Hyperion, Oracle, and password expirations ???

Similar Messages

• WLC 4402 username and password expires automatically

  Hi,
  We are facing issue with Cisco WLC 4402 (Cisco AireOS Version 4.2.205.0) and username and password expired automatically. It happens very often. We are not able to retreive the password, so everytime we need to reset(factory default) the Cisco WLC4402 and doing fresh installation.
  Whether it is the hardware issue or software bug.
  Also is there any possibility of recover the username and [password with resetting the cisco wlc4402.
  Kindly suggest on this issue.
  Regards
  S.Manikandan

  Hmmm.. Strange!! are we using any TACACS to manage?? or just the management username and password??
  I guess after 5.2 WLC code or so we have the option of resetting the password without losing the config!!
  Regards
  Surendra

• Hyperion encryption and password / account lockout mechanisms

  Hi All,
  Please help as i want to know How does the Excel Add-In do the following
  1. Is the connection to Hyperion encrypted and what are the details?
  2. What are the password / account lockout mechanisms?
  Regards,
  Mink

  If you need an encrypted connection to Essbase then you should use Smartview over https.
  1) The Excel-Addin connection is not encrypted -- you can definitely see member information with a packet trace and with some time could probably figure out how to decipher the numeric data. The password to connect with did seem to have some level of encryption -- Hyperion would need to answer anything further as this is not documented.
  2) The lockout mechanism depends on the user directory provider you chose. To my knowledge the native directory has not capabilities for user lockout. If you chose to use say Active Directory or another system then the those items are configured in that user directory and you would need to speak with the specific directory administration team regarding the lockout mechanisms.
  Regards,
  -John

• DS 6.2 and password expiration

  Hello,
  I'm having problems enforcing password expiration with DSEE. We have two Solaris 10 DSEE 6.2 servers configured with multi-master replication. The clients are running Solaris 8 (117350-47 Jun 2007 kernel patch level), and are using pam_ldap authentication.
  Using either telnet (just as a test) or ssh to login, I don't receive warnings of password expiration, nor is the account locked after passwordExpirationTime is exceeded.
  As an example, I can still authenticate as a user with this passwordExpirationTime:
  passwordExpirationTime=20071123163438Z
  The following is our DSEE password policy:
  pwd-accept-hashed-pwd-enabled : off
  pwd-check-enabled : on
  pwd-compat-mode : DS6-mode
  pwd-expire-no-warning-enabled : on
  pwd-expire-warning-delay : 4w
  pwd-failure-count-interval : 10m
  pwd-grace-login-limit : disabled
  pwd-keep-last-auth-time-enabled : on
  pwd-lockout-duration : disabled
  pwd-lockout-enabled : on
  pwd-lockout-repl-priority-enabled : on
  pwd-max-age : 12w6d
  pwd-max-failure-count : 4
  pwd-max-history-count : 3
  pwd-min-age : 1w
  pwd-min-length : 6
  pwd-mod-gen-length : 6
  pwd-must-change-enabled : off
  pwd-root-dn-bypass-enabled : off
  pwd-safe-modify-enabled : off
  pwd-storage-scheme : SSHA
  pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
  pwd-strong-check-enabled : on
  pwd-strong-check-require-charset : any-three
  pwd-supported-storage-scheme : CRYPT
  pwd-supported-storage-scheme : SHA
  pwd-supported-storage-scheme : SSHA
  pwd-supported-storage-scheme : NS-MTA-MD5
  pwd-supported-storage-scheme : CLEAR
  pwd-user-change-enabled : on
  Am I missing something obvious in the DSEE password policy? Would any other information be helpful in troubleshooting, such as /etc/pam.conf, patch levels of other packages, etc.?
  Thanks!

  If your DS6 instance is in DS5-compatible-mode (see above references), passwordExpirationTime is not ignored; however, please note that modifying server operational attributes via protocol has never been supported.
  A supported way to force a user to change his or her password (without administratively resetting the password) would be to define a specialized password policy with a small max-age value (but maintaining the relationship pwdMinAge+pwdExpireWarning<pwdMaxAge), and use Roles/CoS to scope the policy to the user entry that requires a password change, but for which the password has not yet been changed. A value of pwdChangedTime in the past (or its absence from the entry) would indicate that the password had not yet been changed as requested. If the DS6 instance is in DS5-compatible-mode, you will need to enable grace logins via passwordWarning in the policy, while if the DS6 instance is in DS6-migration-mode or DS6-mode, you will also need to enable grace logins via pwdGraceAuthNLimit in the policy. Otherwise, the user cannot bind with an expired password.
  OpenDS includes a "must-change-by" feature in the password policy that simplifies configuring the specialized password policy, but I'm not aware of any plans to add this feature to DS6.

• DS 6.3 ssh key and password expiration warnings

  I suspect this may be more of an ssh issue than a DS issue, but has anyone managed a configuration that will give users logging in with ssh keys, password expiration or reset warnings?
  In my setup, using compat mode in nsswitch.conf, native ldap logins work as expected for users entering their password. - That is, they are forced to change the password after an admin reset, receive "your password will expire" warnings, based on the expiration period set in DS (password policies in DS 6 mode, migrated from DS 5.2), etc.
  If a user has an ssh authorized_key entry, they can login without a password, as long as their password is not expired, or been reset by an admin. They are never shown the warning messages, but are allowed to connect, and then immediately logged off, if their password has expired, passed the number of grace logins, or been reset.
  The user can only login if they start from a different username and bypass the ssh key check.
  Hope this makes sense.

  After running various debug modes, I'm beginning to believe that the Directory Server may only issue the warning messages if a password has been typed, and validated in the directory. Since no password is enered when using an ssh key, the warnings aren't triggered.

• Oracle Xellerate - Account and Password Expiry

  Hi All,
  I needed a quick help on how would Oracle Xellerate Identity Provisioning enforce account and password expiration policies. Please suggest me some good supporting links.
  Thanks and Regards
  Aditi

  You should be able to get this information from the Xellerate product documentation which gets created when you install the product.
  Thanks,
  Prashant

• Can I use user names and password of Microsoft Office Outlook for hyperion

  I'm new to Hyperion. Can anyone tell that can I use "user names" and "passwords" of Microsoft Office Outlook for login into hyperion applications.
  I'm not talking about single sign on, but want to use same user names and passwords as that in Outlook.
  ANy suggestions?

  That depends on how your Outlook authentication is configured.
  Hyperion is generally configured to authenticate against a network directory (NTLM, MSAD or LDAP). I'm not an Outlook expert, but my Outlook user ID and password is almost always my MSAD id and password (I change clients regularly, and it's almost always the same situation). So it's also usually the same as my Hyperion ID and password.
  Ask your Outlook administrator whether it uses (or syncs with) MSAD, NTLM or LDAP. If the answer is yes, then you're in good shape because Hyperion can use these as well.
  Hope this helps,
  - Jake

• Password expire date back to 2011 from 2012  after assigned  a user profile

  Friends,
  I created a profile test as
  COMPOSITE_LIMIT UNLIMITED
  SESSIONS_PER_USER UNLIMITED
  CPU_PER_SESSION UNLIMITED
  CPU_PER_CALL UNLIMITED
  LOGICAL_READS_PER_SESSION UNLIMITED
  LOGICAL_READS_PER_CALL UNLIMITED
  IDLE_TIME 60
  CONNECT_TIME UNLIMITED
  PRIVATE_SGA UNLIMITED
  FAILED_LOGIN_ATTEMPTS 5
  PASSWORD_LIFE_TIME 120
  PASSWORD_REUSE_TIME           60
  PASSWORD_REUSE_MAX           30
  PASSWORD_VERIFY_FUNCTION NULL
  PASSWORD_LOCK_TIME 1
  PASSWORD_GRACE_TIME 7;
  the user default profile default PASSWORD_LIFE_TIME is 180 and password expired date is 1/7/2012. the test account was created in 7/11/2011.
  Now I assign test user to test profile successfully.
  However. expire date becomes 11/8/2011 1 from 1/7/2012 by select dba_users
  which wrong is in my profile or somewhere?
  As I think, the account password expired should be start after assigned new profile with PASSWORD_LIFE_TIME. but is seems expire date is start from original account created date.
  Thanks
  newdba
  Edited by: Oradb on May 24, 2012 1:56 PM

  I would think the expire time would be based on the last password change time which Oracle stores in the rdbms base table for user information (user$). Find a second user, alter the password, check the expire date, then assign the user to the new profile, re-check the expiration date. Post back. Behavior may vary between releases so include full Oracle version of test.
  HTH -- Mark D Powell --

• DS 6.3 password expiration oddities

  I have been exploring an upgrade from DS5.2 to DS 6.3 to take advantage of the enhanced password policies and password expiration that have never worked quite right in DS5.2.
  The previous 5.2 and migrated 6.3 environments both use netgroups to restrict logins to specific systems.
  This generally works very well, although I'm seeing weirdness for local system accounts.
  I've explored the forums, tweaked pam.conf and nsswitch.conf in pretty much every way that's been suggested.
  DS 6.3 is setup on Solaris 10, and my client systems are Solaris 8, with all of the latest necessary patches applied.
  nsswitch has:
  passwd: compat
  group: compat
  passwd_compat: ldap
  group_compat: ldap
  netgroup: ldap
  All local and LDAP accounts can login fine if pam.conf has:
  other account requisite pam_roles.so.1
  other account binding pam_unix_account.so.1 server_policy
  other account required pam_ldap.so.1
  But no warning messages are received from the directory server for password expiration or administrative password resets.
  If I change pam.conf to have:
  other account requisite pam_roles.so.1
  other account optional pam_ldap.so.1
  other account binding pam_unix_account.so.1 server_policy
  All users can login, password expiration warnings are received, and users are notified if the admin user resets their password, but (as expected) users aren't forced to reset their password on first login or resets.
  Using "required" or "requisite" for pam_ldap in the above stack order, disables local account logins, as they are
  prompted for LDAP passwords that they don't have.
  Any combination of settings that I've tried that successfully force resets, etc. appear to disable the ability of local accounts to login - they are prompted for LDAP password, which of course fails.
  If anyone can demonstrate a combination of nsswitch.conf and pam.conf settings that will actually allow local user login, but still enforce password policies and expiration warnings, for Solaris 8 clients, it would be greatly appreciated.

  I'm still struggling to get password expiration and inactivation to work with DS 6.3.1 and Solaris 10 5/08. When accounts are expired or inactivated (nsAccountLock) users can still login via ssh. But when accounts are temporarily locked (pwdAccountLockedTime) ssh does the right thing and won't let them log in.
  Things work properly when I have
  passwd: files ldap
  in nsswitch.conf, but when I go to compatibility mode:
  passwd: compat
  passwd_compat: ldap
  ssh 'ignores' expiration and inactivation status of accounts.
  Following the advice of your last comment here (4.5 years ago!) I took away all access to the 'userPassword' attribute for the proxy account, but nothing changed (I did an 'ldapsearch' as the proxy account to ensure that the aci was working as expected and denying all access to the attribute).
  Would you, akillenb, or anyone, be so kind as to give any information that will let a Solaris 10 client work properly with the enhanced account management facilities of the Sun DSEE 6.3.1 LDAP server? Copies of pam.conf and nsswitch.conf and details on LDAP aci's would be most gratefully received!!!

• Default username and password Oracle Hyperion workspace/shared services

  Hi Friends,
  I had installed Install Oracle Hyperion Planning, Fusion Edition Release 11.1.1.3.0 (foundation services and planning)
  but i am unable to login to workspace,shared services
  what is the default username and password for these.Please let me know?
  Regards,
  DB

  Hi,
  Default Admin user is: admin and default PW: password.
  If you have not yet changed.
  Thanks
  Focusthread Hyperion Trainer
  [http://focusthread.com/training]

• SYS and SYSTEM user password expired

  My 11g2 database on Redhat 5 has sys and system user password expiredSQL> select username,account_status,EXPIRY_DATE
  from dba_users where username like 'SYS%';
    2
  USERNAME                       ACCOUNT_STATUS                   EXPIRY_DA
  SYSMAN                         OPEN
  SYSTEM                         OPEN                             15-FEB-11
  SYS                            OPEN                             15-FEB-11But I can still connect the databsae with t expired password.
  Do I need worry about the expiration of these user's password? For a normal user, I connot login with expired password

  Dear user13148231,
  Here is an illustration;
  SQL> alter user sys account lock;
  User altered.
  SQL> select username, account_status, lock_date, expiry_date from dba_users where USERNAME='SYS';
  USERNAME                      ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
  SYS                                      LOCKED                           20-AUG-10      23-FEB-09
  SQL> host sqlplus sys/password@opttest as sysdba
  SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:25:43 2010
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> exit
  Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> alter user sys identified by password password expire;
  User altered.
  SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';
  USERNAME                      ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
  SYS                                EXPIRED & LOCKED                 20-AUG-10   20-AUG-10
  SQL> host sqlplus sys/password@opttest as sysdba
  SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:27:02 2010
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> exit
  Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> alter user sys identified by password account unlock;
  SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';
  USERNAME                       ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
  SYS                            OPENEven if it shows expired and locked it is OK to connect to the database for the SYS user.
  SQL> alter user ogan identified by password account lock password expire;
  User altered.
  SQL> select username, account_status, lock_date, expiry_date from dba_users where username='OGAN';
  USERNAME                       ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
  OGAN                           EXPIRED & LOCKED                 20-AUG-10 20-AUG-10
  SQL> conn ogan/password
  ERROR:
  ORA-28000: the account is locked
  Warning: You are no longer connected to ORACLE.
  SQL> conn / as sysdba
  Connected.
  SQL> alter user ogan account unlock;
  User altered.
  SQL> conn ogan/password@opttest
  ERROR:
  ORA-28001: the password has expired
  Changing password for ogan
  New password:
  Retype new password:
  Password changed
  Connected.
  SQL>Ogan

• APEX_PUBLIC_USER password expired and now APEX denies access to /pls/apex/f

  Hi. I have a problem with expired passwords. We are using APEX 2.2.0 with Oracle 10g. This morning the APEX_PUBLIC_USER and HTMLDB_PUBLIC_USER accounts passwords expired. We have a really weird setup. Our DBA team owns these accounts and our web server team manages the APEX application itself. When the passwords expired, our DBA changed them from Oracle, not from within APEX. Now we are unable to access our application. We get the following error message:
  Forbidden
  You don't have permission to access /pls/apex/f on this server.
  The DBA won't reset the passwords to their prior value because it's against corporate policy to resuse them. The web server team does not know how to go in to APEX and enter the new values. Can someone point me to documentation that explains what we need to do? I just want to get these two teams working together so that my users can get back to work!
  Thanks,
  Mike

  Mike - All you have to do is change the database account password to a new value and enter that same password into the DAD definition, obfuscating it in that file if your policy so dictates.
  Application Express, per se, doesn't know anything about that account's attributes such as its password so there is no interface provided for its maintenance.
  Scott

• Urgent help needed. Orcladmin and superuser password expired

  Hi all,
  We have been testing OCS with RTC quite successfully. Now we wanted to show this to a customer and tried to login today. Now with the same name and password as always we get now a "Your password has expired" message. We tried to login with orcladmin but we get the same message.
  I looked it up in the manual but have had no success so far. Anybody knows what to do now. Looks like we are completely locked out.

  Nitai,
  For details you need to look at the OID admin to change the password policy.
  but here are the quick steps on how to disable it
  from an ORACLE_HOME env set
  1. type oidadmin
  2. you will need to configure to point to your OID server if you have done already
  3. login as orcladmin + passwd you used for the other orcladmin //this user is different, again the OID docs will give detail
  4. expand the Oracle Internet Driectory Servers
  5. expand [email protected]
  6. exand the Password Policy Management
  7. highliight cn=PwdPolicyEntry
  8. on the right pane, Disable the "Enable OID Password Policy:" ; apply
  9 . do the same for the "Password Policy for Realm dc=....." //left pane ; apply
  10. exit out of oidadmin
  you should now be able to login via the sso login
  again for more detail on how to change the passwd policy please rvw the OID docs.

• I am trying to set up a genius bar appointment on my computer and it tells me "Sorry your session has expired. Please sign in again using your Apple ID account name and password" I know they are correct and use them to sign in on my phone.

  Hi I am trying to set a appointment for the Genus bar on my computer.  I know for a fact that my login is correct.  I have used it to sign in here and make a apointment (had to do it on my phone).  When I get to the appointment area it tells me to resign, and tells me "SORRY" Your lass session has expired.  Pleae sign in using your apple id account name and password.  I have tried resetting my password and all.  I am running Internet Explorer version 11 and my windows is 7.  Any help would be nice...

  ok.. I tried this three times and kept getting that access denied thing when I clicked post my questions. So now maybe I wont have to typ this a fifth time....
  I have a MAC computer with Sync. Was set up under sync Beta. I have an Android phone synced to it that was synced using the pair this device function. It works perfectly. I just got a new Android Tablet and am trying to add it to my sync and it does not seem to have the pair my device function. It insists I log into my sync account. So I try it and it tells me invalid userid/password. I verify and it is the exact email address userid that shows as being my sync account on the MAC. I verify the password on the MAC and it tests out fine. Try the tablet again and invalid.. So I try to reset my password on the tablet and am told my email address/account name does not exist. I just verified it AND Synced my MAC using it!! I have my recovery Key but there is no place to input it into the tablet. There is no place on tablet to enter the link device codes. How can my account be valid and in use on two devices but invalid and nonexistant on the new one? And How do I get the New one to sync with other two?

• What is the default user name and password for oracle databse 10g

  Hi: gurus, I just recently installed the oracle 10g personal edition and trying to log on to the enterprise manger, but can't figure it out the user name and password, can some one help me and tell me what is the default user name and password to logon to the oracle instance. BTW during the installation I choose two passowrds one for the schema and one for the global database orcl. I wonder will I be using one of these passwords. Still I don't have any clue for the "User Name".
  thanks

  system/manager and sys/change_on_install are still valid default passwords when database is manually created. If DBCA was used, passwords will be those defined at creation time inside DBCA.
  In case passwords have been forgotten, those can be reset:
  From an OS commnad prompt, set ORACLE_SID, ORACLE_HOME and PATH environment variables, just to make sure you are pointing to the right Oracle Home installation, and issue:
  OS> sqlplus / as sysdba
  SQL> alter user sys identified by yourNewSysPassword;
  SQL> alter user system identified by yourNewSystemPassword;
  And you're done with it.
  HR Madrid