Skip to main content

Oracle E-Business Suite Password Management using AFPASSWD

AFPASSWD Utility:

It is an enhanced version of FNDCPASS and includes the following features:
  • It prompts for passwords required for the current operation.
  • It avoids the security risk incurred by entering passwords on the command line for FNDCPASS.
  • User enter the new password twice to confirm.
  • Can be used to migrate Oracle EBS user passwords to a non-reversible hash password scheme.
Note: Always run AutoConfig after changing any system (type 2) password.
Refer : How To Change Applications Passwords Using Applications Schema Password Change Utility (FNDCPASS or AFPASSWD) (Doc ID 437260.1)
 To migrate Oracle E-Business Suite user passwords to a password hashing scheme:
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -m <HASH_MODE> {FULL|BACKGROUND|PARTIAL}
Known issues of AFPASSWD:
  • Adadmin Fails After Schema Password Is Changed Using AFPASSWD (Doc ID 1492939.1)
  • ISSUE DURING AFPASSWD UTILITY RUN (Doc ID 2157967.1)
  • AFPASSWD Relink Fails While Applying R12 Patch With Error Undefined Reference To `iifgcg' (Doc ID 1499357.1)
  • Migrating Password Using AFPASSWD Fails With Error: "Users with Invalid passwords" (Doc ID 2194846.1)
AFPASSWD Usage:
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -f <FNDUSER>
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -o <DBUSER>
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -a
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -l <ORACLEUSER> {TRUE|FALSE}
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -L {TRUE|FALSE}
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -s <APPLSYS>
AFPASSWD [-c <APPSUSER>[@<TWO_TASK>]] -h
These options have the following functions:
-c <APPSUSER>[@<TWO_TASK>]:
Specifies the connection string to use, the Oracle E-Business Suite user, and/or the value of TWO_TASK.
Can be use in combination with others. Default values from the environment will be used.
-f <FNDUSER>:
Changes password for an Oracle E-Business Suite user.
User name that with spaces or special characters must be enclosed in double quotation marks;
For example, "JO BAY" or "JO.BAY@EXAMPLE.COM"..
-o <DBUSER>:
Changes the password for an Oracle EBS database user.
Note: This only applies to users listed in the FND_ORACLE_USERID table, not database users in general.
-a:
Changes all Oracle passwords for schemas that are registered as base product schemas in the FND_ORACLE_USERID table (
excluding the passwords of APPS, APPLSYS, and APPS_NE) to the same password, in the same way as the ALLORACLE mode does in FNDCPASS.
-l:
Locks or unlocks an individual Oracle EBS database user (ORACLE_USER) (except required schemas).
Specify TRUE to lock or FALSE to unlock.
-L:
Locks or unlocks all Oracle EBS database users (except required schemas). Specify TRUE to lock or FALSE to unlock.
-s <APPLSYS>:
Changes the password for the APPLSYS user, the APPS user, and the APPS_NE user.
This requires the execution of AutoConfig on all tiers. After changing the APPLSYS password, you must also perform the steps to Update WLS Data Source.
-h:
Displays help.
 
Labels:

Comments

  1. Kathleen StevensJuly 26, 2025 at 3:04 AM

    Using AFPASSWD is a much safer and smarter way to manage E-Business Suite passwords, especially since it avoids command-line password exposure and supports secure password hashing. I found it super helpful for password migration and locking users safely via EmailToolTester .

    ReplyDelete

Post a Comment

Popular posts from this blog

MySQL InnoDB cluster troubleshooting | commands

Cluster Validation: select * from performance_schema.replication_group_members; All members should be online. select instance_name, mysql_server_uuid, addresses from  mysql_innodb_cluster_metadata.instances; All instances should return same value for mysql_server_uuid SELECT @@GTID_EXECUTED; All nodes should return same value Frequently use commands: mysql> SET SQL_LOG_BIN = 0;  mysql> stop group_replication; mysql> set global super_read_only=0; mysql> drop database mysql_innodb_cluster_metadata; mysql> RESET MASTER; mysql> RESET SLAVE ALL; JS > var cluster = dba.getCluster() JS > var cluster = dba.getCluster("<Cluster_name>") JS > var cluster = dba.createCluster('name') JS > cluster.removeInstance('root@<IP_Address>:<Port_No>',{force: true}) JS > cluster.addInstance('root@<IP add>,:<port>') JS > cluster.addInstance('root@ <IP add>,:<port> ') JS > dba.getC...
Post a Comment
Read more

MySQL 5.7 Install | Configure MySQL | Configure MySQL Replication | Configure systemd for single instance

Install MySQL 5.7 Community Edition on Linux: #yum install mysql80-community-release-el7-1.noarch.rpm #yum install mysql-community-server #yum install perl-DBD-MySQL-4.023-6.el7.x86_64.rpm #yum install percona-release-0.1-4.noarch.rpm Increase no. of open files: Edit file /etc/security/limits.conf and includes as follows, which will increase no of open files for mysql user to 65535 from 1024 which is default. excute ulimit -a after sudo to mysql, if you are logged in exit and login again then and then only you will be able to see it. mysql              soft     nofile           65535 mysql             hard     nofile           65535 Ref.: https://dev.mysql.com/doc/refman/8.0/en/linux-installation-yum-repo.html https://jinyuwang.weebly.co...
1 comment
Read more

Create MySQL database with hyphen

Create MySQL database with hyphen: If you are trying to create MySQL database with hyphen " - " in the name such as test-db and get error  " your MySQL server version for the right syntax to use near '-db' at line" then you might be wondering how to get it done as your business require MySQL database name with hyphen " - "  Here is the fix, use escape character " ` " before and after database name such as `test-db` and you will be able to create database with hyphen. CREATE DATABASE `test-db`; 
Post a Comment
Read more