cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Question regarding password expiration

Go to solution
Former Member

on ‎11-03-2011 3:11 PM

0 Kudos

Hello everyone,

I've got a question regarding SAPNOTE [1519872|https://websmp230.sap-ag.de/sap(bD1kZSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1519872] because we had the problem on one of our systems.

I've used the script attached to this note which removes the expiration time for user SAPSR3 etc. when I'm now checking which users still have an expiry date i get the following result


SYSTEM                         30-OCT-11       OPEN
SYS                            30-OCT-11       OPEN
SAPSR3                                         OPEN
OPS$...\OEPADM               19-SEP-11       OPEN
OPS$...\SAPSERVICEOEP                        OPEN

Don't we also to remove the expiry date of the OPS$\<sid>adm?

The [SAP help|http://help.sap.com/saphelp_nw04s/helpdata/de/fa/bc883989676778e10000000a11402f/content.htm] says the following

1. When the SAP system accesses the database, it first logs on to the database as user OPS$<operating_system_user>, for example, OPS$<domain>\<sapsid>adm. (The OPS$ user that corresponds to the operating system user must be defined in the database and identified as externally.)

2. It retrieves the password for SAP<SAPSCHEMAID> or SAPR3 from the SAPUSER table.

3. It then logs on to the database as the user SAP<SAPSCHEMAID> or SAPR3.

So as far as i understand the system shouldn`t be able to do 2. and 3. but still the system is running fine. So where is my error in reasoning

Thanks in advance

Marco

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

stefan_koehler
Active Contributor
‎11-03-2011 3:38 PM
0 Kudos

Hello Marco,

So as far as i understand the system shouldn`t be able to do 2. and 3.

The user "OPS$...\OEPADM " and "OPS$...\SAPSERVICEOEP" are identified EXTERNALLY. In this case they don't have any password - oracle rely on the OS authentication mechanism - that's it.

You can verify this by running the following query (you will see that the externally identified users will have no password - its just "EXTERNAL"):


-- Oracle 10g
SQL> select USERNAME, PASSWORD, EXPIRY_DATE from dba_users;
-- Oracle 11g
SQL> select USERNAME, PASSWORD, PASSWORD_VERSIONS, EXPIRY_DATE, AUTHENTICATION_TYPE from dba_users;

No password - no expire )

Regards

Stefan

Show replies
Show replies
Former Member
‎11-03-2011 4:01 PM
0 Kudos

Now that was easy,

thanks a lot to both of you

Answers (1)

Answers (1)

former_member188883
Active Contributor
‎11-03-2011 3:24 PM
0 Kudos

Hi,

I guess your system is windows. In Windows connection to database happens with OPS$...\SAPSERVICEOEP.

Hence changing the expiry date for OPS$...\OEPADM will not give you much benefit Neither it can stop your day - to - day operations.

Hope this helps.

Regards,

Deepak Kori

Show replies
Show replies
Ask a Question