DB Password reset tool is super simple self-service web interface to allow user reset his/her own DB user password on database.
It consist of single web form as shown below:
And it does following:
- It authenticates user against Active Directory using "Username" and "Windows Password" fields. In this example AD Username is amoseyev.
- If authentication is successful it connect to database ("proddb" in this example). It connects to DB with password_reset_user user credentials. User has to have ALTER USER privilege.
- It resets password for DB user amoseyev to whatever is specified in "New DB Password" field in the form.
Note 1: AD username must match DB username.
Note 2: DB user (amoseyev) has to be created explicitly. The tool does not create it.
Installation steps for any linux environment
- On target database create user password_reset_user with permissions to change password for other users:
SQL> create user password_reset_user identified by "*****";
SQL> grant alter user to password_reset_user;
SQL> grant connect to password_reset_user;-
Install Oracle client software. (Instant client is good enough)
-
Create env file:
cat > ~/.profile_password_reset_tool <<EOF
export ORACLE_HOME=/opt/oracle/product/12.1.0.2
export PATH=${ORACLE_HOME}/bin:$PATH
EOF- Install oracle-db-password-reset tool
git clone https://github.com/AVM-Consulting/oracle-db-password-reset.git
cd oracle-db-password-reset-
Adjust config.json to your environment
-
Adjust login.gtpl to your environment (need to modify lines 22-23. These are TNS names of databases where tool need to work on. Add more lines if needed)
-
Create SSL self signed certificate (needed for https). or use legit certificates if available.
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 1000 -nodes- Start the tool
. ~/.profile_password_reset_tool
./login- Login to https://toolhost:9090/login and use it!
====================
Optionaly, Add lines to sqlnet.ora, so SSL connection from the SQL client is enforced, so passwords do not fly over net un-encrypted.
cat > $ORACLE_HOME/network/admin/sqlnet.ora <<EOF
# require encryption from client as password reset tool runs from this host.
SQLNET.CRYPTO_CHECKSUM_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = MD5
SQLNET.ENCRYPTION_CLIENT=required
SQLNET.ENCRYPTION_TYPES_CLIENT=AES128
EOFCurrent version of the tool is designed to reset passwords on Oracle DB. But functionality can be easily extended to change password on any other stack. Contact us info@avmconsulting.net for extension requests.
For any support questions please contact us: info@avmconsulting.net