on 11-03-2011 3:11 PM
Hello everyone,
I've got a question regarding SAPNOTE [1519872|https://websmp230.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1519872] because we had the problem on one of our systems.
I've used the script attached to this note which removes the expiration time for user SAPSR3 etc. when I'm now checking which users still have an expiry date i get the following result
SYSTEM 30-OCT-11 OPEN
SYS 30-OCT-11 OPEN
SAPSR3 OPEN
OPS$...\OEPADM 19-SEP-11 OPEN
OPS$...\SAPSERVICEOEP OPEN
Don't we also to remove the expiry date of the OPS$\<sid>adm?
The [SAP help|http://help.sap.com/saphelp_nw04s/helpdata/de/fa/bc883989676778e10000000a11402f/content.htm] says the following
1. When the SAP system accesses the database, it first logs on to the database as user OPS$<operating_system_user>, for example, OPS$<domain>\<sapsid>adm. (The OPS$ user that corresponds to the operating system user must be defined in the database and identified as externally.)
2. It retrieves the password for SAP<SAPSCHEMAID> or SAPR3 from the SAPUSER table.
3. It then logs on to the database as the user SAP<SAPSCHEMAID> or SAPR3.
So as far as i understand the system shouldn`t be able to do 2. and 3. but still the system is running fine. So where is my error in reasoning
Thanks in advance
Marco
Hello Marco,
So as far as i understand the system shouldn`t be able to do 2. and 3.
The user "OPS$...\OEPADM " and "OPS$...\SAPSERVICEOEP" are identified EXTERNALLY. In this case they don't have any password - oracle rely on the OS authentication mechanism - that's it.
You can verify this by running the following query (you will see that the externally identified users will have no password - its just "EXTERNAL"):
-- Oracle 10g
SQL> select USERNAME, PASSWORD, EXPIRY_DATE from dba_users;
-- Oracle 11g
SQL> select USERNAME, PASSWORD, PASSWORD_VERSIONS, EXPIRY_DATE, AUTHENTICATION_TYPE from dba_users;
No password - no expire )
Regards
Stefan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I guess your system is windows. In Windows connection to database happens with OPS$...\SAPSERVICEOEP.
Hence changing the expiry date for OPS$...\OEPADM will not give you much benefit Neither it can stop your day - to - day operations.
Hope this helps.
Regards,
Deepak Kori
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.