Actually, you can change it back immediately after logging in. (users can change their own password). However, that is probably besides the point. Joel Patterson Database Administrator joel.patterson@xxxxxxxxxxx x72546 904 727-2546 ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Mark Brinsmead Sent: Saturday, October 20, 2007 8:53 PM To: vincent.verpoort@xxxxxxxxx Cc: Oracle-L Freelists Subject: Re: getting users passwords in plain text Vincent, A number of the prior responses to your question have suggested -- perhaps not clearly enough -- that you can change a users password, and then put it back to the original value without ever having known what it was. There is no known way (thankfully!) to extract plain-text passwords for all database users. You can, however, do the following: SQL> CONNECT / AS SYSDBA SQL> SELECT PASSWORD FROM DBA_USERS WHERE USERNAME = 'YOUR_USER'; SQL> ALTER USER YOUR_USER IDENTIFIED BY "some-password-you-know"; SQL> CONNECT YOUR_USER/some-password-you-know do what you need to do... SQL> CONNECT / AS SYSDBA SQL> ALTER USER YOUR_USER IDENTIFIED BY VALUES 'AABFEC8902AFB'; /*You did write down the old password hash, right?*/ The PASSWORD returned by the SELECT statement is -- of course -- the HASHED password. No use to you, right? Wrong! You can directly set a user's password to a particular HASHED value using ALTER USER ... IDENTIFIED BY VALUES ... With luck, this technique should meet your needs, although you might be well advised to get some approvals before you proceed with even this. Altering users passwords without proper authorization is likely to violate corporate policy in most places ( i.e., "get you *ss fired"), and may break the law in many jurisdictions (i.e., get your *ss thrown in jail). Certainly, extracting plain-text passwords from a database is likely to violate the law in most places, so even if it were possible, you would be nuts to do this. I agree with Mark Powell -- there should be no reason that you require users' password. To be completely honest, if you have some kind of maintenance procedure that requires you to log in to the database as many different users (whose passwords you are not entitled to know) then I think you should probably concentrate on fixing your procedures rather than sticking with something that risks getting your *ss fired and/or imprisoned. At the very least, if you go with the method described above, I would advise you to have written authorisations from everybody in sight, including (at the very least) the director of your HR department, your corporate security officer, and probably the CEO. On 10/16/07, Vincent verpoort < vincent.verpoort@xxxxxxxxx <mailto:vincent.verpoort@xxxxxxxxx> > wrote: Hi Experts, I have a question that's a bit unethical. For a company i'm working for i need to find out what the passwords are of oracle users. As changing them means a lot of work for allot of poeple. Is there anyway i can clear text the password from dba database, i have sysdba and all privs. any points would be nice also i want to put this into script so if anyone has something ? -- Vincent Verpoort ,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_ Communiceren is begrepen worden ^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-. -- Cheers, -- Mark Brinsmead Senior DBA, The Pythian Group http://www.pythian.com/blogs