Changing password of SAPR3 or SAP

Symptom
Changing the password of SAPR3 or SAP<SID> with SAPDBA.

Additional key words
Encryption, encrypt, decrypt, CRYPT, SAPR3-CRYPT, SAPUSER, password

Cause and preconditions
Caution:

The SAP system must not run during the password change since otherwise new connects are no longer possible.

After the password change, the SAP system needs to be restarted.

Solution
The password of the DB user SAPR3 or SAP<SID> or other users can be changed and (only in case of users SAPR3 and SAP<SID>) encrypted by a DB user with DBA authorization (for example user SYSTEM) with the following command (as of SAPDBA version 4.5B):

sapdba [-u <dba>[/<dba_password>]] -alter_user <username>/<password>

Old variant for user SAPR3 only:

sapdba [-u <dba>[/<dba_password>]] -sapr3 <password>

-u specifies the DBA user changing the password.

Default for -u is system/manager.

Example: sapdba -u system/manager -alter_user sapc11/sap

sapdba -u system/manager -sapr3 sap

or sapdba -sapr3 sap

The general SAP encryption routine is used for encryption.

The option -alter_user <username>/<password> causes the following (the same for -sapr3 <password>):

1. The DB password of the user <username> is changed as specified.
2. The following applies to users SAPR3 and SAP<SID> only:
The new password is entered in SAP-DDIC Table ops$<sapsid>adm.SAPUSER.
If a non-encrypted entry already exists, the new password is again entered non-encrypted (downward-compatible).
If an encrypted entry already exists, the new password is entered encrypted.
If the old entry exists encrypted and non-encrypted, the new password is entered encrypted and non-encrypted.
If no password at all has been entered, the new password is only entered non-encrypted in an SAP System before 4.5B and encrypted in an SAP System as of 4.5B.

You can also change the password interactively with SAPDBA.
Main menu -> "m - User and security" -> "p - Change password".

Call SAPDBA with DBA authorization, for example as user SYSTEM:
sapdba [-u system/<system_password>]

-> Main menu -> m: User and security -> p: Change password
-> a - Password entering mode (invisible/visible)
-> b - User
-> c - Change password

With the interactive entry, the password can be entered in the background (default) if it does not exceed a maximum of 8 characters. Longer passwords up to a maximum of 30 characters can only be entered in the foreground.

Source code corrections