Results 1 to 13 of 13

Thread: SYSDBA password

  1. #1
    Join Date
    May 2004
    Location
    Singapore
    Posts
    37

    Unanswered: SYSDBA password

    Hi All,

    How to change SYSDBA password ? Pls correction step as below :
    su - oracle
    export ORACLE_SID=xxxx
    sqlplus /nolog
    connect / as sysdba
    SQL > ALTER USER ...... (how to completed this command ?)

    The current password is change_on_install. I want to change with [newuser

    Thanks for advance

    chalie

  2. #2
    Join Date
    Jan 2004
    Location
    Croatia, Europe
    Posts
    4,094
    Provided Answers: 4
    Not a DBA, but ... when you create a new database, there are users with initial passwords:
    system / manager
    sys / change_on_install
    Change this passwords as:
    Code:
    $ sqlplus sys/change_on_install
    > alter user sys identified by new_sys_pwd;
    I'd say that "SYSDBA" you're talking about is not username, but represents privileges this user has (if you try to connect Scott/Tiger as sysdba, it will fail to do so as it can only connect as "Normal" (ordinary user without system privileges).

    There are DBA's here and they will surely explain it better.

  3. #3
    Join Date
    Jun 2004
    Posts
    796
    Provided Answers: 1
    The syntax for changing a pwd is:

    alter user [username] identified by [new pwd]

    BUT

    as Littlefoot says, SYSDBA is not a user - the pwd you quote is the default pwd for a user called SYS.

    SYSDBA is a privilege that allows the user it's assigned to to do many powerful things such as create databases (obviously a normal user isn't allowed to do that).
    90% of users' problems can be resolved by punching them - the other 10% by switching off their PCs.

  4. #4
    Join Date
    Mar 2004
    Posts
    370

    What type of Authentication do u use?

    If u use password file mode then simply:
    1.shout down your instance
    2.recreate password file with ORAPWD executable in bin directory and make new password here.more helps u can find when u run ORAPWD.
    -hope this help

  5. #5
    Join Date
    May 2004
    Location
    Singapore
    Posts
    37

    SYSDBA password

    Thank's Littlefoot,

    So I have to follow step as below, pls correction :

    su - oracle
    export ORACLE_SID=xxxx
    sqlplus sys/change_on_install
    alter user sys identified by sys_new_pwd;

    Should I connect to sysdba before submit SQL statement alter user ?

    Thanks for advance.
    chalie

  6. #6
    Join Date
    Mar 2003
    Location
    Singapore
    Posts
    200
    su - oracle
    export ORACLE_SID=xxxx
    sqlplus sys/change_on_install as sysdba (if change_on_install was ur sys password)
    alter user sys identified by sys_new_pwd;

    Mind this changes the password of the user sys and the Sysdba is still a privlg.

  7. #7
    Join Date
    Jan 2004
    Location
    Croatia, Europe
    Posts
    4,094
    Provided Answers: 4
    Quote Originally Posted by chalie
    Should I connect to sysdba before submit SQL statement alter user ?
    As I've already said, I'm not a DBA. However, I'd say not. I never connected as sysdba but was able to change sys's password without problem.

    If I understood well, you ONLY want to change password of a user whose initial password is "change_on_install". It can be done any time and for every user, as long as you have one user with sysdba priviledges and know its password.

    So, connect as (for example, let's say that system's password is "manager" and it has sysdba privs) to SQL*Plus:
    $ sqlplus system/manager
    > alter user sys identified by chalie;
    > alter user scott inentified by lion;
    > alter user julie identified by andrews;

    It works on Oracle 7; I guess it *should* work on later releases too.

  8. #8
    Join Date
    May 2004
    Location
    Singapore
    Posts
    37

    SYS Password

    I've changed the password for sys.
    After altered user was success, I try to use new password with these command :
    su - oracle
    sqlplus
    name : sys as sysdba
    password :*****

    Why I can still use old password ?

    rgd - chalie

  9. #9
    Join Date
    May 2004
    Location
    Singapore
    Posts
    37

    SYS Password

    I've changed the password for sys.
    After altered user was success, I try to use new password with these command :
    su - oracle
    sqlplus
    name : sys as sysdba
    password :*****

    Why I can still use old password ?

    rgd - chalie

  10. #10
    Join Date
    Mar 2004
    Posts
    370

    Did you restart your instance?

    Did you drop your previous pass file and then stop and restart yout instance?
    Make sure your last pass file was droped before.
    -Be in touch

  11. #11
    Join Date
    Apr 2003
    Location
    Jagdishpur
    Posts
    146
    HI,
    I am a DBA & would like to explain this phenomenon. First of all i would like to know from where u r connecting to ur database with SYS a/c. I feel u r connecting it from the machine hosting DB i.e from server machine.

    1. If yes, then it will never check password for SYS A/c whatever it may be set. Anything will work....or no pasword at all....or any garbage word......This is because it SYS a/c gets authenticated from OS User Group. So, if u try to connect SYS a/c from the machine hosting ur database server, IT WILL NEVER EVER VALIDATE OR VERIFY THE PASWORD.

    2. If you are connecting your SYS a/c from remote i.e from another host or from OEM Console etc. then it that case it checkes & verify the password file as it has been created with ORAPWD utility. This will happen only & only when you have set REMOTE_LOGIN_PASSWORDFILE= shared or exclusive in ur init.ora file. The default value is NONE. The both settings like creating password file & setting parameter in init.ora file is MUST.

    - In 1st case also, if u access ur database via OEM console then also feature explained in point. no 2 comes in effect. It does not check password if u connect to DB via SQL*PLUS.

    Hope, it is able to clarify you all. In case, need any clarificaiton feel free to ask me. Thanks.

    Kamesh Rastogi
    - KR

  12. #12
    Join Date
    Aug 2004
    Location
    France
    Posts
    754
    Hello RastogiKamesh,

    First of all, thanks for these explanations. I was indeed experiencing this issue : whatever password I typed when connecting as sysdba from the machine hosting the Oracle server, it just connected without any problem. Are you sure that this CANNOT be changed ? That would mean that anybody who has a physical access to the server can do whatever he wants, no matter his knowledge about Oracle, SQL or the databases running on the server. It seems a little short on security... People with very good intentions could do great harm to the databases.

    Thanks in advance for your reply.

    Regards,

    RBARAER

  13. #13
    Join Date
    Apr 2003
    Location
    Jagdishpur
    Posts
    146
    Hi RBARAER,
    Its nice that u r able see & judge the issue.

    Yes!! It is true that if somebody is having physical access to your server (where ORACLE is Hosted), he may able to Log in as SYS as SYSDBA and of course shutdown to your DATABASE etc. etc. But, this is not as ORACLE wants & of course is not expected behaviour. We need to understand as why this happens when we work directly on Host Server.?? Let me ask you, what platform you have for ur Oracle Server. Pls. update.

    Let say, if we talk about Oracle on SUN or UNIX. It is true for even windows.

    This phenomenon happens because your Oracle a/c (by default) becomes part of your SYSDBA or ORADBA (windows) group and just because of this, SYS a/c is authenticated by default. This is called OS authentication. You can restrict the OS authentication for SYS a/c by modifying your SQLNET.ORA file available in ur $ORACLE_HOME/network/admin directory.
    At this time, i am not able to recall it how & not able to give u complete details. But this to be modified. You may check your Oracle Documentation. Just a tip & i am sure u will able to use it.


    Regards,
    Kamesh Rastogi
    - KR

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •