If you can't read please download the document

Recovering Database Users Passwords

  • Upload
    anandna

  • View
    464

  • Download
    27

Embed Size (px)

DESCRIPTION

Recovering Database Users Passwords

Citation preview

PTBTBL0058Recovering ASE Database Users Passwords

Recovering Database Users Passwords in ASEThis is achieved in two steps:Step 1: Recover password for user sapssoProcedure:1. Shut server down.2. Edit $SYBASE/$SYBASE_ASE/install/RUN_ file,add '-psso' (without the quotes) at the end of the file, on a new line. Make sure this change hasbeen saved before exiting the editor.3. Start your server.A new password will be printed into terminal screen follow the last system database online information. It looks like this:00:00000:00001:2013/06/12 22:41:52.40 server Database 'sybsystemprocs' is now online.New SSO password for test: manyorygksfdl2 ---- 'manyorygksfdl2' is the new password of SAPSSO account.Step 2: Use user sapsso to reset passwords for all the other users in the ASEProcedure:1. List all database logins.a. Log in as user syb on your database host.

HOST> su - sybb. Log in to your Sybase ASE database via isql with user 'sapsso'.

HOST ASE-15_0/install> isql -X -Usapsso -S -w10242. Get a list of all available database users:

use mastergoselect suid, status, name, password from sysloginsgo

The following users are displayed:saDefault Sybase ASE administrator, usually locked in SAP systems for security reasons. This user cannot be deleted.

probeThe login 'probe' and the user 'probe' exist for the two-phase commit probe process, which uses a challenge and response mechanism to access Adaptive Server. It has an unpublished password.

jstaskInternal Sybase ASE user 'jstask' for the database job scheduler

sapsaAdministration user for SAP systems

sapssoUser for SAP systems with the SSO role

SAPSR3This user is used for the ABAP stack. It only exists if the SAP system contains an ABAP stack.

SAPSR3DBThis user is used for the Java stack. It only exists if the SAP system contains a Java stack.

3. The passwords of users 'jstask' and 'probe' are unknown. You only need to change the passwords of users 'sa', 'sapsa', 'sapsso', and 'SAPSR3'/'SAPSR3DB'. If you get more than the above listed users, check why this user exists and whether a password change is necessary.4. Change the passwords of users 'sa' and 'sapsso'.a. Log in as user 'syb' on your database host:HOST> su - sybb. Log in to your Sybase ASE database via isql with user 'sapsso':HOST ASE-15_0/install> isql -X -Usapsso -S -w1024c. Change the passwords:use mastergoalter login sapsso with password "" modify password ""goalter login sa with password "" modify password ""goNo further post-processing steps are needed.5. Change the passwords of users 'sapsa' and 'SAPSR3'/'SAPSR3DB'.a. Log in as user 'syb' on your database host:

HOST> su - sybb. Log in to your Sybase ASE database via isql with user 'sapsso':

HOST ASE-15_0/install> isql -X -Usapsso -S -w1024c. Change the passwords:use mastergoalter login sapsa with password "" modify password ""goalter login SAPSR3 with password "" modify password ""goalter login SAPSR3DB with password "" modify password ""goAfter changing the passwords of database logins 'sapsa', 'SAPSR3'and 'SAPSR3DB', you should immediately change the passwords for the database users in the Secure Storage. The passwords in the ABAP/Java Secure Storage are used for the connection to the ABAP/Java database schema by the application servers.6. Change passwords in the ABAP Secure Storage:a. Log in as user 'adm' on your central instance host:

HOST > su - admb. Write the password to a temporary file that you delete after having called rsecssfx.c. List all entries in the Secure Storage File System (SSFS):

HOST:adm > rsecssfx listd. Change the password for the DEFAULT_DB_USER (SAPSR3) to the password you set previously for the SAPSR3 database user.

HOST:adm > rsecssfx put DB_CONNECT/DEFAULT_DB_PASSWORD -valuefile -valuefile7bite. List all entries in the Secure Storage File System (SSFS) and check the last update time stamp.

HOST:adm > rsecssfx listYou should see the current time stamp in the record for the DEFAULT_DB_PASSWORD.f. Verify that R3trans is working properly:

HOST:adm > R3trans -d

This is R3trans version 6.22 (release 720 - 19.08.11 - 15:45:00).unicode enabled version R3trans finished (0000).You should get return code 0000.g. Change the password for SADB_USER (sapsa) to the password you set previously for the sapsa database user.

HOST:adm > rsecssfx put DB_CONNECT/SYB/SADB_USER sapsa -plainHOST:adm > rsecssfx put DB_CONNECT/SYB/SADB_PASSWORD -valuefile -valuefile7bith. Change the password for SSODB_USER (sapsso) to the password you set previously for the sapsa database user.

HOST:adm > rsecssfx put DB_CONNECT/SYB/SSODB_USER sapsso -plainHOST:adm > rsecssfx put DB_CONNECT/SYB/SSODB_PASSWORD -valuefile -valuefile7biti. Change the password for SYBSID_USER (syb) to the password you set previously for the syb operating system user.HOST:adm > rsecssfx put DB_CONNECT/SYB/SYBSID_USER syb -plainHOST:adm > rsecssfx put DB_CONNECT/SYB/SYBSID_PASSWORD -valuefile -valuefile7bitj. List all entries in the Secure Storage File System (SSFS) and check the last updated timestamp:

HOST:adm > rsecssfx list

You should see the current timestamp in the record for the updated users.!Make sure you delete the temporary as this contains the unencrypted password!Change passwords in the Java Secure Storagek. Log in as user 'adm' on your central instance host:

HOST > su - adml. Start /usr/sap//J/j2ee/configtool/configtool.m. Select node 'Secure Store' and tab 'Secure Store Data'.n. Update the passwords for the following keys:

db_connect/syb/sapsa_passworddb_connect/syb/sapsso_passwordo. Update the password for user SAPSR3DB:

NW70X based key for SAPSR3DB:jdbc/pool//PasswordNW73X based key for SAPSR3DB:Password (tab 'Connection Pools')7. Renew external logins (Component Integration Service)After changing the user passwords in the SSFS, you have to renew all external logins whose passwords were changed. This includes at least the external login for the Server SYB_JSTASK, which uses the 'sapsa' login. You can get a list of all external remote logins like this:a. Log in as user 'syb' on your database host:

HOST> su - sybb. Log in to your Sybase ASE database via isql with user 'sapsa':

HOST ASE-15_0/install> isql -X -Usapsa -S -w1024use mastergosp_helpexternlogingoc. Note down the existing external logins. Drop the external logins and create new ones. This is necessary, because no stored procedure for modifying external logins exists.

exec sp_dropexternlogin , god. Create the external logins:

exec sp_addexternlogin , , , ''goRepeat the drop/create process for every changed user/password.8. Post-processing steps:Change the password for user 'sapsa' in the DBA Cockpit and the Solution Manager manually. Change all passwords in all third-party tools, such as monitoring software and so on.


STRONG PASSWORDS

STRONG PASSWORDS

Documents
Module 1: Recovering Messaging Databases. Overview Overview of Database Recovery Scenarios Recovering a Messaging Database Using Dial-Tone Recovery

Module 1: Recovering Messaging Databases. Overview Overview of Database Recovery Scenarios Recovering a Messaging Database Using Dial-Tone Recovery

Documents
Deliverable D2.3 Database of Best Available Techniques ... BAT Database is divided into three main areas of interests: 1) ... 1.1.2.2 Cupola furnace ... Recovering the energy of top

Deliverable D2.3 Database of Best Available Techniques ... BAT Database is divided into three main areas of interests: 1) ... 1.1.2.2 Cupola furnace ... Recovering the energy of top

Documents
ELCOMSOFT Password Recovery Bundle is capable of instantly recovering passwords for a wide range of business and office applications, text processors, spreadsheets, database manage-ment

ELCOMSOFT Password Recovery Bundle is capable of instantly recovering passwords for a wide range of business and office applications, text processors, spreadsheets, database manage-ment

Documents
Building the ultimate login and signup · 2017. 4. 20. · o Protecting passwords in the database o Getting your users to choose good passwords o Preventing spam accounts • Before

Building the ultimate login and signup · 2017. 4. 20. · o Protecting passwords in the database o Getting your users to choose good passwords o Preventing spam accounts • Before

Documents
Passwords presentation

Passwords presentation

Documents
Secrets of Google VRP - nullcon - International Security ... content after logout, recovering passwords from Password Manager, cookies working for a brief time after logout, reusing

Secrets of Google VRP - nullcon - International Security ... content after logout, recovering passwords from Password Manager, cookies working for a brief time after logout, reusing

Documents
Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS

Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS

Documents
Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database

Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database

Documents
Death To Passwords

Death To Passwords

Technology
Migrating, Cloning and Recovering Oracle · PDF fileMigrating, Cloning and Recovering Oracle 12c Databases At Warp Speed Jim Czuprynski ... Cloning From the PDB Seed Database From

Migrating, Cloning and Recovering Oracle · PDF fileMigrating, Cloning and Recovering Oracle 12c Databases At Warp Speed Jim Czuprynski ... Cloning From the PDB Seed Database From

Documents
Alternatives to Passwords David Bohn. Password : History The average working professional has 6 passwords to perform daily functions Passwords if used

Alternatives to Passwords David Bohn. Password : History The average working professional has 6 passwords to perform daily functions Passwords if used

Documents
Using Hamiltonian Totems as Passwords Abstract 1 Visual passwords

Using Hamiltonian Totems as Passwords Abstract 1 Visual passwords

Documents
Chapter 7 Passwords - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../HackingforDummiesCh07.pdf · Chapter 7 Passwords ... Therefore, passwords are one of the weakest links in ... This includes

Chapter 7 Passwords - cdn.ttgtmedia.comcdn.ttgtmedia.com/.../HackingforDummiesCh07.pdf · Chapter 7 Passwords ... Therefore, passwords are one of the weakest links in ... This includes

Documents
Kanishka_3D Passwords

Kanishka_3D Passwords

Education
Security Awareness Passwords - Illinois.gov · 3 Passwords Password Cracking Find weak passwords Verify the use of good passwords Characters (complex) Estimated time to crack 7 15

Security Awareness Passwords - Illinois.gov · 3 Passwords Password Cracking Find weak passwords Verify the use of good passwords Characters (complex) Estimated time to crack 7 15

Documents
Database Management System - SourceForgealphapeeler.sourceforge.net/uit/dbms_ce421_fall_2013/week06a.pdf · Recovering From a Crash There are 3 phases in the Aries recovery algorithm:

Database Management System - SourceForgealphapeeler.sourceforge.net/uit/dbms_ce421_fall_2013/week06a.pdf · Recovering From a Crash There are 3 phases in the Aries recovery algorithm:

Documents
Recovering Cisco APIC Passwords and Accessing Special Logins · RecoveringCiscoAPICPasswordsand AccessingSpecialLogins ThischapterexplainshowtorecoveryourCiscoAPICpassword,howtoaccesstherescue-userlogintorun

Recovering Cisco APIC Passwords and Accessing Special Logins · RecoveringCiscoAPICPasswordsand AccessingSpecialLogins ThischapterexplainshowtorecoveryourCiscoAPICpassword,howtoaccesstherescue-userlogintorun

Documents
Passwords & security

Passwords & security

Technology
CS54100: Database Systems - Purdue UniversitySystem crash - memory lost - cpu halts, resets Undesired Unexpected: Everything else! ... •For recovering from crash during UNDO! Database

CS54100: Database Systems - Purdue UniversitySystem crash - memory lost - cpu halts, resets Undesired Unexpected: Everything else! ... •For recovering from crash during UNDO! Database

Documents
Forensics Bulletin - CCFIS · 2014-10-15 · deleted form database of both original and backup database. After recovering those deleted database, we realized that administrator who

Forensics Bulletin - CCFIS · 2014-10-15 · deleted form database of both original and backup database. After recovering those deleted database, we realized that administrator who

Documents
UNDERSTANDING PASSWORDS

UNDERSTANDING PASSWORDS

Documents
What Password Cracking Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer

What Password Cracking Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer

Documents
Passwords Everywhere

Passwords Everywhere

Documents
ShareSci: A Research Paper Networking Sitecis.csuohio.edu/~sschung/CIS408/ProjectsharesciReportSlidesSever… · We securely store the users' passwords in the database, using bcrypt

ShareSci: A Research Paper Networking Sitecis.csuohio.edu/~sschung/CIS408/ProjectsharesciReportSlidesSever… · We securely store the users' passwords in the database, using bcrypt

Documents
Passwords Perfectos

Passwords Perfectos

Documents
Strong Passwords

Strong Passwords

Documents
Passwords, Passwords and more Passwords

Passwords, Passwords and more Passwords

Technology
PASSWORDS TREES AND HIERARCHIESusers.cms.caltech.edu/~donnie/cs121-fa2016/CS121Lec24.pdf · PASSWORDS TREES AND HIERARCHIES CS121: Introduction to Relational Database Systems Fall

PASSWORDS TREES AND HIERARCHIESusers.cms.caltech.edu/~donnie/cs121-fa2016/CS121Lec24.pdf · PASSWORDS TREES AND HIERARCHIES CS121: Introduction to Relational Database Systems Fall

Documents
Recovering the Sunk Costs of R&D: The Moulds Industry CaseFAME (UK) and AMADEUS (Europe) database or Thomson Financial™s DATASTREAM database (UK). Only census data would contain

Recovering the Sunk Costs of R&D: The Moulds Industry CaseFAME (UK) and AMADEUS (Europe) database or Thomson Financial™s DATASTREAM database (UK). Only census data would contain

Documents