11i: Expire All User Passwords

Occasionally, there is a need to expire all application user passwords in Oracle Applications 11i.  Oracle now provides a script to expire all users passwords in 11i.ATG_PF.H RUP4.  The script is located in $FND_TOP/patch/115/sql/AFCPEXPIRE.sql.  It can be executed using SQL*Plus or as the concurrent program "CP SQL*Plus Expire FND_USER Passwords".

AFCPEXPIRE.sql is a very simple script and is a single update statement that sets the PASSWORD_DATE column to null in FND_USER.

However, due to the ability to decrypt the application user passwords, expiring all users passwords in cloned instances is not an acceptable practice.  Rather, all passwords must be changed when cloning.  In 11.5.10+, the reset password feature can be used for users to access the cloned instance.

 Share this post