AFPASSWD Utility:(in Use from R12.1.2)
AFPASSWD is an enhanced version of FNDCPASS, and includes the following features:
● AFPASSWD only prompts for passwords required for the current operation, allowing separation of duties between applications administrators and database administrators. This also improves interoperability with Oracle Database Vault. In contrast, the FNDCPASS utility currently requires specification of the APPS and the SYSTEM usernames and corresponding passwords, preventing separation of duties between applications administrators and database administrators.
●● When changing a password with AFPASSWD, the user is prompted to enter the new password twice to confirm.
●●● AFPASSWD can be run from the database tier as well as the application tier. In contrast, FNDCPASS can only be run from the application tier.
FNDCPASS will continue to be shipped with Oracle E-Business Suite, and customers can migrate to the AFPASSWD utility at their discretion.
Note: Migration to hash passwords is one-time, one-way operation that cannot be undone without a system restore from backup. Please make sure you have a backup of your system prior to running FNDCPASS USERMIGRATE.
Use this command to convert all local Oracle Application User encrypted passwords to a non-reversible, non-recoverable hash scheme:
FNDCPASS <logon> 0 Y <system/password> <mode> <algorithm>
FNDCPASS apps/apps 0 Y system/manager USERMIGRATE SHA
Note: Currently only the SHA hash algorithm is supported. Other hash algorithms may be supported in the future.
The FNDCPASS log file is written to the directory where FNDCPASS was executed. Please check this log file for the status of the migration. This log file contains information regarding the results of USERMIGRATE. This includes any problems encountered and contains information about the number of users migrated successfully and indicates why other users were not migrated successfully.
Users migrated successfully : 1847
Users with External passwords : 0
Users with Invalid passwords : 4
Users not migrated : 1 of 1852
System was successfully converted to hash mode.
Check the following note for Known Issues after converting to Hash Mode:
FNDCPASS Utility New Feature: Enhance Security With Non-Reversible Hash Password [ID 457166.1]
Usage:
AFPASSWD [-c <APPSUSER>] [-f <FNDUSER>]
AFPASSWD [-c <APPSUSER>] [-o <DBUSER>]
AFPASSWD [-c <APPSUSER>] [-a]
AFPASSWD [-c <APPSUSER>] [-l <ORACLEUSER> [<TRUE>] | [<FALSE>]]
AFPASSWD [-c <APPSUSER>] [-L [<TRUE>] | [<FALSE>]]
AFPASSWD [-c <APPSUSER>] [-s] <APPLSYS>
●● -f {FNDUSER} - Changes the password for an Applications user. A username that contains spaces must be enclosed in double quotation marks; for example, "JOHN SMITH".
●● -o {DBUSER} - Changes the password for an Oracle E-Business Suite database user. Note: This only applies to users listed in the FND_ORACLE_USERID table, not database users in general.
●● -a - Changes all Oracle (ALLORACLE) passwords (except the passwords of APPS, APPLSYS, APPLSYSPUB) to the same password, in the same way as the ALLORACLE mode does in FNDCPASS.
●● -l - Locks individual {ORACLE_USER} users (except required schemas). {TRUE} = LOCK, {FALSE} = UNLOCK.
●● -L - Locks all Oracle (ALLORACLE) users (except required schemas). {TRUE} = LOCK, {FALSE} = UNLOCK.
●● -s {APPLSYS} - Changes the password for the APPLSYS user and the APPS user. This requires the execution of AutoConfig on all tiers.
●● -h - Displays help.
No comments:
Post a Comment