AFPASSWD Utility

AFPASSWD Utility
AFPASSWD is an enhanced version of FNDCPASS, and includes the following features:
• AFPASSWD only prompts for passwords required for the current operation,
allowing separation of duties between applications administrators and database
administrators. This also improves interoperability with Oracle Database Vault. In
contrast, the FNDCPASS utility currently requires specification of the APPS and the
SYSTEM usernames and corresponding passwords, preventing separation of duties
between applications administrators and database administrators.
• When changing a password with AFPASSWD, the user is prompted to enter the
new password twice to confirm.
• AFPASSWD can be run from the database tier as well as the application tier. In
contrast, FNDCPASS can only be run from the application tier.
FNDCPASS will continue to be shipped with Oracle E-Business Suite, and customers
can migrate to the AFPASSWD utility at their discretion.
Important: The FNDCPASS utility must still be used to migrate the
password hashing scheme, as described in My Oracle Support
Document 457166.1, FNDCPASS Utility New Feature: Enhance Security
With Non-Reversible Hash Password.
AFPASSWD Usage
The AFPASSWD command is used with the relevant command line options to perform
the desired action.
AFPASSWD [-c [@]] [-f ]
AFPASSWD [-c [@]] [-o ]
AFPASSWD [-c [@]] [-a]
AFPASSWD [-c [@]] [-l [] |
[]]
AFPASSWD [-c [@]] [-L [] | []]
AFPASSWD [-c [@]] [-s]
These options have the following functions:
• -c {APPSUSER}[@{TWO_TASK}] - Specifies the connection string to use, the
Applications user, and/or the value of TWO_TASK. This option can be use in
combination with others. If it is not specified, default values from the environment
will be used.
Note: The password will be prompted for, and is not to be
provided in the connection string.
• -f {FNDUSER} - Changes the password for an Applications user. A username that
contains spaces must be enclosed in double quotation marks; for example, "JOHN
SMITH".
• -o {DBUSER} - Changes the password for an Oracle E-Business Suite database user.
Note: This only applies to users listed in the
FND_ORACLE_USERID table, not database users in general.
• -a - Changes all Oracle (ALLORACLE) passwords (except the passwords of APPS,
APPLSYS, APPLSYSPUB) to the same password, in the same way as the
ALLORACLE mode does in FNDCPASS.
• -l - Locks individual {ORACLE_USER} users (except required schemas). {TRUE} =
LOCK, {FALSE} = UNLOCK.
• -L - Locks all Oracle (ALLORACLE) users (except required schemas). {TRUE} =
LOCK, {FALSE} = UNLOCK.
• -s {APPLSYS} - Changes the password for the APPLSYS user and the APPS user.
This requires the execution of AutoConfig on all tiers.
• -h - Displays help.

--------------
Source:-http://download.oracle.com/docs/cd/B53825_04/current/acrobat/121sacg.pdf
Chapter 11
--------------