Re: changing pswds of standard accounts
- From: ivl5@xxxxxxxxxxx
- Date: Mon, 06 Aug 2007 17:11:02 -0700
On Aug 7, 1:46 am, EdStevens <quetico_...@xxxxxxxxx> wrote:
On Aug 6, 10:12 am, DA Morgan <damor...@xxxxxxxxx> wrote:
EdStevens wrote:
On Aug 4, 1:58 am, DA Morgan <damor...@xxxxxxxxx> wrote:
EdStevens wrote:
On Aug 3, 3:05 pm, DA Morgan <damor...@xxxxxxxxx> wrote:The hard coded locations are irrelevant if you've done the basics.
<snip>
I am not aware of a single Oracle password that can not be changed atTrue. What I'm looking for here is where those hard-coded locations
will provided you haven't hard coded it into shell scripts and the like.
And if you have fix the scripts.
--
Daniel A. Morgan
University of Washington
damor...@xxxxxxxxxxxxxxxx (replace x with u to respond)
Puget Sound Oracle Users Groupwww.psoug.org
might be for *oracle created* accounts. I've found documentation on
MetaLink for DBSNMP, SYSMAN, and now MGMT_VIEW that require mods to
some config files in addition to the simple ALTER USER .... Just
don't want to overlook any.
Have already locked accounts that the "home office" says are not
needed, and turned on session auditing for use of CREATE SESSION on
those accounts.
Set RESOURCE_LIMIT = TRUE in your spfile.
Alter the default profile to force password complexity.
Alter the default profile to force password expiration.
Change every password on an unlocked account.
Anything that doesn't work ... you'll know why.
Why not look for the hard-coded locations first? Because stupid people
do stupid things. There is no logic ... there is no rhyme or reason. The
first responsibility is to protect the data not people's egos.
--
Daniel A. Morgan
University of Washington
damor...@xxxxxxxxxxxxxxxx (replace x with u to respond)
Puget Sound Oracle Users Groupwww.psoug.org
Actually, I have done all of the above. What I'm trying to do here is
address a specific internal requirement that *all* passwords be
changed every 'n' days. The accounts that belong to human users are
taken care of themselves when they log on after the account expires.
Here, I'm addressing the specifically listed accounts created by
Oracle when the db is created. As mentioned in the original post,
there are some, *such as* DBSNMP, that are known to have special
considerations, and I am simply looking to make sure I don't overlook
other Oracle created accounts that might also have special
considerations but not be as well-known or well-doucmented as is
DBSNMP.
Are you using DBSNMP and SYSMAN for anything?
?!?!?!? uh, dbcontrol? OEM?
Sadly: Most likely what yuou are going to end up with is a manual procedure.
.... unless he'll choose to script it of course. You'll have to stick
to manual procedure of course as you aren't scripting any more :)
Yes, but a manual procedure that only has to be performed once every
150 days. Not too onerous.
Well, password change for these particular two accounts can be
scripted.
--
Daniel A. Morgan
University of Washington
damor...@xxxxxxxxxxxxxxxx (replace x with u to respond)
Puget Sound Oracle Users Groupwww.psoug.org
.
- Follow-Ups:
- Re: changing pswds of standard accounts
- From: DA Morgan
- Re: changing pswds of standard accounts
- References:
- changing pswds of standard accounts
- From: EdStevens
- Re: changing pswds of standard accounts
- From: DA Morgan
- Re: changing pswds of standard accounts
- From: EdStevens
- Re: changing pswds of standard accounts
- From: DA Morgan
- Re: changing pswds of standard accounts
- From: EdStevens
- Re: changing pswds of standard accounts
- From: DA Morgan
- Re: changing pswds of standard accounts
- From: EdStevens
- changing pswds of standard accounts
- Prev by Date: Re: changing pswds of standard accounts
- Next by Date: Re: Rainbust your DBA; crack Oracle "system" password in mere minutes
- Previous by thread: Re: changing pswds of standard accounts
- Next by thread: Re: changing pswds of standard accounts
- Index(es):
Relevant Pages
|
Loading
