How to Change Applications Passwords Using Applications Schema Password Change Utility (FNDCPASS or AFPASSWD)? (Doc ID 437260.1)

2022-01-15 07:28:22

How to Change Applications Passwords Using Applications Schema Password Change Utility (FNDCPASS or AFPASSWD)? (Doc ID 437260.1)To Bottom How to Change Applications Passwords Using Applications Schema Password Change Utility (FNDCPASS or AFPASSWD)? (Doc ID 437260.1)
How to Change Applications Passwords Using Applications Schema Password Change Utility (FNDCPASS or AFPASSWD)? (Doc ID 437260.1)

In this Document

  Goal
  Solution
  Using the FNDCPASS Utility:
  Verify the new password.
  Examples:
  Diagnostics & Utilities Community:
  Troubleshooting FNDCPASS
  References

 

APPLIES TO:

Oracle Application Object Library - Version 11.5.10.2 to 12.2 [Release 11.5 to 12.2]
Information in this document applies to any platform.
Reviewed for Relevance 29 Jul 18

GOAL

 

  • The goal of this document is to help understand the process of changing passwords in Oracle Applications. As the Applications directory structure has changed a little, the files that need to be updated have also changed, although the FNDCPASS commands to change/reset the passwords remained pretty much the same.

  • For R12.1.2, an enhanced version of FNDCPASS is available using AFPASSWD noted at the bottom of this document.

SOLUTION

Since changing passwords frequently helps ensure database security, Oracle Applications provides a command line utility, FNDCPASS, to change/reset Oracle Applications schema passwords. This utility changes the password registered in Oracle Applications tables, changes the schema password in the database and can also change user passwords.

NOTE :

  • One cannot change a schema name, such as APPLSYS or GL, after a product is installed, with FNDCPASS.
  • Ensure that the entire Oracle Applications system has been shut down before changing any schema passwords.
  • All users should log out and the Applications system should be down before running this utility. 
  • If Oracle Applications user passwords are being changed then the relevant users should not be logged in. 
  • Before changing any passwords, you should make a backup of the tables FND_USER and FND_ORACLE_USERID.
  • Do not use any special characters in password because FNDCPASS utility does not support special characters.

Autoconfig needs to be run after changing ‘APPLSYSPUB‘ or ‘GUEST‘ user password !

 

Note: SOURCE the environment FIRST.  Ex:

1. Log into the Operating system level by way of the applmgr user.
2. Run the environment script APPSORA.env:
a. cd $APPL_TOP
b. Run APPSORA.env.
c. The above should also run <sid>_<node>.env, but can verify by running it.
d. cd admin.
e. Run adovars.env.

Using the FNDCPASS Utility:

FNDCPASS <APPS username>/<APPS password> 0 Y \

<SYSTEM username>/<SYSTEM password> <token> <username> <new_password>


Please set the <token> depending on your needs:

Note:
The SYSTEM token is used when changing the APPLSYS password.
The ORACLE token is used when changing a SINGLE Applications schema password.
The ALLORACLE token is used when changing ALL Applications schema passwords.
The USER token is used when changing an Applications USER password.

 

Note: Passwords for APPLSYS and the APPS schemas -- including the MRC schema -- must be the same. If you change the password for one, FNDCPASS automatically changes the others. When changing APPS (or APPLSYS) and APPLSYSPUB passwords, do not restart the system until the entire password change process has been completed.

Verify the new password.

If you changed the password for APPS (and APPLSYS), restart all concurrent managers, then log on to Oracle Applications to test the new password.

Examples:

A) To change the APPS and APPLSYS schema password:

Use the following command to change passwords for schema that are used by shared components of Oracle Applications. 

FNDCPASS <logon> 0 Y <system/password> SYSTEM <username> <new_password>

FNDCPASS uses the following arguments when changing the APPLSYS password. When specifying the SYSTEM token, FNDCPASS expects the next arguments to be the APPLSYS username and the new password. 

  • logon                           The Oracle username/password.
  • system/password     The username and password for the SYSTEM DBA account.
  • username                   The APPLSYS username. For example, ‘applsys‘.
  • new_password         The new password.

This command does the following:

  1. Validates APPLSYS.
  2. Re-registers password in Oracle Applications.
  3. Changes the APPLSYS and all APPS passwords (for multi-APPS schema installations) to the same password.
    Because everything with a Privilege Level [set to any of (‘E‘, ‘U‘, ‘D‘)] in the FND_ORACLE_USERID table must always have the same password, FNDCPASS updates these passwords as well as APPLSYS‘s password.
    For example, the APPS password will be updated when the APPLSYS password is changed.
  4. ALTER USER is executed to change the ORACLE password for the above ORACLE users.

For instance, the following command changes the APPLSYS password to ‘WELCOME‘.

FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS WELCOME

 For 12.2 only:

Per "E-Business Suite Maintenance Guide Release 12.2" (No. E22954-21) the following steps are also required:

I. 6-6 Oracle E-Business Suite Maintenance Guide

After changing the APPLSYS password, you must also perform the steps listed in Important Additional Instructions to Update WLS Data Source, page 6-11.

You will then need to run AutoConfig (adautocfg.sh) using <new_password> as the APPS password, and finally restart application tier services using the command. $INST_TOP/admin/scripts/adstrtal.sh.

II. Basic DBA Tasks 6-11

1. Shut down the application tier services using the $INST_TOP/admin/scripts/adstpall.sh script.

2. Change the APPLSYS password, as described for the utility you are using.

3. Start AdminServer using the $INST_TOP/admin/scripts/adadminsrvctl.sh script. Do not start any other application tier services.

4. Change the APPS password in WLS Data Source by running the the following script as shown:

$ perl $FND_TOP/patch/115/bin/txkManageDBConnectionPool.pl

When prompted, select ‘updateDSPassword‘ to change the APPS password in the WLS Datasource.

5. Start all the application tier services using the $INST_TOP/admin/scripts/adstrtal.sh script.

6. Verify the WLS data source changes as follows:

A.Log in to the WLS Administration Console.

B. In the Domain Structure tree, expand Services, then select Data Sources.

C. On the Summary of JDBC Data Sources page, select EBSDataSource.

D. On the Settings for EBSDataSource page, select Monitoring > Testing.

E. Select "oacore_server1".

F. Click Test DataSource.

G. Look for the message "Test of EBSDataSource on server oacore_server1 was successful".

Tip: Steps 4, 5, and 6 above are only applicable when changing the APPLSYS password. They are not applicable when changing passwords for product schemas

B) To change an Oracle Applications schema password (other than APPS/APPLSYS):

 Use this command to change the password of a schema provided by an individual product in Oracle Applications. 

FNDCPASS <logon> 0 Y <system/password> ORACLE <username> <new_password>

Use the above command with the following arguments. When specifying the ORACLE token, FNDCPASS expects the next arguments to be an ORACLE username and the new password.

  • logon                           The Oracle username/password.
  • system/password     The username and password for the SYSTEM DBA account.
  • username                   The Oracle username. For example, ‘GL‘.
  • new_password         The new password.

For example, the following command changes the GL user password to ‘GL1‘.

FNDCPASS apps/apps 0 Y system/manager ORACLE GL GL1


C) To change all ORACLE schema passwords:

 Use this command to change the passwords of all schemas provided by Oracle Applications products. 

FNDCPASS <logon> 0 Y <system/password> ALLORACLE <new_password>

Use the above command with the following arguments. When specifying the ALLORACLE token, FNDCPASS expects the next argument to be the new password.

  • logon                             The Oracle username/password.
  • system/password       The username and password for the SYSTEM DBA account.
  • new_password           The new password.

For example, the following command changes all ORACLE schema passwords to "WELCOME":

FNDCPASS apps/apps 0 Y system/manager ALLORACLE WELCOME


For additional information on the use of ALLORACLE, please reference NOTE 189367.1 - Best Practices for Securing the E-Business Suite


D) To change an Oracle Applications user‘s password:

Use this command to change an individual Oracle Applications user‘s password.

FNDCPASS <logon> 0 Y <system/password> USER <username> <new_password>

Use the above command with the following arguments. When specifying the USER token, FNDCPASS expects the next arguments to be an Oracle Applications username and the new password.

  • logon                            The Oracle username/password.
  • system/password      The username and password for the System DBA account.
  • username                    The Oracle Applications username. For example, ‘VISION‘.
  • new_password          The new password.

For example, if you were changing the password for the user VISION to ‘WELCOME‘, you would use the following command:

FNDCPASS apps/apps 0 Y system/manager USER VISION WELCOME

 

Using the AFPASSWD Utility as of R12.1.2:

 

For Applications release 12.1.2, please reference page 11-8 of the ‘Oracle E-Business Suite System Administrator‘s Guide - Configuration‘ for use of the AFPASSWD utility.  Document 457166.1 must be used for migration from FNDCPASS.

NOTE:
AFPASSWD only prompts for passwords required for the current operation, allowing separation of duties between applications administrators and database administrators.
This also improves interoperability with Oracle Database Vault.
In contrast, the FNDCPASS utility currently requires specification of the APPS and the SYSTEM usernames and corresponding passwords, preventing separation of duties
between applications administrators and database administrators.

When changing a password with AFPASSWD, the user is prompted to enter the new password twice to confirm.


$ AFPASSWD
Usage:
    AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -f <FNDUSER>
    AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -o <ORAUSER>
    AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -a
    AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -l <ORAUSER> {TRUE|FALSE}
    AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -L {TRUE|FALSE}
    AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -s <APPLSYS>

For further details see section "Oracle E-Business Suite Password Management" of the Oracle E-Business Suite Maintenance Guide Release 12.2.

How to Change Applications Passwords Using Applications Schema Password Change Utility (FNDCPASS or AFPASSWD)? (Doc ID 437260.1)

上一篇:Android---mediaplayer 创建和调用顺序


下一篇:Spring ApplicationContext下的refresh()方法