Infrastructure at your Service

David Hueber

ODA 12.2.1.2.0: Some curious password management rules

While deploying an ODA based on the DCS stack (odacli), it is mandatory to provide a “master” password at appliance creation. The web GUI provides for that a small tooltip which describes the rules applied on password management. However it looks like there is some flexibility with those rules. Lets try to check this out with some basics tests.

First of all here are the rules as provided by the ODA interface:

41-Web-CreateAppliance-PWDRules

So basically it has to start with an alpha character and be at least 9 characters long. My first reaction was that 9 characters is not to bad even if 10 would be better as minimum. Unfortunately it is not requesting any additional complexity mixing uppercase, lowercase, numbers… My second reaction, as most of IT guys, was to try to not respect these rules and see what happen :-P

I started really basically by using an “high secured” password: test

44-Web-CreateAppliance-PWD-test

Perfect the ODA reacted as expect and tells me I should read the rules once again. Next step is try something a bit more complicated: manager

..and don’t tell me you never used it in any Oracle environment ;-)

42-Web-CreateAppliance-PWD-manager

Fine, manager is still not 9 character long, 7 indeed, and the installer is still complaining. For now, everything is okay.
Next step was to try a password respecting the rules of 9 characters: welcome123

43-Web-CreateAppliance-PWD-welcome123

Still a faultless reaction of ODA!

Then I had the strange idea to test the historical ODA password: welcome1

43-Web-CreateAppliance-PWD-welcome1

Oops! The password starts with an alpha character fine, but if I’m right welcome1 is only 8 characters long :-?
If you don’t believe me, try to count the dot on the picture above….and I swear I didn’t use Gimp to “adjust” it ;-)

Finally just to be sure I tried another password of 8 characters: welcome2

43-Web-CreateAppliance-PWD-welcome2

Ah looks better. This time the installer sees that the password is not long enough and shows a warning.

…but would it mean that welcome1 is hard-coded somewhere??

 

Not matter, let’s continue and run the appliance creation with welcome123. Once done I try log using SSH to my brandly new created ODA using my new master password

43-CreateAppliance-PWD-SSH-Login-

it doesn’t work! 8-O

I tried multiple combination from welcome123, welcome1, Welcome123 and much more. Unfortunately none of them work.
At this point there are only 2 solutions to connect back to your ODA:

  1. There is still a shell connected as root to the ODA and then the root password can easily be changed using passwd
  2. No session is open to the ODA anymore and then it requires to open the remote console to reboot the ODA in Single User mode :-(

As the master password should be set to both root, grid and oracle users, I tried the password for grid and oracle too:

43-CreateAppliance-PWD-oracle-login

Same thing there the master password provided during the appliance creation hasn’t be set properly.

Hope it help!

One Comment

  • Geert De Paep says:

    I encountered the same issue. I thought I mistyped the password, but obviously it seems like a bug… Indeed I needed to reboot in single user mode to fix this. See: How To Reset Root Password on ODA when password is unknown (Doc ID 1568384.1)

Leave a Reply

David Hueber
David Hueber

Chief Executive Officer (CEO), Principal Consultant