Change JDE password

sf_woo

Active Member
Dear List,

We are using a single user (JDE) sign-on to the Oracle database for all
users. We would like to change the JDE password. Does anyone has a checklist
of what are the areas / scripts that must be changed ? We are on HP Unix and
we have some cron jobs.

Thanks !

Sook Fun
 

cdawes

VIP Member
Are your users using different passwords to sign onto JDE? The standard JDE
convention is to control all security through the app and 'proxy' the
database password. Their reason for this is to reduce the DBA
administration. However, this only works if users do not have the JDE Oracle
'system' password. I have a password change document for JDE on Oracle that
instructs you how to change the default password from JDE/JDE but not on how
to create new Oracle roles and synonyms.

Colin



Colin Dawes, MSc
Business Systems Analyst
The City of Guelph
 

sf_woo

Active Member
Colin,

We are using the recommended 'proxy'database password. I'd like to change
just the password for JDE and the roles, etc... to remain intact. This is
for security reasons - periodically change password and we have not done
this since JUL '99. We have changed it before when we reinstalled / revamp
the entire setup - OS, DB and OW.

Thanks !
Sook Fun
 

will_miller

Member
When you do it - make sure you keep an account open that has full rights
over security and user profiles - just in case the JDE account no longer
works and you have to reset everything.

Here is a list of stuff you need to do/consider:

PROCEDURE FOR CHANGING THE JDE USER PASSWORD IN ONEWORLD

1. If you decide for security reasons to change the JDE user id
password you should take into account the following:-

a) The NT Login password on the system domain for the user JDE.
b) The user login for JDE on any other platform that may also be being
used (AS400 / HP9000 / RS6000).
c) The OneWorld password for the user id JDE (F98OWSEC).
d) The security user password for OneWorld (If you are using JDE as the
security user), in work with sign-on security. You should ensure that the
lock is removed so as to be able to change the jde.ini so as not to use
security server (just in case) - (F98OWSEC).
e) The password for JDE on the services (jde network and queue
services) on the enterprise server (NT / UNIX).
f) The password for JDE in the database.
g) The settings for password for JDE throughout the jde.ini file on the
server. Once changed you should hide the jde.ini file to prevent people from
casually looking at it.
h) The setting for password for JDE in the setup.inf file on the
deployment server in the Client directory. (For setting up the system
datasource).

2. If you are using a different user to JDE as the security user, and
you wish to change their password then you must:-

a) The security user password for OneWorld (If you are using JDE as the
security user), in work with sign-on security. You should ensure that the
lock is removed so as to be able to change the jde.ini so as not to use
security server (just in case) - (F98OWSEC).
b) The password for the security user in the database.
c) The settings for password for the security throughout the jde.ini
file on the server (IF you have placed that id in the jde.ini file on the
server - it is not compulsory). Once changed you should hide the jde.ini
file to prevent people from casually looking at it.

3. If you make any changes to the server jde.ini do not forget to stop
and start the JDE services. You may also need to re-boot the server in some
releases for the other changes to take affect.
 

tswoods

Member
If you're only changing the Oracle password, I suggest you do it in 2
steps.
The biggest pain is that fact that you have to change the system user
password for every single user manually, so a quick change will make this
easier the next time you have to do it.
First step, copy (using create like) the Oracle JDE user to another user,
say JDESYS. The new JDESYS user will become the new system user for the
users to access the database, but use the JDE user for everything else.
Basically, this means you'll never have to change the password for JDESYS
again, since you won't be using it manually, only through OneWorld and no
one will have to know the password but you and the DBA.
Now you have to change each users security to use the new JDESYS user
(and password) instead of JDE. The nice thing is that the old JDE user still
works, and no one gets locked out of the system if they logout and back into
OW while you are making the changes, which can be done in the middle of the
day.
Second, you can change the JDE user's password and change the
RunOneWorld.sh, EndOneWorld.sh, and any cron jobs and custom scripts you
have created.
That should be it. Changing all the user's security is a pain, but this
way, you really only have to do it once. Just make sure any new users get
setup with the new system user.
Hope this helps.

Tim Woods
CNC / System Administrator
PTC Alliance <http://www.ptcalliance.com/>
(330) 829-5240
tswoods@amtp.com <mailto:tswoods@amtp.com>
 
Top