事情是這樣的,前幾天墨天輪上問答區(qū)有個(gè)問題 “Oracle 用戶密碼已經(jīng)過期,但不知道原密碼的情況下,如何解決”?那么該怎么解決呢?肯定是重置密碼呀?
一、重置新密碼
當(dāng)用戶 Scott 密碼過期后,首先采取的辦法就是重置密碼,但是,如果你知道原來的密碼是什么,沒有其他密碼策略限制的情況下,那么可以繼續(xù)重置密碼為此,如下示例:
ALTER USER SCOTT IDENTIFIED BY SCOTT;
--然后設(shè)置密碼過期策略無限制
ALTER PROFILE DEFAULT limit FAILED_LOGIN_ATTEMPTS UNLIMITED PASSWORD_LIFE_TIME UNLIMITED;
還有一種情況就是重置此用戶密碼時(shí)不知道原密碼是什么,重置為一個(gè)新密碼后,涉及到的所有應(yīng)用都需要修改密碼,對于過于復(fù)雜的老系統(tǒng),涉及到的應(yīng)用又比較多,如要改密碼則是牽一發(fā)而動全身,所以也就很少改密碼。
當(dāng)遇到密碼過期后,有些項(xiàng)目組是不希望修改為新密碼的,不想動應(yīng)用想繼續(xù)用原來的老密碼(當(dāng)然這是不安全的,對于重要的系統(tǒng)建議定期修改密碼)。但是和你對接的項(xiàng)目組人又不知道原密碼是啥,應(yīng)用連接串里又配置的是密文,沒法查看密碼或者密碼丟失。
在這種情況下,希望重置為原來的密碼,當(dāng)然也是可以的,應(yīng)該有兩種方案可以使用,演示如下:
二、重置為原密碼
Oracle 11g 的密碼密文存在 user$ 的 password 字段,我們可以直接修改此表的 password 列。
現(xiàn)在將新改為 tiger 的 Scott 密碼過期,然后我們通過 user$ 的 password 字段值來修改一下密碼。
SQL> alter user scott password expire;
User altered.
SQL> select username,account_status,u.password from dba_users,user$ u where username=name and username='SCOTT';
USERNAME ACCOUNT_STATUS PASSWORD
------------------------------ -------------------------------- ------------------------------
SCOTT EXPIRED F894844C34402B67
SQL> alter user scott identified by values 'F894844C34402B67';
User altered.
記得以前在項(xiàng)目組的時(shí)候,業(yè)務(wù)要求將測試某一個(gè)用戶的密碼改為何生產(chǎn)用戶一樣的密碼,但又不知道生產(chǎn)用戶的明文密碼,這就很難辦了,只能在生產(chǎn)上查詢此用戶的密文拿過來改到測試環(huán)境,如下示例:
SQL> select NAME,PASSWORD,SPARE4 from user$ where name='SCOTT';
NAME PASSWORD
------------------------------ ------------------------------
SPARE4
--------------------------------------------------------------------------------
SCOTT CDC57F9E62A38D03
S:3BF46B2AC692CD7CD80082CB6C7C4B1C323F8A0CE044F1B477ADE2BE807E
alter user scott identified by values 'S:3BF46B2AC692CD7CD80082CB6C7C4B1C323F8A0CE044F1B477ADE2BE807E';
或者
alter user scott identified by values 'CDC57F9E62A38D03';
如上,PASSWORD 和 SPARE4 列的密文都可以拿來重置密碼,在他的問題中我是采用獲取 DDL 創(chuàng)建用戶的語句來獲取密碼的,VALUES 后面以 “S” 開頭的就是密碼密文,拿來直接用就行,如下示例:
SQL> set line 456 pages 9999 long 9999
SQL> select dbms_metadata.get_ddl('USER','SCOTT') from dual;
DBMS_METADATA.GET_DDL('USER','SCOTT')
--------------------------------------------------------------------------------
CREATE USER "SCOTT" IDENTIFIED BY VALUES 'S:142DB0E3EA4D
11294B1296218ACD830E20888454AA02B3DF82C7
BE902ECE;CDC57F9E62A38D03'
DEFAULT TABLESPACE "USERS"
TEMPORARY TABLESPACE "TEMP"
SQL> conn scott/scott
Connected.
SQL> conn / as sysdba
Connected.
SQL> alter user scott identified by tiger;
User altered.
SQL> conn scott/tiger
Connected.
SQL> conn / as sysdba
Connected.
SQL> alter user scott identified by VALUES 'S:142DB0E3EA4D11294B1296218ACD830E20888454AA02B3DF82C7BE902ECE;CDC57F9E62A38D03';
User altered.
SQL> conn scott/scott
Connected.
三、19c 中密碼的差異
在 Oracle 19c 的表 USER$ 列 password 有時(shí)候是空的,那么可以用 SPARE4 字段的值,DDL 獲取創(chuàng)建用戶的語句中就是 SPARE4 的值。
$ sqlplus / as sysdba
SQL*Plus: Release 19.0.0.0.0 - Production on Thu May 19 10:47:44 2022
Version 19.12.0.0.0
Copyright (c) 1982, 2021, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.12.0.0.0
SQL> select dbms_metadata.get_ddl('USER','DBZUSER') from dual;
DBMS_METADATA.GET_DDL('USER','DBZUSER')
--------------------------------------------------------------------------------
CREATE USER "DBZUSER" IDENTIFIED BY VALUES 'S:39FF8B00F2
63D067EF506F58798275FF0291D7EC8EB63D8C57
08806D0C07;T:CBE28DB056745AAABE8B4228E0B
50F516FBCADB0D295F691F4D211F062D4F1380BC
CD3D4F83E0CF96FDDD2479C3D89EFCA3DC9AD1B7
0FA9F2B16C42F75AC5A6CD3CFE8EC1DAA8441BC4
A12B338845F72'
DEFAULT TABLESPACE "LOGMINER_TBS"
TEMPORARY TABLESPACE "TEMP"
PASSWORD EXPIRE
Elapsed: 00:00:01.37
SQL> alter user DBZUSER IDENTIFIED BY
10:44:16 2 VALUES 'S:39FF8B00F263D067EF506F58798275FF0291D7EC8EB63D8C5708806D0C07;T:CBE28DB056745AAABE8B4228E0B50F516FBCADB0D295F691F4D211F062D4F1380BCCD3D4F83E0CF96FDDD2479C3D89EFCA3DC9AD1B70FA9F2B16C42F75AC5A6CD3CFE8EC1DAA8441BC4A12B338845F72';
User altered.
Elapsed: 00:00:00.93
SQL> conn DBZUSER/dbzuser
Connected.
SQL> conn / as sysdba
SQL> col SPARE4 for a250
SQL> set line 288
SQL> select NAME,PASSWORD,SPARE4 from user$ where name='DBZUSER';
NAME PASSWORD SPARE4
------------ ------------ ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
DBZUSER S:39FF8B00F263D067EF506F58798275FF0291D7EC8EB63D8C5708806D0C07;T:CBE28DB056745AAABE8B4228E0B50F516FBCADB0D295F691F4D211F062D4F1380BCCD3D4F83E0CF96FDDD2479C3D89EFCA3DC9AD1B70FA9F2B16C42F75AC5A6CD3CFE8EC1DAA8441BC4A12B338845F72
好了,今天已經(jīng)很晚了,就先這樣吧,朋友們?nèi)缬衅渌煌娊猓瑲g迎一起來討論。全文完,希望可以幫到正在閱讀的你,如果覺得有幫助,可以分享給你身邊的朋友,同事,你關(guān)心誰就分享給誰,一起學(xué)習(xí)共同進(jìn)步~~~
?? 歡迎關(guān)注我的公眾號,來一起玩耍吧!!!
————————————————————————————
公眾號:JiekeXu DBA之路
墨天輪:http://www.sunline.cc/u/4347
CSDN :https://blog.csdn.net/JiekeXu
騰訊云:https://cloud.tencent.com/developer/user/5645107
————————————————————————————
