GLAST Infrastructure How-to-Fix : How to change Oracle passwords
This page last changed on Aug 24, 2009 by karen.

Overview

SLAC policy requires Oracle passwords to be changed every six months. If they are not changed the account will become locked out and things will stop working. GLAST currently uses the following Oracle accounts:

Account Usage Databases
GLAST_DP_TEST Pipeline, Data Catalog, Data Monitoring PROD,DEV,TEST
GLASTGEN Group Manager, Administrative Controls, Shift Information etc. PROD,DEV,TEST
GLAST_RSP   PROD,DEV,TEST
GLAST_ASP   PROD,DEV,TEST
GLAST_DATA System Test Monitoring PROD
LAT Read only account for accessing other accounts PROD,DEV,TEST
GLASTTREND ISOC housekeeping trending data PROD,DEV,TEST

Changing a password

To make the process of changing passwords simpler we use "Oracle Wallet" to store all of our passwords, so changing a password consists of two steps

  1. Change the account password in oracle
  2. Quickly update wallet to have the same password

Prerequisites:

  • You will need to be able to log in to the glast account (more info) (on e.g. glastlnx07) or have write access to the wallet from your account
  • You will need to know the oracle account you want to change the password for (oracleAccount)
  • You will need to know the alias used for the oracle account you want to use (oracleAlias)
    • grep oracleAccount ~glast/oracle/admin/tnsnames.ora
  • You will need to know the old password for the account you want to change (oldPassword)
  • You will need to decide on a new password (newPassword)
  • You will need to know the oracle wallet password (in escrow as oraclewallet) (walletPassword)

A script exists to perform both steps of changing the password:

glast@glastlnx07 $ ~glast/oracle/bin/changeOraclePassword
(oracleAccount): glast_dp_test
(oracleAlias): pipeline-ii
(oldPassword):
(newPassword):
(walletPassword):

Note, after changing the oracle password your will have to notify developers of the new password so that they can use it in their personal settings for DBVis, Netbeans etc.

Caution:
When changing passwords Oracle requires that a new pw have a minimum of 3 different characters and/or sybmols.
The wallet password is reset before the oracle password. If Oracle rejects the new password, the two pw become out of sync. When this happend one way to fix the problem is to ask SCCS dbadmins to reset the oracle password to match the wallet password. A second way is to have Tony reset the new wallet password back to the old one and the reset again using a password that conforms to the change password rule.
Suggestions:
1- In wallet code, alter the oracle password and then the wallet. If the oracle pw fails to be reset the wallet pw will remain unchanged.
2- do not use the oracle password command to reset the password. Use the actual Oracle command.
3- Be very careful when typing in the new password. Suggestion: copy the new pw from a clear text file and the paste it into the wallet command. That way you will know what the new pw actually is.

See Also
Document generated by Confluence on Jan 21, 2010 11:37