Forgot your password?    
+ Reply to Thread
Results 1 to 1 of 1

Thread: FNDCPASS to Change Passwords

  1. #1
    Expert Oracle Administrator
    Join Date
    Oct 2011
    Location
    New Delhi, India
    Posts
    427

    FNDCPASS to Change Passwords

    Using FNDCPASS

    Usage: FNDCPASS logon 0 Y system/password mode username new_password
    where logon is username/password[@connect]
    system/password is password of the system account of that database

    mode is SYSTEM/USER/ORACLE

    username is the username where you want to change its password

    new_password is the new password in unencrypted format

    0 & Y are flags for FND Executable like FNDCPASS & FNDLOAD where

    0 is request id (request ID 0) is assigned to request ID's which are not submitted via Submit Concurrent Request Form.

    'Y' indicates the method of invocation. i.e. it is directly invoked from the command-line not from the Submit Request Form.

    example FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS WELCOME
    FNDCPASS apps/apps 0 Y system/manager ORACLE GL GL1
    FNDCPASS apps/apps 0 Y system/manager USER VISION WELCOME




    A) CHANGE APPS / APPLSYS Password

    FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS WELCOME
    is for changing the password for apps and applsys. These are the database schema users (most important for application to work). Password for both these users should be in synch. You can change the password of these users using this command. Note that this is the only way to change the password for apps and applsys. Please do not try any other method for changing apps and applsys password. Oracle recomends using FNDCPASS only to change apps and applsys password. Also note that using this command will change the password for both apps and applsys.

    Following activities will take place

    (1) applsys validation. (make sure APPLSYS name is correct)
    (2) re-encrypt all password in FND_USER
    (3) re-encrypt all password in FND_ORACLE_USERID
    (4) update applsys’s password in FND_ORACLE_USERID table.
    (5) Update apps password in FND_ORACLE_USERID table.

    Also changes are made in DBA_USERS table.

    B) CHANGE ORACLE APPS USER PASSWORDS
    FNDCPASS apps/apps 0 Y system/manager ORACLE GL GL1
    is for changing password for any other product schema like MSC, GL etc.
    Following activities will take place

    (1) update GL’s password in FND_ORACLE_USERID table. The new password is re-encrypted with the current applsys password.

    If GL does not exists, step (2) below does not happen. Message for invalid oracle user is written in the log file.

    (2) alter user to change GL’s password.

    C) CHANGE APPLICATION USER (front end) PASSWORDS

    FNDCPASS apps/apps 0 Y system/manager USER VISION WELCOME
    is for changing the application level passwords like sysadmin etc used for logging into application.

    Following activities will take place

    (1) update VISION’s password in FND_USER table. The new password is re-encrypted with the current applsys password.

    If VISION does not exist, message for invalid application user is written in the log file.
    No products affected by the patch

    When you run FNDCPASS command it will check the integrity of all schema password in the application. If any of the password is corrupt then this will through and error and will not change the password.

    The tables that it uses is FND_USER and FND_ORACLE_USERID. All the application passwords and schema passwords are stored in these two tables.
    DBA_USERS will have the schema users and password stored as well.

    When we run FNDCPASS it will update all the above 3 tables.



    Best practices for using FNDCPASS

    Before using FNDCPASS and changing the passwords from default to some thing else, always follow the following best practices.

    1) Always keep the back of tables FND_USER and FND_ORACLE_USERID. You can take back of these tables using CREATE TABLE — AS SELECT * FROM —.
    You must have backup of these tables before running FNDCPASS. In case if FNDCPASS fails then it might corrupt the passwords of your application and worst can happen that the application wont come up. So always be cautions about this command.

    (You may keep an export dump of these two tables )

    2) Never update apps, applsys or any schema password directly from database using the alter command. Always use FNDCPASS. System password can be set directly using ALTER command in database.

    3) To change APPS/APPLSYS Password , we need to get CM services DOWN.


    Additionally , when we need to change the passwords of all Apps ORACLE Users :
    Use this script to generate FNDCPASS commands to change apps schemas (ORACLE user) passwords

    select 'FNDCPASS apps/apps 0 Y system/manager ORACLE '||oracle_username||' '||'newpassword;' from fnd_oracle_userid
    where oracle_username not in ('APPS','APPS_MRC','APPLSYS','APPLSYSPUB','CTXSYS' ,'EDWREP','PORTAL30_SSO','PORTAL30');


    FNDCPASS- adding ALLORACLE mode and information on usage.
    The FNDCPASS has a new mode, "ALLORACLE", in which all Oracle Application schema passwords can be changed in one shot.

    If your appliaction doesn't currently support this then apply the patch# 4745998 to have this option,

    Syntax:
    FNDCPASS 0 Y ALLORACLE
    Example:
    $ FNDCPASS apps/apps 0 Y system/manager ALLORACLE WELCOME123


    > To change APPS/APPLSYS password, we need to give mode as SYSTEM
    > To change product schema passwords, i.e., GL, AP, AR, etc., we need to give mode
    as ORACLE
    > To change end user passwords, like SYSADMIN, OPERATIONS and SUPPORT etc.
    we need give mode as USER


    Note: Upto 11.5.9 there was a bug in FNDCPASS, Changing APPS&APPLSYS passwords using FNDCPASS could corrupt the data in FND metadata tables which could make application unusable. So it is recommend taking backup of the tables FND_USER and FND_ORACLE_USERID before changing the passwords.


    After changing the APPS/APPLSYS or APPLSYSPUB user, following are the extra manual steps needs to be done.

    If you changed the APPS (and APPLSYS) password, update the password in these files (IN 11i):
    1) iAS_TOP/Apache/modplsql/cfg/wdbsvr.app
    2) ORACLE_HOME/reports60/server/CGIcmd.dat

    If you changed the APPLSYSPUB password, update the password in these files:
    1) FND_TOP/resource/appsweb.cfg
    2) OA_HTML/bin/appsweb.cfg
    3) FND_TOP/secure/HOSTNAME_DBNAME.dbc

    Note: It's suggested that first try changing the passwords using FNDCPASS on your test Instances, If it's successful theen only you should take action on production.

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

DBA Lounge (P) Ltd. deals in Oracle Technologies on Consulting, Resourcing, Corporate Training


Online and corporate training available on Oracle Database 11g, Oracle 11g Real Application Cluster (RAC), Oracle Applications 11i/R12, Oracle Fusion Middleware 11g, Oracle Identity Management-OIM, Oracle Internet Directory 11g-OID, Oracle Business Intelligence Enterprise Edition-OBIEE, Oracle Golden Gate, Oracle Access Management-OAM, Oracle Internet Directory-ODS, Oracle Identity Analytics Architecture-OIA Statistics