System Level Passwords

[THoey]

I am pretty sure I already know the answer to this question, but I don't like it.

About a year ago, I got assigned a Unix server with an Oracle 7.3.4 database running on it. We had a Unix System Administrator officially assigned to it and a Oracle DBA that, although not officially assigned, would perform duties on it as needed.

Since then, that Oracle DBA left the company. His replacement for all of the projects that he was officially assigned to, came on board, but pretty much refused to work on that server, since he wasn't officially assigned to it. I asked the Unix Administrator who would be the "DBA" for it and she said that her and I would do what we could and we could get help if we really needed it. With my Oracle experience, I was fine with that.

Well, since then, the Unix Admin has also left. She handed off all of her responsibilities to a developer that I work with, who has done a fine job. Until... I found out that I know more passwords to the Oracle than he does.

We have an OS authenticated account that has DBA privileges, but that is the best we have. And even it doesn't have Admin privileges (able to grant DBA privileges). No passwords for the SYS or SYSTEM level accounts.

I know this is a scary question, but is there any way to change the SYS or SYSTEM passwords so that we have them or a backdoor into the database? Maybe even a decryption script that will give us the current passwords. I gather not, since all security would be out the door, but I figured it was worth a try...

Thanks for any help...
[sig]<p>Terry M. Hoey<br><a href=mailto:th3856@txmail.sbc.com>th3856@txmail.sbc.com</a><br><a href= > </a><br>Ever notice that by the time that you realize that you ran a truncate script on the wrong instance, it is too late to stop it?[/sig]

 

[karluk]

You can set the internal password with the ORAPWD command. I work in Oracle on NT, but I'm fairly sure that this command will work in Unix too. Oracle is supposed to be fairly platform independent.

As I recall the syntax is ORAPWD FILENAME='filename' PASSWORD='newpassword'. The advantage of this command is that it is an O/S command, so you can run it without needing to log on to Oracle or know any passwords.

Once you connect as internal, obviously you should reset all the passwords of the other administrator ids. [sig][/sig]

 

[THoey]

Karluk,

Thanks for the response. As I was wandering through Oracle's Tech site yesterday, I saw that and was going to try it. But then I saw something else. The DEFAULT password that is created when Oracle is installed. Nah, they had to have changed it. These people are too anal to leave a default password. Doh!!!

I'm in and have changed all the passwords. I also created a list of these new passwords and distributed them as necessary like what should have been done in the first place.

Again, thanks for the info...
[sig]<p>Terry M. Hoey<br><a href=mailto:th3856@txmail.sbc.com>th3856@txmail.sbc.com</a><br><a href= > </a><br>Ever notice that by the time that you realize that you ran a truncate script on the wrong instance, it is too late to stop it?[/sig]