FNDCPASS does not check the system password when used to change an applications user account. We can check this with a simple test.
First, we’ll change the SYSTEM password to the default value “manager”:
[code language=”plain”][applmgr@appsrv01 ~]$ sqlplus system
SQL*Plus: Release 8.0.6.0.0 – Production on Thu Apr 23 13:10:17 2009
(c) Copyright 1999 Oracle Corporation. All rights reserved.<!–more–>
Enter password:
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 – Production
With the Partitioning, OLAP and Data Mining Scoring Engine options
SQL> alter user system identified by manager;
User altered.
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 – Production
With the Partitioning, OLAP and Data Mining Scoring Engine options
[applmgr@appsrv01 ~]$ [/code]
Next, we’ll use FNDCPASS to change the SYSADMIN application password using an incorrect value for the SYSTEM password:
[code language=”plain”][applmgr@appsrv01 ~]$ FNDCPASS apps/apps 0 Y system/badpassword USER SYSADMIN sysadmin
Log filename : L4203491.log
Report filename : O4203491.out[/code]
If we cat the log file, we can see the password change was successful:
[code language=”plain”][applmgr@appsrv01 ~]$ cat L4203491.log
+—————————————————————————+
Application Object Library: Version : 11.5.0
Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved.
module:
+—————————————————————————+
Current system time is 23-APR-2009 13:11:39
+—————————————————————————+
+—————————————————————————+
Concurrent request completed successfully
Current system time is 23-APR-2009 13:11:39
+—————————————————————————+
[/code]
Next, we’ll try to change the GL schema password using the same incorrect SYSTEM password:
[code language=”plain”][applmgr@appsrv01 ~]$ FNDCPASS apps/apps 0 Y system/badpassword ORACLE GL gl
Log filename : L4203493.log
Report filename : O4203493.out[/code]
This time, the log shows failure because of an inability to connect as SYSTEM:
[code language=”plain”][applmgr@appsrv01 ~]$ cat L4203493.log
+—————————————————————————+
Application Object Library: Version : 11.5.0
Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved.
module:
+—————————————————————————+
Current system time is 23-APR-2009 13:12:15
+—————————————————————————+
SECURITY-UNABLE TO CONNECT TO SYSTEM
APP-FND-01564: ORACLE error 1403 in changepassword
Cause: changepassword failed due to ORA-01403: no data found.
The SQL statement being executed at the time of the error was: and was executed from the file &ERRFILE.
+—————————————————————————+
Concurrent request completed
Current system time is 23-APR-2009 13:12:15
+—————————————————————————+
[/code]
It appears that FNDCPASS only uses the SYSTEM password when changing a database account, which makes sense, since only the APPS password is required to execute FND_WEB_SEC and change a password in FND_USER.