While deploying an ODA based on the DCS stack (odacli), it is mandatory to provide a “master” password at appliance creation. The web GUI provides for that a small tooltip which describes the rules applied on password management. However it looks like there is some flexibility with those rules. Lets try to check this out with some basics tests.
First of all here are the rules as provided by the ODA interface:
So basically it has to start with an alpha character and be at least 9 characters long. My first reaction was that 9 characters is not to bad even if 10 would be better as minimum. Unfortunately it is not requesting any additional complexity mixing uppercase, lowercase, numbers… My second reaction, as most of IT guys, was to try to not respect these rules and see what happen 😛
I started really basically by using an “high secured” password: test
Perfect the ODA reacted as expect and tells me I should read the rules once again. Next step is try something a bit more complicated: manager
..and don’t tell me you never used it in any Oracle environment 😉
Fine, manager is still not 9 character long, 7 indeed, and the installer is still complaining. For now, everything is okay.
Next step was to try a password respecting the rules of 9 characters: welcome123
Still a faultless reaction of ODA!
Then I had the strange idea to test the historical ODA password: welcome1
Oops! The password starts with an alpha character fine, but if I’m right welcome1 is only 8 characters long 😕
If you don’t believe me, try to count the dot on the picture above….and I swear I didn’t use Gimp to “adjust” it 😉
Finally just to be sure I tried another password of 8 characters: welcome2
Ah looks better. This time the installer sees that the password is not long enough and shows a warning.
…but would it mean that welcome1 is hard-coded somewhere??
Not matter, let’s continue and run the appliance creation with welcome123. Once done I try log using SSH to my brandly new created ODA using my new master password
it doesn’t work! 😯
I tried multiple combination from welcome123, welcome1, Welcome123 and much more. Unfortunately none of them work.
At this point there are only 2 solutions to connect back to your ODA:
- There is still a shell connected as root to the ODA and then the root password can easily be changed using passwd
- No session is open to the ODA anymore and then it requires to open the remote console to reboot the ODA in Single User mode 🙁
As the master password should be set to both root, grid and oracle users, I tried the password for grid and oracle too:
Same thing there the master password provided during the appliance creation hasn’t be set properly.
Hope it help!