Oracle DBA – A lifelong learning experience

«
»

Identifying when a password was last changed

Posted by John Hallas on May 16, 2016

Security asked to determine when certain passwords were last changed and I used the ptime column in user$ table to find out.

set lines 120 set pages 60
col name form a30
col Last_Changed form a12

   SELECT name,ptime "Last_Changed"
   FROM sys.user$ a, dba_users b
   where a.name=b.username
   order by 1;
NAME                           Last_Changed
 ------------------------------ ------------
 ANONYMOUS                      24-AUG-13
 APEX_030200                    24-AUG-13
 APEX_PUBLIC_USER               24-AUG-13
 APPQOSSYS                      24-AUG-13
 CTXSYS                         24-AUG-13
 DBSNMP                         13-MAY-16**
 DIP                            24-AUG-13
 EXFSYS                         24-AUG-13
 FLOWS_FILES                    24-AUG-13
 JOHN                           13-MAY-16****
 MDDATA                         24-AUG-13
 MDSYS                          24-AUG-13
 MGMT_VIEW                      24-AUG-13
 OLAPSYS                        24-AUG-13
 ORACLE_OCM                     24-AUG-13
 ORDDATA                        24-AUG-13
 ORDPLUGINS                     24-AUG-13
 ORDSYS                         24-AUG-13
 OUTLN                          24-AUG-13
 OWBSYS                         24-AUG-13
 OWBSYS_AUDIT                   24-AUG-13
 SCOTT                          24-AUG-13
 SI_INFORMTN_SCHEMA             24-AUG-13
 SPATIAL_CSW_ADMIN_USR          24-AUG-13
 SPATIAL_WFS_ADMIN_USR          24-AUG-13
 SYS                            13-MAY-16**
 SYSMAN                         24-AUG-13
 SYSTEM                         13-MAY-16**
 WMSYS                          24-AUG-13
 XDB                            24-AUG-13
 XS$NULL                        24-AUG-13

Note that you need to join with DBA_USERS otherwise the USERS$ view shows all the roles as well, such as RECOVERY_CATALOG_ROLE and DBA.

You will see that the date shown for most  users is 24-AUG-13 which is the date the password was created by the seed database provided by Oracle which is used as part of an install. The accounts with two asterisks have their passwords created as part of user interaction when running DBCA

select name,ctime "Created" , ptime "Last_Changed"
FROM sys.user$ a, dba_users b
where a.name=b.username
and a.name =  'SYS'
order by 1
/

 

NAME                           Created   Last_Changed
------------------------------ --------- ------------
SYS                            24-AUG-13 13-MAY-16

 

This entry was posted on May 16, 2016 at 7:45 am and is filed under Oracle, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Identifying when a password was last changed”

  1. NormanDunbar said

    May 16, 2016 at 9:47 am

    Hi John,

    Hope you are well.

    You can avoid the join with dba_users if you only select those rows in sys.user$ where TYPE#=1. Those are the proper users while those with type#=0 are the roles.

    HTH

    Cheers,
    Norm.

    Reply

  2. Abhishek H said

    September 21, 2018 at 1:51 pm

    I am seeing 12.2 misbehaving

    SQL> alter user sys identified by “XXXXXXXXXXX”

    User altered.

    SQL> select ptime from user$ where name=’SYS’;

    PTIME
    ———
    02-MAR-18

    SQL> select sysdate from dual;

    SYSDATE
    ———
    21-SEP-18

    Reply

  3. Gorakh said

    June 11, 2021 at 8:18 am

    Thanks it helps!..

    Reply

Leave a comment

«
»