This is ok, as the sqlnet.ora settings will not allow those less secure hash values to be used for authentication. This will set the password of the database account named emuser to newpassword. What privileges do I need to change the password of sys in an Oracle Database Ask Question Asked 2 years, 9 months ago Modified 2 years, 9 months ago Viewed 3k times 0 Our identity management tool wants to change the sys password regularly. There will be users that still show "10G" or other obsolete password versions for some amount of time after you set the sqlnet.ora parameters. Note: you will need to use (quotes) around the passwords. DBA Job Interview Questions and Answers - We have lost the sa password, what can. When the final minimum values for the sqlnet.ora parameters are set, obsolete hash values will be deleted automatically whenever a user changes their password. ![]() From the manual MAXBYTES - User's quota in bytes, or -1 if no limit Example: SQLPlus: Release 12.1.0.2.0 Production on Tue Oct 18 10:35:29 2016 Copyright (c) 1982, 2014, Oracle. Once all of your users have the minimum level of hash that you require, set the sqlnet.allowed_logon_version_client and sqlnet.allowed_logon_version_server parameter on your server as described here ( ) to enforce that minimum level of authentication protocol usage going forward. Most users can change their own passwords with the SQLPlus PASSWORD command or the ALTER USER SQL statement. 1 Answer Sorted by: 8 DBATSQUOTAS also contains information on the assigned quota, even if the user did not create any tables. When the users log in, they are prompted to change their passwords. For example: ALTER USER username PASSWORD EXPIRE Ask the users whose passwords you expired to log in. ![]() You will have to use your best judgement on how to force each user to change their password. You must expire the users who have only the 10G password version, and do not have one or both of the 11G or 12C password versions. Assuming that they have clients like sqlplus that support handling expired passwords, you can force users to do it themselves by expiring their accounts with ALTER USER username PASSWORD EXPIRE Īs warned however, not all client applications can handle this and may just prevent the user from logging in entirely. You cannot do it for them without knowing what the actual password was (knowing the 10G hash will not help). If there are in fact users with only a 10G hash as shown above, then they must reset their password to have Oracle create valid hashes for 11G or 12C authentication protocols. ![]() If they also have 11G or 12C (or whatever is the minimum level you desire them to have) then there is no need to change or update individual users - just skip to setting the sqlnet.ora parameters described below to enforce the minimum authentication protocol usage you desire.Ĭheck your password hash versions for each user with this query: select username, password_versions from dba_users order by 2 If you have logged in with DBA privileges, you can change the password. The exercise of updating the password hash that you reference is only necessary if you have users that only have a 10G password hash. You can change your Oracle Database account password in the Change Password screen.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |