Skip to main content

Oracle E-Business Suite Password Management using AFPASSWD

AFPASSWD Utility:

It is an enhanced version of FNDCPASS and includes the following features:
  • It prompts for passwords required for the current operation.
  • It avoids the security risk incurred by entering passwords on the command line for FNDCPASS.
  • User enter the new password twice to confirm.
  • Can be used to migrate Oracle EBS user passwords to a non-reversible hash password scheme.
Note: Always run AutoConfig after changing any system (type 2) password.
Refer : How To Change Applications Passwords Using Applications Schema Password Change Utility (FNDCPASS or AFPASSWD) (Doc ID 437260.1)
 To migrate Oracle E-Business Suite user passwords to a password hashing scheme:
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -m <HASH_MODE> {FULL|BACKGROUND|PARTIAL}
Known issues of AFPASSWD:
  • Adadmin Fails After Schema Password Is Changed Using AFPASSWD (Doc ID 1492939.1)
  • ISSUE DURING AFPASSWD UTILITY RUN (Doc ID 2157967.1)
  • AFPASSWD Relink Fails While Applying R12 Patch With Error Undefined Reference To `iifgcg' (Doc ID 1499357.1)
  • Migrating Password Using AFPASSWD Fails With Error: "Users with Invalid passwords" (Doc ID 2194846.1)
AFPASSWD Usage:
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -f <FNDUSER>
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -o <DBUSER>
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -a
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -l <ORACLEUSER> {TRUE|FALSE}
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -L {TRUE|FALSE}
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -s <APPLSYS>
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -h
These options have the following functions:
-c <APPSUSER>[@<TWO_TASK>]:
Specifies the connection string to use, the Oracle E-Business Suite user, and/or the value of TWO_TASK.
Can be use in combination with others. Default values from the environment will be used.
-f <FNDUSER>:
Changes password for an Oracle E-Business Suite user.
User name that with spaces or special characters must be enclosed in double quotation marks;
For example, "JO BAY" or "JO.BAY@EXAMPLE.COM"..
-o <DBUSER>:
Changes the password for an Oracle EBS database user.
Note: This only applies to users listed in the FND_ORACLE_USERID table, not database users in general.
-a:
Changes all Oracle passwords for schemas that are registered as base product schemas in the FND_ORACLE_USERID table (
excluding the passwords of APPS, APPLSYS, and APPS_NE) to the same password, in the same way as the ALLORACLE mode does in FNDCPASS.
-l:
Locks or unlocks an individual Oracle EBS database user (ORACLE_USER) (except required schemas).
Specify TRUE to lock or FALSE to unlock.
-L:
Locks or unlocks all Oracle EBS database users (except required schemas). Specify TRUE to lock or FALSE to unlock.
-s <APPLSYS>:
Changes the password for the APPLSYS user, the APPS user, and the APPS_NE user.
This requires the execution of AutoConfig on all tiers. After changing the APPLSYS password, you must also perform the steps to Update WLS Data Source.
-h:
Displays help.
 

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

MySQL InnoDB cluster troubleshooting | commands

Cluster Validation: select * from performance_schema.replication_group_members; All members should be online. select instance_name, mysql_server_uuid, addresses from  mysql_innodb_cluster_metadata.instances; All instances should return same value for mysql_server_uuid SELECT @@GTID_EXECUTED; All nodes should return same value Frequently use commands: mysql> SET SQL_LOG_BIN = 0;  mysql> stop group_replication; mysql> set global super_read_only=0; mysql> drop database mysql_innodb_cluster_metadata; mysql> RESET MASTER; mysql> RESET SLAVE ALL; JS > var cluster = dba.getCluster() JS > var cluster = dba.getCluster("<Cluster_name>") JS > var cluster = dba.createCluster('name') JS > cluster.removeInstance('root@<IP_Address>:<Port_No>',{force: true}) JS > cluster.addInstance('root@<IP add>,:<port>') JS > cluster.addInstance('root@ <IP add>,:<port> ') JS > dba.getC...
Post a Comment
Read more

InnoDB cluster Remove Instance Force | Add InnoDB instance

InnoDB cluster environment UUID is different on node: To fix it stop group replication, remove instance (use force if require), add instance back Identify the node which is not in sync: Execute following SQL statement on each node and identify the node has different UUID on all nodes. mysql> select * from mysql_innodb_cluster_metadata.instances; Stop group replication: Stop group replication on the node which does not have same UUID on all nodes. mysql > stop GROUP_REPLICATION; Remove instances from cluster: Remove all secondary node from the cluster and add them back if require. $mysqlsh JS >\c root@<IP_Address>:<Port_No> JS > dba.getCluster().status() JS > dba.getCluster () <Cluster:cluster_name> JS > var cluster = dba.getCluster("cluster_name"); JS >  cluster.removeInstance('root@<IP_Address>:<Port_No>'); If you get "Cluster.removeInstance: Timeout reached waiting......" JS > cluster.removeInstance(...
2 comments
Read more

Oracle E-Business Suite Online Patch Phases executing adop

Following description about Oracle E-Business Suite is high level and from documentation https://docs.oracle.com/cd/E26401_01/doc.122/e22954/T202991T531062.htm#5281339 for in depth and detail description refer it. The online patching cycle phases: Prepare Apply Finalize Cutover Cleanup Prepare phase: Start a new online patching cycle, Prepares the environment for patching. $ adop phase=prepare Apply phase: Applies the specified patches to the environment. Apply one or more patches to the patch edition. $ adop phase=apply patches=123456,789101 workers=8 Finalize phase: Performs any final steps required to make the system ready for cutover. Perform the final patching operations that can be executed while the application is still online. $ adop phase=finalize Cutover phase: Shuts down application tier services, makes the patch edition the new run edition, and then restarts application tier services. This is the only phase that involves a brief ...
Post a Comment
Read more