Lesson 11 | Changing a user's Password |
Objective | Change a user's password using both GUI and command-line methods. |
Changing a User's Password
Sooner or later, one of your users is going to forget his or her password. You can reset a user's password by using the ALTER USER
command. The following example shows the password for the user named COIN_ADMIN
being changed to FORGETFUL
.
SQL> ALTER USER coin_admin IDENTIFIED BY forgetful;
User altered.
Users can change their own passwords using this command, but only the DBA can change a password for someone else.
You also can use Security Manager, which has an easy-to-use GUI interface, to change a user's password.
The following Simulation walks you through this process:
Steps To Changing Security Manager Password
As a DBA, you can exert some control over how users manage their passwords.
You can force periodic password changes or you can temporarily change a
user's password.
Password Files
An Oracle password file is a file within the Oracle administrative or software directory structure on disk used to authenticate Oracle system administrators for tasks such as creating a database or starting up and shutting down the database.
The privileges granted through this file are the 1) SYSDBA and 2) SYSOPER privileges.
Authenticating any other type of user is done within the database itself.
Because the database may be shut down or not mounted, another form of administrator authentication is necessary in these cases.
The Oracle command-line utility orapwd creates a password file if one does not exist or is damaged. Because of the extremely high privileges granted via this file, it should be stored in a secure directory location that is not available to anyone except for
DBAs and operating system administrators. Once this file is created, the initialization parameter REMOTE_LOGIN_PASSWORDFILE should be set to EXCLUSIVE to allow users other than SYS to use the password file.
Also, the password file must be in the $ORACLE_HOME/dbs directory.
TIP: Create at least one user other than SYS or SYSTEM who has DBA privileges for daily administrative tasks. If there is more than one DBA administering a database, each DBA should have their own account with DBA privileges.
Changing Users Password - Exercise