in passwordfile !!!
>
> Warning: You are no longer connected to ORACLE.
> 18:50:31 SQL> conn sys/ora_at_orcl as sysdba
> Connected.
> 18:51:14 SQL> alter user sys identified by oracle;
>
> User altered.
>
> 18:51:25 SQL> select username, password from dba_users where
> username='SYS';
>
> USERNAME PASSWORD
> --------------- ------------------------------
> SYS 8A8F025737A9097A
>
> 18:51:34 SQL> conn sys/oracle_at_orcl as sysdba
> Connected.
> 18:51:49 SQL> disc
> Disconnected from Oracle Database 10g Enterprise Edition Release
> 10.2.0.1.0 - Production
> With the Partitioning, OLAP and Data Mining options
>
> So, my conclusion (is that truth?):
>
> I can change password for sys in password file with "alter user sys
> identified by <passwd>" statement, but
> I cannot do that with "alter user sys identified by values '<hash>' "
> statement.
>
> Is there anybody who can tell me how to change password for sys in
> password file without providing the password itself?

IMO disallowing alter user identified by values for SYS is a very good idea of Oracle.
If you would allow this this would mean anyone can override the SYS password.
So actually I don't see the problem, or you must be changing your SYS password on a crowded public place like St Peter's Square.

--
Sybrand Bakker
Senior Oracle DBA

Received on Fri Dec 07 2007 - 04:43:33 CST