Depending on how the Oracle Exadata Machine was setup, the password for user accounts can expire thus requiring the password to be changed.
This has the knock on effect of the crontab not being accessible and more importantly jobs do not run:
[oracle@v1ex1dbadm01 ~]$ crontab -l Authentication token is no longer valid; new one required You (oracle) are not allowed to access to (crontab) because of pam configuration. [oracle@v1ex1dbadm01 ~]$
You can check the pam configuration for the password expiry as shown below as the root user:
[root@v1ex1dbadm01 ~]# chage -l oracle Last password change : Dec 11, 2017 Password expires : Mar 11, 2018 Password inactive : never Account expires : never Minimum number of days between password change : 1 Maximum number of days between password change : 90 Number of days of warning before password expires : 7 [root@v1ex1dbadm01 ~]#
We can see the password expired on the 11th March 2018, hence why the crontab jobs are not running since then.
To change, so the password doesn’t expire, use chage as shown below:
[root@v1ex1dbadm01 ~]# chage -d 9999 -E -1 -m 0 -M -1 oracle
The manual page for chage explains the switches:
-d, --lastday LAST_DAY Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). If the LAST_DAY is set to 0 the user is forced to change his password on the next log on. -E, --expiredate EXPIRE_DATE Set the date or number of days since January 1, 1970 on which the user´s account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again. Passing the number -1 as the EXPIRE_DATE will remove an account expiration date. -m, --mindays MIN_DAYS Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change his/her password at any time. -M, --maxdays MAX_DAYS Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change his/her password before being able to use his/her account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning. Passing the number -1 as MAX_DAYS will remove checking a password´s validity.
Now, when re-checking the password expiry, you can see it’s changed to ‘never‘:
[root@v1ex1dbadm01 ~]# chage -l oracle Last password change : May 01, 2008 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : -1 Number of days of warning before password expires : 7 [root@v1ex1dbadm01 ~]#
And we didn’t need to change the password for the user and the crontab job work again 🙂
This doesn’t just apply to Exadata but to Linux.
See Related MOS Note:
Expiry of user accounts on Oracle Linux 5 (Doc ID 2327855.1)
If you found this blog post useful, please like as well as follow me through my various Social Media avenues available on the sidebar and/or subscribe to this oracle blog via WordPress/e-mail.
Zed DBA (Zahid Anwar)