FWIW, storing the password in an environment variable makes the information available to all users with access to a bsd ps on the box.
Are you able to use sudo? You could store the passwords in a central set of files, readable only by specific groups.
Create specific system users and allocate them to the appropriate groups.
You can then allow certain users to run your various scripts as the specific system users. Your script then goes and looks up the file in question for the DB and uses the password contained within.
This also gives you the ability to create a script for retrieving passwords inline for users with the appropriate rights (say admins only?) to use in _any_ script they want.
The local policy is set in our LAN so that passwords have to be 8 characters and contain a capital letter, a small letter and a special character. Is Unix able to restrict users passwords to certain lengths and characters. (1 Reply)
I'm finding the following command very tedious to type in all the time, so I created a one line bash script called mount.bash with the following contents:
mount -t cifs //mark/C\$ -o unc=//mark\\C$,ip=10.1.1.33,user=Administrator,password=$1 /mnt/mark
I don't like the fact that I have to put... (5 Replies)
Hi Unix experts....
I am in the process checking user and root password of more than 1000 servers manulay.
I am very pissed of checking these many servers manualy.
Could some one of you help me how can i check the passwords just by runing some scripts..!
Need Help Guys..! :confused: (5 Replies)
Hi All ,
I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B.
The runscript_B.sh in calls another script runscript_A on server A itself.
it seend, i need to be connect from Server A to Server B using ssh.
I have tryed like this in... (3 Replies)
Hi,
Can anyone tell me how to call a oracle package from a Unix shell script? I want to pass some input parameters to package and it will return me the output which I want to use further in my shell script. I want to know the way to capture the output values in my shell script. Please send some... (1 Reply)
Dear Members,
I have a table REQUESTS in Oracle which has an attribute REQUEST_ACTION. The entries in REQUEST_ACTION are like, ME, MD, ND, NE etc.
I would like to create a script which will will call other scripts based on the request action.
Can we directly read from the REQUEST_ACTION... (2 Replies)
I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
I want to store the passwords in a global file, so that all the users will not use them to login but a process should use it. One way is to keep the passwords in a .ini file and execute the file in the start of the script and use that variable.
But with this, one can echo the variable in the... (15 Replies)
Discussion started by: karumudi7
15 Replies
LEARN ABOUT PHP
oci_password_change
OCI_PASSWORD_CHANGE(3)OCI_PASSWORD_CHANGE(3)oci_password_change - Changes password of Oracle's userSYNOPSIS
bool oci_password_change (resource $connection, string $username, string $old_password, string $new_password)
DESCRIPTION
resource oci_password_change (string $dbname, string $username, string $old_password, string $new_password)
Changes password for user with $username.
The oci_password_change(3) function is most useful for PHP command-line scripts, or when non-persistent connections are used throughout
the PHP application.
PARAMETERS
o $connection
- An Oracle connection identifier, returned by oci_connect(3) or oci_pconnect(3).
o $username
- The Oracle user name.
o $old_password
- The old password.
o $new_password
- The new password to be set.
o $dbname
- The database name.
RETURN VALUES
Returns TRUE on success or FALSE on failure.
EXAMPLES
Example #1
oci_password_change(3) example changing the password of an already connected user
<?php
$dbase = 'localhost/orcl';
$user = 'cj';
$current_pw = 'welcome';
$new_pw = 'geelong';
$c = oci_pconnect($user, $current_pw, $dbase);
oci_password_change($c, $user, $current_pw, $new_pw);
echo "New password is : " . $new_pw . "
";
?>
Example #2
oci_password_change(3) example of connecting and changing the password in one step
<?php
$dbase = 'localhost/orcl';
$user = 'cj';
$current_pw = 'welcome';
$new_pw = 'geelong';
$c = oci_pconnect($user, $current_pw, $dbase);
if (!$c) {
$m = oci_error();
if ($m['code'] == 28001) { // "ORA-28001: the password has expired"
// Login and reset password at the same time
$c = oci_password_change($dbase, $user, $current_pw, $new_pw);
if ($c) {
echo "New password is : " . $new_pw . "
";
}
}
}
if (!$c) { // The original error wasn't 28001, or the password change failed
$m = oci_error();
trigger_error('Could not connect to database: '. $m['message'], E_USER_ERROR);
}
// Use the connection $c
?>
NOTES
Note
Changing the password either with this function or directly in Oracle should be done carefully. This is because PHP applications
may continue to successfully reuse persistent connections by authenticating with the old password. The best practice is to restart
all web servers whenever the user password is changed.
Note
If upgrading the Oracle client libraries or the database from a release prior to 11.2.0.3 to version 11.2.0.3 or higher, oci_pass-
word_change(3) may give the error "ORA-1017: invalid username/password" unless both client and server versions are upgraded at the
same time.
Note
The second oci_password_change(3) syntax is available since OCI8 version 1.1.
Note
In PHP versions before 5.0.0 you must use ocipasswordchange(3) instead. This name still can be used, it was left as alias of
oci_password_change(3) for downwards compatability. This, however, is deprecated and not recommended.
PHP Documentation Group OCI_PASSWORD_CHANGE(3)