Extract from manual tells:

"If you issue the ALTER USER statement to change the password for SYS
after connecting to the database, both the password stored in the data
dictionary and the password stored in the password file are updated,
but..."

on my O10gR2 database it works as follows:

18:37:15 SQL> conn sys/oracle@orcl as sysdba
Connected.
18:46:27 SQL> select username, password from dba_users where
username='SYS';

USERNAME PASSWORD
--------------- ------------------------------
SYS 8A8F025737A9097A

18:48:12 SQL> alter user sys identified by ora;

User altered.

18:48:59 SQL> select username, password from dba_users where
username='SYS';

USERNAME PASSWORD
--------------- ------------------------------
SYS 03EA201D12FA4679

18:49:02 SQL> conn sys/ora@orcl as sysdba
Connected.
18:49:17 SQL> alter user sys identified by values
'8A8F025737A9097A'; !!! password is oracle !!!

User altered.

18:50:21 SQL> conn sys/oracle@orcl as sysdba
ERROR:
ORA-01031: insufficient privileges !!! I cannot connect
because password isn't changed in passwordfile !!!


Warning: You are no longer connected to ORACLE.
18:50:31 SQL> conn sys/ora@orcl as sysdba
Connected.
18:51:14 SQL> alter user sys identified by oracle;

User altered.

18:51:25 SQL> select username, password from dba_users where
username='SYS';

USERNAME PASSWORD
--------------- ------------------------------
SYS 8A8F025737A9097A

18:51:34 SQL> conn sys/oracle@orcl as sysdba
Connected.
18:51:49 SQL> disc
Disconnected from Oracle Database 10g Enterprise Edition Release
10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options


So, my conclusion (is that truth?):

I can change password for sys in password file with "alter user sys
identified by <passwd>" statement, but
I cannot do that with "alter user sys identified by values '<hash>' "
statement.

Is there anybody who can tell me how to change password for sys in
password file without providing the password itself?

On Dec 6, 7:09 pm, mariok <mario.kacko...@gmail.com> wrote:
> Extract from manual tells:
>
> "If you issue the ALTER USER statement to change the password for SYS
> after connecting to the database, both the password stored in the data
> dictionary and the password stored in the password file are updated,
> but..."
>
> on my O10gR2 database it works as follows:
>
> 18:37:15 SQL> conn sys/oracle@orcl as sysdba
> Connected.
> 18:46:27 SQL> select username, password from dba_users where
> username='SYS';
>
> USERNAME PASSWORD
> --------------- ------------------------------
> SYS 8A8F025737A9097A
>
> 18:48:12 SQL> alter user sys identified by ora;
>
> User altered.
>
> 18:48:59 SQL> select username, password from dba_users where
> username='SYS';
>
> USERNAME PASSWORD
> --------------- ------------------------------
> SYS 03EA201D12FA4679
>
> 18:49:02 SQL> conn sys/ora@orcl as sysdba
> Connected.
> 18:49:17 SQL> alter user sys identified by values
> '8A8F025737A9097A'; !!! password is oracle !!!
>
> User altered.
>
> 18:50:21 SQL> conn sys/oracle@orcl as sysdba
> ERROR:
> ORA-01031: insufficient privileges !!! I cannot connect
> because password isn't changed in passwordfile !!!
>
> Warning: You are no longer connected to ORACLE.
> 18:50:31 SQL> conn sys/ora@orcl as sysdba
> Connected.
> 18:51:14 SQL> alter user sys identified by oracle;
>
> User altered.
>
> 18:51:25 SQL> select username, password from dba_users where
> username='SYS';
>
> USERNAME PASSWORD
> --------------- ------------------------------
> SYS 8A8F025737A9097A
>
> 18:51:34 SQL> conn sys/oracle@orcl as sysdba
> Connected.
> 18:51:49 SQL> disc
> Disconnected from Oracle Database 10g Enterprise Edition Release
> 10.2.0.1.0 - Production
> With the Partitioning, OLAP and Data Mining options
>
> So, my conclusion (is that truth?):
>
> I can change password for sys in password file with "alter user sys
> identified by <passwd>" statement, but
> I cannot do that with "alter user sys identified by values '<hash>' "
> statement.
>
> Is there anybody who can tell me how to change password for sys in
> password file without providing the password itself?

IMO disallowing alter user identified by values for SYS is a very good
idea of Oracle.
If you would allow this this would mean anyone can override the SYS
password.
So actually I don't see the problem, or you must be changing your SYS
password on a crowded public place like St Peter's Square.

--
Sybrand Bakker
Senior Oracle DBA

On 7. Dec., 11:43 h., sybrandb <sybra...@gmail.com> wrote:
> On Dec 6, 7:09 pm, mariok <mario.kacko...@gmail.com> wrote:
>
>
>
>
>
> > Extract from manual tells:
>
> > "If you issue the ALTER USER statement to change the password for SYS
> > after connecting to the database, both the password stored in the data
> > dictionary and the password stored in the password file are updated,
> > but..."
>
> > on my O10gR2 database it works as follows:
>
> > 18:37:15 SQL> conn sys/oracle@orcl as sysdba
> > Connected.
> > 18:46:27 SQL> select username, password from dba_users where
> > username='SYS';
>
> > USERNAME PASSWORD
> > --------------- ------------------------------
> > SYS 8A8F025737A9097A
>
> > 18:48:12 SQL> alter user sys identified by ora;
>
> > User altered.
>
> > 18:48:59 SQL> select username, password from dba_users where
> > username='SYS';
>
> > USERNAME PASSWORD
> > --------------- ------------------------------
> > SYS 03EA201D12FA4679
>
> > 18:49:02 SQL> conn sys/ora@orcl as sysdba
> > Connected.
> > 18:49:17 SQL> alter user sys identified by values
> > '8A8F025737A9097A'; !!! password is oracle !!!
>
> > User altered.
>
> > 18:50:21 SQL> conn sys/oracle@orcl as sysdba
> > ERROR:
> > ORA-01031: insufficient privileges !!! I cannot connect
> > because password isn't changed in passwordfile !!!
>
> > Warning: You are no longer connected to ORACLE.
> > 18:50:31 SQL> conn sys/ora@orcl as sysdba
> > Connected.
> > 18:51:14 SQL> alter user sys identified by oracle;
>
> > User altered.
>
> > 18:51:25 SQL> select username, password from dba_users where
> > username='SYS';
>
> > USERNAME PASSWORD
> > --------------- ------------------------------
> > SYS 8A8F025737A9097A
>
> > 18:51:34 SQL> conn sys/oracle@orcl as sysdba
> > Connected.
> > 18:51:49 SQL> disc
> > Disconnected from Oracle Database 10g Enterprise Edition Release
> > 10.2.0.1.0 - Production
> > With the Partitioning, OLAP and Data Mining options
>
> > So, my conclusion (is that truth?):
>
> > I can change password for sys in password file with "alter user sys
> > identified by <passwd>" statement, but
> > I cannot do that with "alter user sys identified by values '<hash>' "
> > statement.
>
> > Is there anybody who can tell me how to change password for sys in
> > password file without providing the password itself?
>
> IMO disallowing alter user identified by values for SYS is a very good
> idea of Oracle.
> If you would allow this this would mean anyone can override the SYS
> password.
> So actually I don't see the problem, or you must be changing your SYS
> password on a crowded public place like St Peter's Square.
>
> --
> Sybrand Bakker
> Senior Oracle DBA- Skry» citovaný text -
>
> - Zobrazi» citovaný text -

Thanks for reply

But I only wanted to know if there is any way how to change password
for sys except "alter user" statement or orapwd utility because of
unencrypted password.

Mario K.

On Fri, 7 Dec 2007 04:33:31 -0800 (PST), mariok
<mario.kackovic@gmail.com> wrote:

>On 7. Dec., 11:43 h., sybrandb <sybra...@gmail.com> wrote:
>> On Dec 6, 7:09 pm, mariok <mario.kacko...@gmail.com> wrote:
>>
>>
>>
>>
>>
>> > Extract from manual tells:
>>
>> > "If you issue the ALTER USER statement to change the password for SYS
>> > after connecting to the database, both the password stored in the data
>> > dictionary and the password stored in the password file are updated,
>> > but..."
>>
>> > on my O10gR2 database it works as follows:
>>
>> > 18:37:15 SQL> conn sys/oracle@orcl as sysdba
>> > Connected.
>> > 18:46:27 SQL> select username, password from dba_users where
>> > username='SYS';
>>
>> > USERNAME PASSWORD
>> > --------------- ------------------------------
>> > SYS 8A8F025737A9097A
>>
>> > 18:48:12 SQL> alter user sys identified by ora;
>>
>> > User altered.
>>
>> > 18:48:59 SQL> select username, password from dba_users where
>> > username='SYS';
>>
>> > USERNAME PASSWORD
>> > --------------- ------------------------------
>> > SYS 03EA201D12FA4679
>>
>> > 18:49:02 SQL> conn sys/ora@orcl as sysdba
>> > Connected.
>> > 18:49:17 SQL> alter user sys identified by values
>> > '8A8F025737A9097A'; !!! password is oracle !!!
>>
>> > User altered.
>>
>> > 18:50:21 SQL> conn sys/oracle@orcl as sysdba
>> > ERROR:
>> > ORA-01031: insufficient privileges !!! I cannot connect
>> > because password isn't changed in passwordfile !!!
>>
>> > Warning: You are no longer connected to ORACLE.
>> > 18:50:31 SQL> conn sys/ora@orcl as sysdba
>> > Connected.
>> > 18:51:14 SQL> alter user sys identified by oracle;
>>
>> > User altered.
>>
>> > 18:51:25 SQL> select username, password from dba_users where
>> > username='SYS';
>>
>> > USERNAME PASSWORD
>> > --------------- ------------------------------
>> > SYS 8A8F025737A9097A
>>
>> > 18:51:34 SQL> conn sys/oracle@orcl as sysdba
>> > Connected.
>> > 18:51:49 SQL> disc
>> > Disconnected from Oracle Database 10g Enterprise Edition Release
>> > 10.2.0.1.0 - Production
>> > With the Partitioning, OLAP and Data Mining options
>>
>> > So, my conclusion (is that truth?):
>>
>> > I can change password for sys in password file with "alter user sys
>> > identified by <passwd>" statement, but
>> > I cannot do that with "alter user sys identified by values '<hash>' "
>> > statement.
>>
>> > Is there anybody who can tell me how to change password for sys in
>> > password file without providing the password itself?
>>
>> IMO disallowing alter user identified by values for SYS is a very good
>> idea of Oracle.
>> If you would allow this this would mean anyone can override the SYS
>> password.
>> So actually I don't see the problem, or you must be changing your SYS
>> password on a crowded public place like St Peter's Square.
>>
>> --
>> Sybrand Bakker
>> Senior Oracle DBA- Skry? citovaný text -
>>
>> - Zobrazi? citovaný text -
>
>Thanks for reply
>
>But I only wanted to know if there is any way how to change password
>for sys except "alter user" statement or orapwd utility because of
>unencrypted password.
>
>Mario K.

I don't see the problem.
Do you have 100 people looking over your shoulder?
Do you work on St. Peters Square?
In front of1600 Pennsylviana Avenue?
If so or if you are a really slow typist, try connecting as SYS and
use the password command, or write a SQL script using the ACCEPT
command with the HIDE clause and the ALTER user command
For the ACCEPT command see
http://download.oracle.com/docs/cd/B...htm#sthref1777

Hopefully you didn't hardcode the SYS password in all of your
scripts.

Hth

--
Sybrand Bakker
Senior Oracle DBA

On 7. Dec., 23:04 h., sybra...@hccnet.nl wrote:
> On Fri, 7 Dec 2007 04:33:31 -0800 (PST), mariok
>
>
>
>
>
> <mario.kacko...@gmail.com> wrote:
> >On 7. Dec., 11:43 h., sybrandb <sybra...@gmail.com> wrote:
> >> On Dec 6, 7:09 pm, mariok <mario.kacko...@gmail.com> wrote:
>
> >> > Extract from manual tells:
>
> >> > "If you issue the ALTER USER statement to change the password for SYS
> >> > after connecting to the database, both the password stored in the data
> >> > dictionary and the password stored in the password file are updated,
> >> > but..."
>
> >> > on my O10gR2 database it works as follows:
>
> >> > 18:37:15 SQL> conn sys/oracle@orcl as sysdba
> >> > Connected.
> >> > 18:46:27 SQL> select username, password from dba_users where
> >> > username='SYS';
>
> >> > USERNAME PASSWORD
> >> > --------------- ------------------------------
> >> > SYS 8A8F025737A9097A
>
> >> > 18:48:12 SQL> alter user sys identified by ora;
>
> >> > User altered.
>
> >> > 18:48:59 SQL> select username, password from dba_users where
> >> > username='SYS';
>
> >> > USERNAME PASSWORD
> >> > --------------- ------------------------------
> >> > SYS 03EA201D12FA4679
>
> >> > 18:49:02 SQL> conn sys/ora@orcl as sysdba
> >> > Connected.
> >> > 18:49:17 SQL> alter user sys identified by values
> >> > '8A8F025737A9097A'; !!! password is oracle !!!
>
> >> > User altered.
>
> >> > 18:50:21 SQL> conn sys/oracle@orcl as sysdba
> >> > ERROR:
> >> > ORA-01031: insufficient privileges !!! I cannot connect
> >> > because password isn't changed in passwordfile !!!
>
> >> > Warning: You are no longer connected to ORACLE.
> >> > 18:50:31 SQL> conn sys/ora@orcl as sysdba
> >> > Connected.
> >> > 18:51:14 SQL> alter user sys identified by oracle;
>
> >> > User altered.
>
> >> > 18:51:25 SQL> select username, password from dba_users where
> >> > username='SYS';
>
> >> > USERNAME PASSWORD
> >> > --------------- ------------------------------
> >> > SYS 8A8F025737A9097A
>
> >> > 18:51:34 SQL> conn sys/oracle@orcl as sysdba
> >> > Connected.
> >> > 18:51:49 SQL> disc
> >> > Disconnected from Oracle Database 10g Enterprise Edition Release
> >> > 10.2.0.1.0 - Production
> >> > With the Partitioning, OLAP and Data Mining options
>
> >> > So, my conclusion (is that truth?):
>
> >> > I can change password for sys in password file with "alter user sys
> >> > identified by <passwd>" statement, but
> >> > I cannot do that with "alter user sys identified by values '<hash>' "
> >> > statement.
>
> >> > Is there anybody who can tell me how to change password for sys in
> >> > password file without providing the password itself?
>
> >> IMO disallowing alter user identified by values for SYS is a very good
> >> idea of Oracle.
> >> If you would allow this this would mean anyone can override the SYS
> >> password.
> >> So actually I don't see the problem, or you must be changing your SYS
> >> password on a crowded public place like St Peter's Square.
>
> >> --
> >> Sybrand Bakker
> >> Senior Oracle DBA- Skry? citovaný text -
>
> >> - Zobrazi? citovaný text -
>
> >Thanks for reply
>
> >But I only wanted to know if there is any way how to change password
> >for sys except "alter user" statement or orapwd utility because of
> >unencrypted password.
>
> >Mario K.
>
> I don't see the problem.
> Do you have 100 people looking over your shoulder?
> Do you work on St. Peters Square?
> In front of1600 Pennsylviana Avenue?
> If so or if you are a really slow typist, try connecting as SYS and
> use the password command, or write a SQL script using the ACCEPT
> command with the HIDE clause and the ALTER user command
> For the ACCEPT command seehttp://download.oracle.com/docs/cd/B19306_01/server.102/b14357/ch1200...
>
> Hopefully you didn't hardcode the SYS password in all of your
> scripts.
>
> Hth
>
> --
> Sybrand Bakker
> Senior Oracle DBA- Skry» citovaný text -
>
> - Zobrazi» citovaný text -

Thanks for reply, once more

But the ACCEPT command isn't the issue.

I have to make this clear:
There are more then 100-databases on more then 50-servers in my
company.
My duty is to change passwords for more then 1000 database
users(schemas, actually) including user SYS on a regular basis.
I cannot do that by typing passwords. I have to automate this process
and therefore I want to use "alter user <usr> identified by values
'<hash>'" statement.
But user SYS is the issue.

Mario K.

On Sat, 8 Dec 2007 14:25:33 -0800 (PST), mariok
<mario.kackovic@gmail.com> wrote:

>I have to make this clear:
>There are more then 100-databases on more then 50-servers in my
>company.
>My duty is to change passwords for more then 1000 database
>users(schemas, actually) including user SYS on a regular basis.
>I cannot do that by typing passwords. I have to automate this process
>and therefore I want to use "alter user <usr> identified by values
>'<hash>'" statement.
>But user SYS is the issue.
>
>Mario K.


SYS is not the issue.
The issue it took you almost a day to specify the problem correctly.

I think you should investigate centralized password management as
provided by Oracle Internet Directory and/or LDAP.
I could suggest using UTL_FILE.PUT_LINE and UTL_FILE.GET_LINE to get
passwords across, but then you probably start to nag about unencrypted
passwords again. I also could suggest running orapwd on multiple
databaes, and receive the same complaint.
I can only hope you did disable O/S authentication on that mess,
because if you didn't your request is just a big joke.


--
Sybrand Bakker
Senior Oracle DBA

On 9. Dec., 00:08 h., sybra...@hccnet.nl wrote:
> On Sat, 8 Dec 2007 14:25:33 -0800 (PST), mariok
>
> <mario.kacko...@gmail.com> wrote:
> >I have to make this clear:
> >There are more then 100-databases on more then 50-servers in my
> >company.
> >My duty is to change passwords for more then 1000 database
> >users(schemas, actually) including user SYS on a regular basis.
> >I cannot do that by typing passwords. I have to automate this process
> >and therefore I want to use "alter user <usr> identified by values
> >'<hash>'" statement.
> >But user SYS is the issue.
>
> >Mario K.
>
> SYS is not the issue.
> The issue it took you almost a day to specify the problem correctly.
>
> I think you should investigate centralized password management as
> provided by Oracle Internet Directory and/or LDAP.
> I could suggest using UTL_FILE.PUT_LINE and UTL_FILE.GET_LINE to get
> passwords across, but then you probably start to nag about unencrypted
> passwords again. I also could suggest running orapwd on multiple
> databaes, and receive the same complaint.
> I can only hope you did disable O/S authentication on that mess,
> because if you didn't your request is just a big joke.
>
> --
> Sybrand Bakker
> Senior Oracle DBA

Thanks very much,
I will try suggestions.

Mario K.