Not a DBA, but ... when you create a new database, there are users with initial passwords:
system / manager
sys / change_on_install
Change this passwords as:
$ sqlplus sys/change_on_install
> alter user sys identified by new_sys_pwd;
I'd say that "SYSDBA" you're talking about is not username, but represents privileges this user has (if you try to connect Scott/Tiger as sysdba, it will fail to do so as it can only connect as "Normal" (ordinary user without system privileges).
There are DBA's here and they will surely explain it better.
If u use password file mode then simply:
1.shout down your instance
2.recreate password file with ORAPWD executable in bin directory and make new password here.more helps u can find when u run ORAPWD.
-hope this help
Should I connect to sysdba before submit SQL statement alter user ?
As I've already said, I'm not a DBA. However, I'd say not. I never connected as sysdba but was able to change sys's password without problem.
If I understood well, you ONLY want to change password of a user whose initial password is "change_on_install". It can be done any time and for every user, as long as you have one user with sysdba priviledges and know its password.
So, connect as (for example, let's say that system's password is "manager" and it has sysdba privs) to SQL*Plus:
$ sqlplus system/manager
> alter user sys identified by chalie;
> alter user scott inentified by lion;
> alter user julie identified by andrews;
It works on Oracle 7; I guess it *should* work on later releases too.
I am a DBA & would like to explain this phenomenon. First of all i would like to know from where u r connecting to ur database with SYS a/c. I feel u r connecting it from the machine hosting DB i.e from server machine.
1. If yes, then it will never check password for SYS A/c whatever it may be set. Anything will work....or no pasword at all....or any garbage word......This is because it SYS a/c gets authenticated from OS User Group. So, if u try to connect SYS a/c from the machine hosting ur database server, IT WILL NEVER EVER VALIDATE OR VERIFY THE PASWORD.
2. If you are connecting your SYS a/c from remote i.e from another host or from OEM Console etc. then it that case it checkes & verify the password file as it has been created with ORAPWD utility. This will happen only & only when you have set REMOTE_LOGIN_PASSWORDFILE= shared or exclusive in ur init.ora file. The default value is NONE. The both settings like creating password file & setting parameter in init.ora file is MUST.
- In 1st case also, if u access ur database via OEM console then also feature explained in point. no 2 comes in effect. It does not check password if u connect to DB via SQL*PLUS.
Hope, it is able to clarify you all. In case, need any clarificaiton feel free to ask me. Thanks.
First of all, thanks for these explanations. I was indeed experiencing this issue : whatever password I typed when connecting as sysdba from the machine hosting the Oracle server, it just connected without any problem. Are you sure that this CANNOT be changed ? That would mean that anybody who has a physical access to the server can do whatever he wants, no matter his knowledge about Oracle, SQL or the databases running on the server. It seems a little short on security... People with very good intentions could do great harm to the databases.
Its nice that u r able see & judge the issue.
Yes!! It is true that if somebody is having physical access to your server (where ORACLE is Hosted), he may able to Log in as SYS as SYSDBA and of course shutdown to your DATABASE etc. etc. But, this is not as ORACLE wants & of course is not expected behaviour. We need to understand as why this happens when we work directly on Host Server.?? Let me ask you, what platform you have for ur Oracle Server. Pls. update.
Let say, if we talk about Oracle on SUN or UNIX. It is true for even windows.
This phenomenon happens because your Oracle a/c (by default) becomes part of your SYSDBA or ORADBA (windows) group and just because of this, SYS a/c is authenticated by default. This is called OS authentication. You can restrict the OS authentication for SYS a/c by modifying your SQLNET.ORA file available in ur $ORACLE_HOME/network/admin directory.
At this time, i am not able to recall it how & not able to give u complete details. But this to be modified. You may check your Oracle Documentation. Just a tip & i am sure u will able to use it.