Alter user identified by values
I use the following method for connecting as different users for test purposes:
- select the encrypted password from dba_users
- temporarily change their password,
- connect using a temporary password,
- reset their original password using the encrypted value.
The last step is achieved by the 'alter user identified by values ..' syntax.
However, I have now found that if the user has a profile with password complexity verification, this always seems to fail.
Appending the new 9.2 REPLACE <old_password> does not make any difference,
and in any case that should not be needed if being done with alter any user privilege.
Has anyone found a way around this ?
The bad news is that on a 9.2 database I got the error:
SQL> alter user a identified by values 'FD7C3F4E0D2D2A65' ;
alter user a identified by values 'FD7C3F4E0D2D2A65'
ERROR at line 1:
ORA-28003: password verification for the specified password failed
SQL>the good news is that on a 10.2 database it worked:
SQL> alter user a identified by values 'FD7C3F4E0D2D2A65' ;
User altered.
SQL>
Similar Messages
-
11g create user identified by values?
In version 10g and under we could easily migrate users (including the password) from one database to another using:
CREATE USER scott IDENTIFIED BY VALUES '{encrypted password}' ...blah, blah...
What is the 11g equivalent of this command which would allow me to migrate users from one 11g database to another?
Is datapump the ONLY option?Thanks to both, I did suspect spare4 was the encrypted password but what threw me off was the reference manual does not show the "BY VALUES" option in the "ALTER USER" syntax -- which actually what I needed. The users are already created and I want to synchronize the password with another db.
;) -
Alter user system identified by manager; need help
SQL> connect /as sysdba;
Connected.
SQL> alter user system account unlock;
User altered.
SQL> alter user system identified by manager;
User altered.
SQL> connect system/manager@q17als;
ERROR:
ORA-28000: the account is locked
Warning: You are no longer connected to ORACLE.can you try do to the connect system/manager without
putting the @q17als on it?
I bet it will work
Well that one should work, although it may not connect to the right database.
What may have happened is he logged in to a different database using "/as sysdba" and unlocked SYSTEM account there. Therefore connecting as system without using an alias would work (if the password is manager).
the net service name for q17als probably uses different database in its connect descriptor. We can see that if we know what connect descriptor for q17als looks like. (tnsping q17als or checking tnsnames.ora)
I agree with the earlier posts - I think you are
dealing with two different databasesThat is what I am trying to prove as well -
ALTER USER를 실행한 사용자를 확인하는 방법(SYSTEM EVENT TRIGGER)
제품 : ORACLE SERVER
작성날짜 : 2002-11-07
ALTER USER를 실행한 사용자를 확인하는 방법(SYSTEM EVENT TRIGGER)
================================================================
PURPOSE
자신이나 또는 다른 user들의 password를 바꾸는 등의 alter user command를
사용한 사용자를 확인하는 방법을 알아보자.
Explanation & Example
1. 사용자 정보를 저장할 event table을 생성한다.
Create event table and users to store the alterations made:
SQL> connect / as sysdba;
create table event_table
ora_sysevent varchar2(20),
ora_login_user varchar2(30),
ora_instance_num number,
ora_database_name varchar2(50),
ora_dict_obj_name varchar2(30),
ora_dict_obj_type varchar2(20),
ora_dict_obj_owner varchar2(30),
timestamp date
create user test1 identified by test1;
grant create session, alter user to test1;
create user test2 identified by test2;
grant create session to test2;
2. SYS user에서 AFTER ALTER Client Event Trigger 를 생성한다.
Note: This step creates a trigger and it is fired whenever the user "test1"
issues ALTER command (It can be ALTER USER or ALTER TABLE)
SQL> CREATE or REPLACE TRIGGER after_alter AFTER ALTER on database
BEGIN
IF (ora_dict_obj_type='USER') THEN
insert into event_table
values (ora_sysevent,
ora_login_user,
ora_instance_num,
ora_database_name,
ora_dict_obj_name,
ora_dict_obj_type,
ora_dict_obj_owner,
sysdate);
END IF;
END;
3. test1 user로 접속한 후 test2 user의 password를 변경하는 작업을 실행한다.
SQL> connect test1/test1
SQL> alter user test2 identified by foo;
4. test2 user의 password가 test1 user에 의해 변경되면 그런 내용을
event_table 에서 확인할 수 있다.
Now that we have altered the "test2" user password from user "test1", the
event_table should have captured this details.
Now Login in as sys and Query on event_table:
SQL> connect / as sysdba;
SQL> select * from event_table;
ORA_SYSEVENT ORA_LOGIN_USER ORA_INSTANCE_NUM
ORA_DATABASE_NAME
ORA_DICT_OBJ_NAME ORA_DICT_OBJ_TYPE
ORA_DICT_OBJ_OWNER TIMESTAMP
ALTER TEST1 1
T901.IDC.ORACLE.COM
TEST2 USER
13-JUN-02
event_table의 내용을 조회하여 LOGIN_USER와 ALTERED USER 는
ORA_LOGIN_USER와 ORA_DICT_OBJ_NAME column을 통해 확인할 수 있다.
비슷한 방법으로 아래의 event에서 trigger를 생성하여 확인할 수 있다.
1) BEFORE DROP
2) AFTER DROP
3) BEFORE ANALYZE
4) AFTER ANALYZE
5) BEFORE DDL
6) AFTER DDL
7) BEFORE TRUNCATE
8) AFTER TRUNCATE
Related Documents
Oracle Application Developer's Guide -
Hello there,
I have written this sql script, & i get errors when i execute it.
I want to enter uid only once. How can i do it?
DECLARE
l_uid dba_users.username%TYPE;
BEGIN
EXECUTE IMMEDIATE 'ALTER USER &uid IDENTIFIED BY testpwd' returning uid into l_uid;
EXECUTE IMMEDIATE 'CREATE PROFILE test_proffile LIMIT PASSWORD_LIFE_TIME 1/1440 PASSWORD_GRACE_TIME 0';
EXECUTE IMMEDIATE 'ALTER USER l_uid PROFILE test_proffile';
END;
thanks a lotWhy not assign a value to l_uid when you're declaring it? Something like
l_uid dba_users.username%TYPE := '&username';You'll need to concatenate that value into the EXECUTE IMMEDIATE strings.
btw the current version will have problems the second time you run it because the profile you created will already exist.
Also it's not a SQL script, it's a PL/SQL block. -
Using alter user to change oracle password for logged in web user on XE
Hi All
I'm building an app using the pl/sql web toolkit on XE (installed on Win XP Pro SP2). (I'm not using the APEX front-end).
I'm using basic authentication and oracle database user accounts, and when a user registers for the first time I create them an oracle user account with dynamic sql, followed by some initial setup stuff, and they then log in with it.
All fine so far.
However I want to allow the user to change their oracle password as part of maintaining their user details. I've done this in the past using the web toolkit and Oracle 9i and it has worked fine using dynamic sql.
Unfortunately I can't get the same thing to work in XE.
For example, if I create the following procedure in the schema aligned to the DAD which holds my application and then run it from a browser (IE or Firefox) then the
Browser and the db just hangs - not even an error message:
CREATE OR REPLACE PROCEDURE ut
AS
v_stmt varchar2(300);
BEGIN
HTP.htmlOpen;
HTP.headOpen;
HTP.title ('User Test');
HTP.headClose;
HTP.bodyOpen;
v_stmt := 'alter user "'||user||'" identified by "BERT"';
htp.print(v_stmt);
EXECUTE IMMEDIATE v_stmt;
htp.print('Done');
HTP.bodyClose;
HTP.htmlClose;
END;
If I run the same statement in SQL*plus it's fine, and if I run the same proc for a different user then it's fine too.
I'm sure it's something to do with trying to change the credentials of the currently logged in user, but I would at least have expected an error message.
I'd be grateful for any ideas.
Thanks
SteveHi g.myers
Thanks for your response.
Sorry, yes, bad turn of phrase there. It's not the entire db that hangs. The web browser (either IE or FF) hangs, and if I look at v$session at this point, I can see that the user STATUS=ACTIVE and the STATE=WAITING.
I should also point out that I am using standard Oracle users as users of the application, (e.g. create a new user account called TESTER1). These users are then granted the appropriate privileges on the owning schema in order to run the app, access the tables etc.
Therefore it is the user account (e.g. TESTER1) that is running the password change procedure that is owned by the SYS schema. (However again, this is the exact code and method that I've used in the past and it has worked fine).
If I leave the browser hanging long enough, it will eventually return with the following error:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request POST /h/hopapp.pwdmaint_do.
Reason: Error reading from remote server
cheers
Steve -
SSO and Form 10g, Setting RAD of OID for DB users identified externally
Please Help!
Current environment:
- All users were created with identified externally in Database (OPS$)
- SSO was setup correctly according to OID admin guide Ch 43 and SSO admin guide ch 8 for App10g. (user login orasso without seeing basic auth/sso login form)
- DB parameters:
remote_os_authent=TRUE
os_authent_prefix=' '
issues:
- set ssoDynamicResourceCreate = true
When user hit the form link, i.e. http://host:port/forms90/f90servlet?config=test&form=appwelcome
it redirects to http://host:7777/oiddas/ui/oracle/ldap/das/mypage/AppCreateResourceInfo?...
where it shows Resource Name TEST and prompts username/password/database
when user inputs window logon /password/database value (same as in form6i)
it returns ORA-01017: invalid username/password; logon denied.
- set ssoDynamicResourceCreate = false
manually set RAD for the end user (I am not sure if I am doing this correctly):
Name = test
TYPE = oracledb
username = (blank)
password = (blank)
datebase = prod
When enduser hits the form link, it returns ORA-01017.... same errors.
Any ideas how to trouble shoot and configure RAD for users with OPS$ auth?
thank you in advance!
KanThank you for your input!
This is how our current production is setup that users use os authent (OPS$) to access forms/reports 6i. I'm just trying to migrate it to app10g environment.
I did configure SSO with WNA, it works fine. Any users can access NON-DB connected forms/reports. Only when forms/reports require DB conn, users who
have db password can access them with one click. But users identified externally will keep seeing Oracle Logon and Ora-01017 after authent into MidTier.
Setup RAI with one real db user account is not ideal since there are 1000+ OS authent users who have different database roles. Turn off the OPS$ and setup dummy password for 1000+ users may be the last solution.
v/r
Kan -
Database Crash after "alter user"
Hi,
I've a problem with oracle 8i databases on windows 2000 server, clustered (active-passive).
When I try to change sys password as sysdba the instance crashes without error messages in alterlog and without dump files.
ie:
sqlplus /nolog
SQL>conn sys/pwd@db as sysdba
SQL>alter user sys identified by pwd2;
this command works and the password file is updated, but the database cluster resource changed its status to "failed"
Is there a relationship with password file and microsoft cluster service or oralce fail safe?
this don't happens neither in standalone server nor clustered 10g databasesI think yes.
Check MOS FailSafe Database Goes Offline After Changing SYS Password - 167496.1
HTH
-Anantha -
Hi to all,
I have a user named dbo and vijay.
I have a procedure under dbo named as sp_alteruser
CREATE OR REPLACE PROCEDURE DBO.SP_ALTERUSER
P_USER_ID IN VARCHAR2,P_PASSWORD IN VARCHAR2,P_MSG OUT VARCHAR2)
--Declaration of IN parameters
IS
E_PASSWORD EXCEPTION;
E_INVALIDUSER EXCEPTION;
PRAGMA EXCEPTION_INIT(E_PASSWORD,-00988);
PRAGMA EXCEPTION_INIT(E_INVALIDUSER,-01918);
BEGIN
DECLARE
V_COUNT NUMBER;
V_STATEMENT1 VARCHAR2(200);
BEGIN
--To check whether the user has been already exists
SELECT COUNT(*) INTO V_COUNT
FROM ALL_USERS
WHERE USERNAME = P_USER_ID;
IF V_Count = 0 THEN
--If the count is 0 means that the user does not exist
DBMS_OUTPUT.PUT_LINE('User Does Not exist');
END IF;
IF V_COUNT>0 THEN
--If the count is greater than 0 then the Alter statement is executed
V_STATEMENT1:= 'ALTER USER ' ||P_USER_ID||' IDENTIFIED BY '
||P_PASSWORD;
-- EXECUTE IMMEDIATE 'GRANT ALTER USER TO VIJAY';
-- EXECUTE IMMEDIATE 'ALTER USER ' ||P_USER_ID||' IDENTIFIED BY ' ||P_PASSWORD;
--EXECUTE IMMEDIATE v_STATEMENT1;
P_MSG := 'Password Changed Sucessfully';
END IF;
END;
EXCEPTION
WHEN E_PASSWORD THEN
P_MSG := 'Missing or Invalid Password';
WHEN E_INVALIDUSER THEN
P_MSG := 'User '||P_USER_id||' Does not exist';
END;
I have created a synonym with the same name as sp_alteruser and given the execute privilege to the user vijay...
This procedure works fine when I run as DBO user, when I am trying from the vijay user it is throwing the error as insufficient privilege.
I tried to give the alter user privilege explicitly but none gone right, when i gave dba privilege and checked with it works fine..
Please help me in this regard.
Thanks
vijayYes, I got it and apologies. Its not there so the error is correct. I am not sure that which priv is letting the dba role change another user, here is a list of privs for some default roles but none of them is there which depicts clearly the option to change another user.
A very stupid answer, try giving the alter user with the admin option and see what happens. I don't ahve a db here otherwise I would had done it.
HTH
Aman.... -
Expire password - alter user - privilege authid
Hello to all
I need to allow the users of Data base, that when the password expires, can enter the new password from a page. What I am trying to do is to add a function to modify the user
create function usu_mod
as
begin
execute immediate 'alter user pepe identified by pepe2';
end;
some idea, raised affluent estaria? also it sends an insufficient error to me of privileges, since apex uses the APEX_PUBLIC_USER. I was looking for and I saw AUTHID DEFINER AUTHID, CURRENT_USER. it is necessary to use some of these commandos, somebody can give an idea me of like using them
Thank you very much
Juan PabloJuan - We talked about this here: Re: ORACLE Password Change using APEX FORM
Scott -
Expire password - alter user - privilege authid (2) english
Hello to all
I need to allow the users of Data base, that when the password expires, can enter the new password from a page. What I am trying to do is to add a function to modify the user
create function usu_mod
as
begin
execute immediate 'alter user pepe identified by pepe2';
end;
some idea, raised affluent estaria? also it sends an insufficient error to me of privileges, since apex uses the APEX_PUBLIC_USER. I was looking for and I saw AUTHID DEFINER AUTHID, CURRENT_USER. it is necessary to use some of these commandos, somebody can give an idea me of like using them
Thank you very much
Juan PabloJuan - We talked about this here: Re: ORACLE Password Change using APEX FORM
Scott -
Re: How to alter user using variable
I need to reset all Oracle default accounts to a custom password in one of our databases (11.1.0.7). I am using two files:
File 1 called mydb.sh
This file is Solaris shell script to run sql file. Here is the content:
#!/bin/bash
cd $HOME
. ./agsdb
sqlplus "/as sysdba"<<EOF
start /h/bin/mydb.sql
exit
EOF
if [$? !=0 ]; then
echo "Error, mydb.sh did not run"
echo "Exiting."
exit 1
fi
echo "********** mydb.sh is complete **********"And here is file2 mydb.sql
This file has content similar this the following:
>
alter user anonymous identified by password;
alter user oracle_ocm identified by password;
alter user DI identified by password;
alter user system identified by password;
Our problem is we don't want to use the password in plain text. To get arround, we will pass the password as a variable instead of the plain password text.
Maybe something like this:
alter user anonymous identified by variable_name;How can I mitigate this by passing this variable from solaris to sqlplus?
Thanks in advance.Alex wrote:
01. Create a procedure to get the username and password and then alter that user. For this you can use synamic sql
CREATE OR REPLACE PROCEDURE (username VARCHAR2, password VARCHAR2)
IS
BEGIN
EXECUTE IMMEDIATE 'ALTER USER '||username||' IDENTIFIED BY ||password;
END;
I have already dealt with the above. My problem is how to get the procedure to pass the password in variable as you mentioned below:
02. Then in your shell script call that procedure by passing username and password variables.. -
Let group leader change his memeber's pwd without giving him 'alter user' p
Hi, all
Is there any way that I can let a group leader to reset his own member's password without giving him the 'alter user' privilege ?
I know I can use following simplified procedure to allow one person to change his own password, but I am looking for a way to let leader to reset when his members forget their pwd, and the following script can't work. I also created the synonym and grant 'execute on' to him. Can someone help me on this?
Thanks in advance.
CREATE OR REPLACE PROCEDURE change_pwd ( v_username in varchar2, v_pwd in varchar2)
authid current_user
is
BEGIN
execute immediate 'alter user '||m_username||' identified by '||v_pwd ;
END ;
----SQL> @example
SQL> spool capture.log
SQL> create user alladmin identified by adminall;
User created.
SQL> grant connect to alladmin;
Grant succeeded.
SQL> grant resource to alladmin;
Grant succeeded.
SQL> grant alter user to alladmin;
Grant succeeded.
SQL> create user member1 identified by No1knows;
User created.
SQL> grant connect to member1;
Grant succeeded.
SQL> create user member2 identified by No1knows;
User created.
SQL> grant connect to member2;
Grant succeeded.
SQL> create user gl1 identified by secret;
User created.
SQL> grant connect to gl1;
Grant succeeded.
SQL> grant resource to gl1;
Grant succeeded.
SQL> connect alladmin/adminall
Connected.
SQL> CREATE OR REPLACE PROCEDURE change_pwd ( v_username in varchar2)
2 is
3 m_username varchar2(100);
4 v_pwd varchar2(30) := 'FUBAR1';
5 BEGIN
6 select user into m_username from dual;
7 if (m_username = 'GL1')
8 then
9 execute immediate 'alter user '||v_username||' identified by '||v_pwd ;
10 end if;
11 END ;
12 /
Procedure created.
SQL> grant execute on change_pwd to gl1;
Grant succeeded.
SQL> connect gl1/secret
Connected.
SQL> exec alladmin.change_pwd('MEMBER1');
PL/SQL procedure successfully completed.
SQL> exec alladmin.change_pwd('MEMBER2');
PL/SQL procedure successfully completed.
SQL> connect member1/FUBAR1
Connected.
SQL> select user from dual;
USER
MEMBER1
SQL> connect member2/FUBAR1
Connected.
SQL> select user from dual;
USER
MEMBER2
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining optionsAny more questions? -
How to create user identified by OS!
I know a command like :
SQL> create user OPS$name identified by password;
user created.
here, user is already an OS user in my linux.
But this don't work! I didn't get a user identified by Os.
May somebody give any points?
ThanksSpecify EXTERNALLY to create an external user. Such a user must be authenticated by an external service (such as an operating system or a third-party service). In this case, Oracle to relies on the login authentication of the operating system to ensure that a specific operating system user has access to a specific database user.
This example assumes that OS_AUTHENT_PREFIX = "" (in init.ora)
CREATE USER os_user IDENTIFIED EXTERNALLY
GRANT CONNECT to os_user
To create another user accessible only by the operating system account os_user2, prefix os_user2 by the value of the initialization parameter OS_AUTHENT_PREFIX.
For example, if this value is "ops$", you can create the user ops$os_user2 with the following statement
CREATE USER ops$os_user2
IDENTIFIED EXTERNALLY -
Hi,
Before I have an account login : rran pwd : $rran$
Now I alter my account with password admin and I want to go back with the password $rran$ with the command
SQL> alter user rran with password '$rran$';
and I have this error
alter user rran with password '$rran$'
ERROR à la ligne 1 :
ORA-00922: option erronée ou absente
How could i rresolve this problem because I need to return to the last password because it is usefull in the program JSPSorry the command is like this
SQL> alter user rran IDENTIFIED BY $rran$;
and I have this error
alter user rran identified by '$rran$'
ERROR à la ligne 1 :
ORA-00922: option erronée ou absente
How could i rresolve this problem because I need to return to the last password because it is usefull in the program JSP
Replies: 0 Pages: 1
Maybe you are looking for
-
I am downloading the memory card from my camcorder into my MacBook Pro with Retina display. It usually popped to the file called AVCHD then CLIP to show all the videos. But not this time, it automatically changed to BDMV. I do not have idea how this
-
What are the new features or the ebenefits on front end side in 7.0 version I know about backend. Regards, Manish Malhotra
-
Making offline photos online again...
In PSE7, I am trying to move offline photos back online on a larger disk. I've searched the forums and can't find advice that actually works. Any help will be appreciated. Some posting said that I can put the disk holding the offline photos online ag
-
ESS Personal Information Services
Hi, We are in planning to upgrade our existing ITS version to the latest webdynpro version ESS services. We will be implementing for 13 different countries. I can see based on the delivered Business Package that the iviews are based on specific count
-
Jdev 11g: Warnings in structure window for jspx (makeCurrent)
Hi, Jdev 11g generates code in jspx page which causes warnings in structure window. jspx-code: <af:table value="#{bindings.VwBob0010Main0010.collectionModel}" var="row" rows="#