Oracle ORAPWD Password File Utility
Version 18.3.0.1

General Information
Library Note Morgan's Library Page Header
Coming to OpenWorld 2018? Be sure to visit the TidalScale booth in Moscone South and learn how to solve performance problems and lower costs with Software Defined Servers. Before you visit the booth, or if you can't make it this year, check out TidalScale at www.tidalscale.com. Be sure to click on the Solutions link and look through the Oracle resources.
Password File Utility

The syntax elements SYSBACKUP, SYSDG, and SYSKM were added as of version 12.1.0.1.
Operating System Privileges To access orapwd a user must have operating system level access to the ORACLE_HOME file system.
 
Help
This is not the utility's full syntax. Note the following entries that show the missing pieces [oracle@db18c bin]$ orapwd -h
Usage 1: orapwd file=<fname> force={y|n} asm={y|n}
          dbuniquename=<dbname> format={12|12.2}
          delete={y|n} input_file=<input-fname>
          'sys={y | password | external(<sys-external-name>)
                | global(<sys-directory-DN>)}'
          'sysbackup={y | password | external(<sysbackup-external-name>)
                      | global(<sysbackup-directory-DN>)}'
          'sysdg={y | password | external(<sysdg-external-name>)
                  | global(<sysdg-directory-DN>)}'
          'syskm={y | password | external(<syskm-external-name>)
                  | global(<syskm-directory-DN>)}'

Usage 2: orapwd describe file=<fname>

  where
     file - name of password file (required), password
          - password for SYS will be prompted
            if not specified at command line.
            Ignored, if input_file is specified,
    force - whether to overwrite existing file (optional),
      asm - indicates that the password to be stored in
            Automatic Storage Management (ASM) disk group
            is an ASM password. (optional), dbuniquename
          - unique database name used to identify database
            password files residing in ASM diskgroup only.
            Ignored when asm option is specified (optional),
   format - use format=12 for new 12c features like SYSBACKUP, SYSDG
            and SYSKM support, longer identifiers, SHA2 Verifiers etc.
            use format=12.2 for 12.2 features like enforcing user
            profile (password limits and password complexity) and
            account status for administrative users.
            If not specified, format=12.2 is default (optional),
   delete - drops a password file. Must specify 'asm',
            'dbuniquename' or 'file'. If 'file' is specified,
            the file must be located on an ASM diskgroup (optional),
            input_file
          - name of input password file, from where old user
            entries will be migrated (optional),
      sys - specifies if SYS user is password, externally or
            globally authenticated.
            For external SYS, also specifies external name.
            For global SYS, also specifies directory DN.
            SYS={y | password} specifies if SYS user password needs
            to be changed when used with input_file,
sysbackup - creates SYSBACKUP entry (optional).
            Specifies if SYSBACKUP user is password, externally or
            globally authenticated.
            For external SYSBACKUP, also specifies external name.
            For global SYSBACKUP, also specifies directory DN.
            Ignored, if input_file is specified,
    sysdg - creates SYSDG entry (optional).
            Specifies if SYSDG user is password, externally or
            globally authenticated.
            For external SYSDG, also specifies external name.
            For global SYSDG, also specifies directory DN.
            Ignored, if input_file is specified,
    syskm - creates SYSKM entry (optional).
            Specifies if SYSKM user is password, externally or
            globally authenticated.
            For external SYSKM, also specifies external name.
            For global SYSKM, also specifies directory DN.
            Ignored, if input_file is specified,
 describe - describes the properties of specified password file
            (required).

There must be no spaces around the equal-to (=) character.
[oracle@db18c bin]$
Retrieve password file metadata SELECT *
FROM v$pwfile_users;
Retrieve dbuniquename value SQL> show parameter unique
 
CREATE
Create a password file orapwd file=c:\app\oracle\product\12.1.0\dbhome_1\database\PWDorabase.ora password="N0WayIn!" entries=3
 
DELETE
Drop a password file with ASM TBD
Drop a password file with a file system orapwd delete=y password="N0Access!" dbuniquename=orabase

orapwd delete=y file=c:\app\oracle\product\12.1.0\dbhome_1\bin\PWDorabase.ora
 
AUDIT VAULT and DATA VAULT Extension
NOSYSDBA

This appears to still be valid syntax but no longer disables logins with "/ as sysdba"
nosysdba=<y | n>
orapwd file=c:\app\oracle\product\12.1.0\dbhome_1\database\PWDorabase.ora password="N0WayIn!" entries=3 ignorecase=n nosysdba=y force=y
 
Addendum
DESCRIBE C:\Users\oracle>orapwd describe file=c:\app\oracle\product\12.1.0\dbhome_1\database\PWDorabase.ora

Password file Description : format=12 ignorecase=N
IGNORECASE This extension is deprecated as of 12cR1 as the default is "no" which means case is not ignored.

Related Topics
Data Guard
Security
Utilities
What's New In 12cR2
What's New In 18cR1

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2017 Daniel A. Morgan All Rights Reserved