cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Change password for SIDADM for OS user

Go to solution
Former Member

on ‎03-29-2010 11:42 AM

0 Kudos

Dear Friends,

We are planning to change the password for <SIDADM> OS user.

Please suggest if this will make any impact on SAP and Database.

Thank in advance.

Regards

Jiggi.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

stefan_koehler
Active Contributor
‎03-29-2010 11:49 AM
0 Kudos

Hello Jiggi,

> Please suggest if this will make any impact on SAP and Database.

it will have no impact on the database connection. The OS authentication of oracle (which is used by SAP for getting the SAP schema password) is based on the OS username itself and not on its password.

For more information: http://www.oracle-base.com/articles/misc/OsAuthentication.php

Regards

Stefan

Show replies
Show replies

Answers (6)

Answers (6)

Former Member
‎04-07-2010 10:35 AM
0 Kudos

Dear Friends,

I got all the information and helpful.

Thanks for your help.

Show replies
Show replies
Former Member
‎04-06-2010 2:32 PM
0 Kudos

Hi,

If you are running on Windows.....

Double check your SAP / Oracle service accounts as they might be running under either of those accounts........

Mark

Show replies
Show replies
Former Member
‎04-06-2010 1:54 PM
0 Kudos

Hi,

I had an issue when two users logged in to the OS level and working on something. One of the user changed the password and the other person, had some problem running the jobs.

Please make sure, that only one user logs in, and avoid frequent password change.

Regards

Jaianandh V

Show replies
Show replies
former_member524429
Active Contributor
‎03-29-2010 11:56 AM
0 Kudos

Hi,

Along with the above suggestions, refer [this useful link|http://help.sap.com/saphelp_nwmobile71/helpdata/en/aa/1dc94af0fa11d3a6510000e835363f/content.htm].

Regards,

Bhavik G. Shroff

Show replies
Show replies
anindya_bose
Active Contributor
‎03-29-2010 11:50 AM
0 Kudos

Hi

Check if any scheduled task or crontab jobs are running in the server with SIDADM user. Then you need to maintain the new password password there also..

For windows system please also check if any services are running with SIDADM ...may be SAPOSCOL runs with sidadm..

Regards

Anindya

Show replies
Show replies
Former Member
‎05-26-2010 1:16 PM
0 Kudos

Dear Sir,

Our bussiness audit team is asking to apply following parameters. But,

we are not aware about consequences.

OS(Solaris)

1) Password parameter MAXWEEKS depicting maximum number of weeks a

password should be set to be 12 weeks.

2) Idle Session Time Out configuration should be enabled and the value

to be set at 300.

3) Configuration CONSOLE=/dev/console should be enabled.

DB(Oracle 10g)

PASSWORD_VERIFY_FUNCTION should be set enforcing password complexity.

PASSWORD_LIFE_TIME (frequency of forced password change) - 90 days.

FAILED_LOGIN_ATTEMPTS (number of unsuccessful log on attempts allowed

before lockout) - 3 -5.

PASSWORD_REUSE_MAX (number of password changes that must occur before a

password can be reused) - 4

PASSWORD_REUSE_TIME (number of days before a password can be reused) -

365

IDLE_TIME (determines the idle session time out) - 60

Change password of u2018OUTLNu2019 and u2018DBSNMPu2019

Note: We are having BIW system integrated with ECC.

Please let me know feasiablity, procedure, steps and recomandations.

Regards

DK

former_member204746
Active Contributor
‎05-26-2010 3:43 PM
0 Kudos

Dharmendra Kumar,

ask your question in the SAP on Unix forum at

volker_borowski2
Active Contributor
‎05-26-2010 9:19 PM
0 Kudos

Just my thoughts :-)<br>

<br>

> 1) Password parameter MAXWEEKS depicting maximum number of weeks a<br>

> password should be set to be 12 weeks.<br>

As you like, no prob in terms of operation.<br>

<br>

> 2) Idle Session Time Out configuration should be enabled and the value<br>

> to be set at 300.<br>

Might be problem i.e. when long running job is needed (reorg / upgrade)<br>

So prepare documented procedure for changing these settings for special operation.<br>

<br>

> 3) Configuration CONSOLE=/dev/console should be enabled.<br>

Seems Ok to me<br>

<br>

> DB(Oracle 10g)<br>

> PASSWORD_VERIFY_FUNCTION should be set enforcing password complexity.<br>

ok<br>

<br>

> PASSWORD_LIFE_TIME (frequency of forced password change) - 90 days.<br>

No good! Enforcing the password change when using sqlplus with the schema user<br>

will end up with the workprocesses not able to connect to the database and thus<br>

probably the wps dying one by one until the system is not operatable.<br>

Do not enforce, but set up a scheduled manual procedure, doing the change with brtools<br>

to maintain the SAPUSER table acordingly.<br>

<br>

> FAILED_LOGIN_ATTEMPTS (number of unsuccessful log on attempts allowed<br>

> before lockout) - 3 -5.<br>

NEVER EVER. Easiest way to do a denial of service attack on the system. <br>

Simply try a dummy password 3 times for the schema user and wait for the system to die.<br>

Insted use firewall and tcp.invited nodes if acces to the DB via net is critical.<br>

Restrict access to OS-Level on DB server to those people who are suposed<br>

to have DB access anyway. After the 10g upgrade the oracle default for this was 10 and<br>

some related note clearly stated to disable this in SAP env.<br>

<br>

> PASSWORD_REUSE_MAX (number of password changes that must occur before a<br>

> password can be reused) - 4<br>

as you like<br>

<br>

> PASSWORD_REUSE_TIME (number of days before a password can be reused) -<br>

> 365<br>

ok<br>

<br>

> IDLE_TIME (determines the idle session time out) - 60<br>

Whoa... A SAP workproces being 60 minutes idle will be enforced to terminate it's DB connection.<br>

Hmmm, well probably it will do an automatic reconnect which will just start another 60 minutes clocktick<br>

and will give you nasty syslog messages. Seems inapropriate for SAP environment.<br>

<br>

> Change password of u2018OUTLNu2019 and u2018DBSNMPu2019<br>

OK and lock these accounts as well<br>

<br>

<br>

All in all, it looks to me like some oracle audit standard stuff not adopted for SAP.<br>

I.E. the user stuff seems more related to a system where individual users log in to the database<br>

and not to the application as in SAP.<br>

<br>

But some things can be done, just to feel better.<br>

<br>

Just my thoughts <br>

Volker<br>

<br>

<br>

PS: I hate it, when this edit box does this to my text!<br>

Anybody has an idea why this happens? This time I even did not use the clipboard...<br>

<br>

... manually inserted breaks to reformat garbled text...<br>

Edited by: Volker Borowski on May 26, 2010 10:19 PM

former_member185031
Active Contributor
‎03-29-2010 11:49 AM
0 Kudos

Nope. We are changing the password each month of our SIDADM and ORASID user. There is no impact as such.

Regards,

Subhash

Show replies
Show replies
Former Member
‎01-31-2011 11:09 AM
0 Kudos

Dear Gentle Man,

Can you share the procedure to change password of <sid>adm and ora<sid> on UnixECC6.0 Oracle?

People suggest different views to change password:

First Option:

login as <sid>adm

Stopsap,

login as root

Change password using passwd at os level of <sid>adm & ora<sid>

login as <sid>adm

startsap

or

Second Option:

login as root.

passwd ora[sid]

passwd [sid]adm

then:

su - ora[sid]

run sapdba_role.sql

do all of this while SAP is down.

or

Change through brtools

sapdba -> (m) user and security ->

(p) - change password

b - user

OPSADM

c - Change password.

This will register the changed password of ADM, same way you can do for ORA<SID>

Please clear confusion....................

Regards

Dharmendra

Ask a Question