Oracle Applications Schema Password Change Utility - (FNDCPASS)

Changing passwords periodically helps ensure database security. Oracle Applications provides a command line utility, FNDCPASS, to set Oracle Applications schema passwords. In addition to changing the schema password in the database, this utility changes the password registered in Oracle Applications tables (FND Tables). This utility can also change Applications End User passwords.

FNDCPASS changes

• Oracle Applications Database System Users (APPS, APPLSYS)
• Oracle Applications Product Schema Passwords (GL, AR, AP, etc,)
• Oracle Applications End User Account Passwords (SYSADMIN, OPERATIONS etc)

Note: the utility, FNDCPASS, cannot be used for changing the database SYSTEM and SYS users. Only users that are registered in FND meta data tables need to be changed using FNDCPASS. Normally, the APPS database user password and APPLSYS password need to be the same. When changing the APPLSYS password using FNDCPASS, the APPS password is also changed.

Syntax of FNDCPASS command:

FNDCPASS logon 0 Y system/password mode username new_password

Where logon is username/password[@connect]
System/password is password of the system account of that database
Mode is SYSTEM/USER/ORACLE
Username is the username where you want to change its password
new_password is the new password in unencrypted format

Example:

$ FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS WELCOME

$ FNDCPASS apps/apps 0 Y system/manager ORACLE GL GL1

$ FNDCPASS apps/apps 0 Y system/manager USER VISION WELCOME

Note: The FNDCPASS has a new mode, "ALLORACLE", in which all Oracle Application schema passwords can be changed in one call. Apply the patch (Patch No# 4745998) to have this option, if not available currently with your Apps.

Syntax:

FNDCPASS 0 Y ALLORACLE

Example:

$ FNDCPASS apps/apps 0 Y system/manager ALLORACLE WELCOME

To change APPS/APPLSYS password, we need to give mode as SYSTEM
To change product schema passwords, i.e., GL, AP, AR, etc., we need to give mode as ORACLE
To change end user passwords, i.e., SYSADMIN, OPERATIONS etc., we need give mode as USER

Note: Till 11.5.9 there is bug in FNDCPASS, which allows FNDCPASS to change APPS&APPLSYS passwords. Doing so will corrupt the data in FND meta data tables and cause to the application unusable. Because of that it is recommend taking backup of the tables FND_USER and FND_ORACLE_USERID before changing the passwords.

After changing the APPS/APPLSYS or APPLSYSPUB user, following extra manual steps needs to be done.

If you changed the APPS (and APPLSYS) password, update the password in these files:

• iAS_TOP/Apache/modplsql/cfg/wdbsvr.app
• ORACLE_HOME/reports60/server/CGIcmd.dat

If you changed the APPLSYSPUB password, update the password in these files:

• FND_TOP/resource/appsweb.cfg
• OA_HTML/bin/appsweb.cfg
• FND_TOP/secure/HOSTNAME_DBNAME.dbc

Note: I would you suggest you to first try changing the passwords using FNDCPASS on your test Apps Instances, once you are done with this without any errors or issues then you can move this to production, and also request you to search in metalink for more information about FNDCPASS utility and it's usage.

Happy Reading !

With Best Regards,
Sabdar Syed,
http://sabdarsyed.blogspot.com