05-17-2009 7:26 AM
Hello
We have forgot the password for SAP* and DDIC in Client 000, We did not have any other user in that client . Can some one tell me how to reset the password of SAP*
Os:Unix
Database :Oracle
Thanks
haynes
05-17-2009 8:12 AM
05-17-2009 11:18 AM
Hi Haynes,
This is how you can proceed to reset the password for SAP*.
Please log into oracle.
1. Delete the user master record for SAP* from table USR02 by executing the below oracle statement.
Delete from sap<sid>.usr02 where bname = 'SAP*' and mandt = '000'
2.Try to login to '000' using SAP* & default password
pass and check.
3.If login is not possible, check the value of the profile parameter login/no_automatic_user_sapstar in RZ11.If the value of this parameter is > 0, that means the special attribute of SAP* is deactivated.
4.For reinstating the same, set the value of the parameter login/no_automatic_user_sapstar to 0 and then bounce the SAP system.
Now, you will be able to login to '000' using SAP* and password as PASS.After you have successfully logged into '000' with SAP* you can also reset the password for user DDIC.
Thanks,
Saby..
05-17-2009 11:51 AM
Hi
first maintain the login/no_automatic_user_sapstar parameter to set it to 0 in instance profile, try to refer the following link
and then reset the SAP* from database level, try to refer
http://www.uber-goober.com/forums/showthread.php?t=100598
Bhudev
05-19-2009 12:41 PM
Hi,
the password hash is based per system.
So IF you have a real emergency you should use the SAP*/PASS option, but you can also use another HACK.
Remember that this is done by modifying the database and it might destroy data.
But all you have to do is update the password field in the client you do not know, with the password hash from the client you know the password is working.
Example SQL-syntax.
UPDATE usr02 set BCODE=(select bcode from usr02 where bname='SAP' and mandt='100') where bname='SAP' and mandt='000'
Please note that SAP does not recommend these activities and neither them or I will take any responsibility.
And always remember to take a backup before you start similar activities.
Regards Fredrik
05-23-2009 8:56 PM
Thanks for adding the disclaimers...
Actually, the hash did not have a system attribute either in older releases.
In higher releases, the system does not use USR02-BCODE but rather USR02-PASSCODE, which has both a system and client specific attribute - so you cannot "hack" nor "synchronize" passwords of existing users accross logical or physical system boundaries.
If you want to protect yourself against this, you should try to achieve setting parameter login/password_downwards_compatibility = 0 and wait 90 days, etc...
If you search the forum here for the word "cardinality" you will find more infos on this.
Cheers,
Julius