3 Replies Latest reply: Jan 12, 2011 9:09 AM by 729900 RSS

    changing passwords

    729900
      hello,

      in the Audit Vault documentation (5.4 changing oracle audit vault user passwords), it specifies that when changing the passwords of users who have been assigned the av_admin role, to also update the credential in the wallet.

      what is the impact if avca create_credential is not executed for a user who has been assigned the av_admin role?

      because in my test, i have only changed the password in the db using alter user, and have been able to log in to AV console and start the collector succesfully.

      thank you
        • 1. Re: changing passwords
          706614
          Hi:

          The wallet credentials are not used to log in interactively through the GUI; they are used, instead, by services running in the OC4J to connect to the database to execute administrative tasks. If the credentials are not updated, these tasks will fail.

          Regards.
          • 2. Re: changing passwords
            729900
            I found section 5.4.2 which says
            "if this user was granted the AV_ADMIN role after AV installation, then you have completed this procedure...
            otherwise go to step 4"
            which was to run the avca_credential

            so my understanding is, it is only the AVADMIN and AVAUDITOR accounts itself that only need to have the wallet credentials update
            other accounts that were created afterwards, even when assigned the AV_ADMIN or AV_AUDITOR roles, don't need to have the wallet credential updated.

            not only that, in 5.2 #2, when the steps were provided to create new accounts with the AV_ADMIN or AV_AUDITOR roles, there were no steps instructing to add them in the wallet.

            therefore, there is no need to run avca_credential for new accounts, is that right?

            thank you
            • 3. Re: changing passwords
              729900
              I am now having problems after changing the passwords -- none of the collectors would start up, but the agent is up.

              We are on 10.2.3.2

              1. changed the AV source user pwd
              - user pwd was changed in the source db
              - executed avorcldb setup and Credential stored successfully.

              2. changed the Agent pwd
              - agent pwd was changed in the AV db
              - executed avca create_credential and Credential stored successfully.

              but the collectors won't start. the message in the avca.log is
              01/12/11 06:18:38 Error while checking agent status - java.net.ConnectException: Connection refused
              :
              01/12/11 06:19:08 Agent started successfully.

              the agent user account was locked in the AV db and is now unlocked.

              i've verified that i can connect to the databases using the new passwords, and it works

              but when i try rerunning avorcldb setup, the message is:
              ERROR: could not get AV agent connection using jdbc:oracle:oci:@AV
              ERROR: ORA-01017: invalid username/password; logon denied

              is the problem with the source db account, or the AV agent account?

              please advise

              thank you