Change user password , when DB is in mount state

Hello,
1. How to check user status , when database is in MOUNT stage. ? (Locked/Expired)
2. Is it possible to change the password of the user SYSTEM , while database is in mount state.?
If DB is open , we can query DBA_USERS table and can get the details of users (username, account_status,lock_date,expiry_date, etc...)
But , is it possible to query these data, when the DB is in MOUNT state.
3. Im having SYS authority. I want to change the password of SYSTEM user, and make SYSTEM unlock in the Standby Database. (Which is in mount state).
How can i do this?
regards,
Zerandib

How to check user status , when database is in MOUNT stage. ? (Locked/Expired)You cannot check the user status when the database is in mount stage. You need to have the database is open mode to check the status of the users.
Is it possible to change the password of the user SYSTEM , while database is in mount state.?It is not possible to change the password of any user when the database is in mount state. Open the database and then change the password.
If DB is open , we can query DBA_USERS table and can get the details of users (username, account_status,lock_date,expiry_date, etc...)
But , is it possible to query these data, when the DB is in MOUNT state.No. Not possible.
3. Im having SYS authority. I want to change the password of SYSTEM user, and make SYSTEM unlock in the Standby >Database. (Which is in mount state).
How can i do this?Answer to this question was given in your previous thread created nearly 12 hours back. It makes no sense to change the password on the standby database. It a mirrored copy of your primary database.
Change the password of the user in primary database and perform a log switch. The password would be changed on the standby as soon as the log is applied on the standby database.
Whenever you try to change the password of a user in mount stage,you get an error message saying "shutdown is in progress". So change it only when the database is open

Similar Messages

My number 5 key is not working and my password has a number 5 in it. How can I change my password when I'm signed in on another account or as guest user? I need help :(

My number 5 key is not working and my password has a number 5 in it. How can I change my password when I'm signed in on another account or as guest user? I need help

- If the "other" account has administrative privileges then just try changing the PW for your account.
- Forgot Mac Password? How to Reset Your Mac Password (with or without CD)
Change the Admin Password with Mac OS X Single User Mode
Reset mac mini admin password: Apple Support Communities
- If the problem is due to a bad KB just get a new KB

Best way to create a "change user password" site?

Hi,
I want to provide my users with a page where they can change their password. I thought that I could just use the one from the system application (changepw.htm). But it doesn't feature the design2003 and my application has to have a consistent look and feel.
So I copied it and tried to get it working but that wasn't possible because it relies on an application class which I can't get working (it relies on the IF_BSP_APPLICATION_EVENTS) because I don't want to use it as a general application-class and so some methods will not be called.
It seems that the only choice left is to start my own site which will reuse most of the code from the system application class. But before I start reinventing the wheel I would like to know: How have you implemented this functionality?

Hi Deepak,
My approach was the following. I created a new controller and a new view for the password site. Then I extracted all the useful methods from the CL_BSP_LOGIN_APPLICATION class and put it in my controller class. I recycled all the translation stuff so that the page is available in different languages and I also used a lot code from the CHANGE_PW_PROCESSING method. I think it took me nearly a day to get everything working. The most annoying part was testing it because our sap system didn't allow you to change your password twice a day so I had to use lots of test user accounts
Regarding your other question. I have never worked with the BW but from a technical standpoint I am sure that it's possible to change your password when https/SSO is not enabled. But I would never allow my users to change their password when they are not using https.

Problem with Notifications on Create User/ Change User Password

Hello,
I'm having a problem sending emails to users when an account is created in OIM.
I added a notification to the user and user's manager on the Create User task in the Xellerate User process definition but the emails are not being sent.
I know that if I create another task with the purpose of sending emails and invoke it through the response in the Create User task, it will work.
My aim is to avoid adding tasks for something OIM should be able to do OOTB.
I'm also unable to send an email when a password is updated.. I did the same thing as for the Create User and I know the task (Change User Password) is being invoked by looking at the logs but the emails aren't being sent.
Has anyone ran into such problems?
I'm having these problems in the Xellerate User process task.. i've added notifications in other process tasks (mainly approval tasks) and they are working fine.
Thanks in advance

Hi,
I am just confuse with your response.Have you added the "Password Updated" task in xellerate user provisioning process?
Now if you changing password in OIM profile it will trigger "Change User Password" task not the "Password Updated" task and even if you add "Password Updated" task on Xellerate User provisioning task you can't see this task in Resource Details.
Now assume if you added your notification on "Password Updated" task of any resource which user is provisioned to even then when you change oim password it only trigger "Change User Password" task.So try to have your notification on "Change User Password" task.
Please clarify so that I can response correctly.
Regards
Nitesh

Delay in the change user password OIM 11g

Hi guys,
I have a problem with OIM 11g. The user accesses the OIM to do change your password, when the message that password is changed show, the user executed log-off and try access with new password, but the new password isn't accepted.
The new password is posted to AD immediately.
Only after of some time, the new password is accepted in OIM.
I need the new password is applied as in AD. When changing the password.
Someone know resolve this issue??
Thanks

I don’t think this is possible. You can add some delay while changing target system password. But not guarantee.

Procedure/package to change user password through plsql gateway

I'm not sure is this the right place to ask, but I don't know anywhere better.
I'm using Oracle 817 with the apache that bundled. I use the plsql gateway (mod_plsql). I want to create a page for user to change their password, however, I don't know how to verify the existing password of the user before changing to a new password. Also, how can I change the password, is there a standard procedure to do that?
One more question, when I key in the following:
http://myhost/pls/my_dad/my_schema.my_procedure
the web server return a page with lots of cgi environment (assuming the my_procedure doesn't exist), how can I customise this page?
thx.

To ensure security of the Oracle database system and prevent unauthorized access to the Oracle database, it’s important for Oracle users to not only using strong and long Oracle passwords to avoid brute force or dictionary attacks, but also to change the Oracle user password regularly. Oracle users also have to change the password when the password has or going to expire, if database system administrator implements and enforces strict password control with PASSWORD_LIFE_TIME option for user profiles which limits the number of days the password can be used for authentication to login to the system.
To change the Oracle password, users can use SQL*Plus or Oracle SQL and PL/SQL language interface administration tool such as Toad for Oracle. No matter what SQL apps you use, the commands and SQL query languages used to change the password are similar.
There are two SQL command syntaxes that can be used to change Oracle database user password:
ALTER USER user_name IDENTIFIED BY new_password;or (from Oracle8 and above):
PASSWORD
For above SQL query, if you need to change another user’s password, use the following command:
PASSWORD user_name
For PASSWORD command, after you press Enter, you will be prompted to input the old password and new password interactively. For example:
SQL> password
Changing password for DAVID
Old password:
New password:
Retype new password: Note: You need to have enough privileges to change other Oracle user’s password.
As the variable in italic implied by name, user_name is the user whose password wishes to be changed, and new_password is the new password to assign.
As ALTER USER SQL syntax will send the new password to the Oracle database server unencrypted if use without Advanced Security Option, and thus expose to security risk, Oracle users should always use the PASSWORD command to change the Oracle user password.

User Passwords Rejected on AFP share mounts?

User Passwords Rejected on AFP share mounts?
(OK, my last post got buried, and perhaps too long), try again. Very brief
Issue:
After so many days, a User's AFP share password is rejected? What gives.
If you reset it, several days later, same thing, rejected.
Is Netinfo Database corrupted, what can / should be done?
- Stand Alone server (with AFP and FTP services running, all other services off, not running.
Summary Info for user having issue:
Location: 192.168.0.50/NetInfo/DefualtLocalNode
Home: No Home Directory
Primary Group: Users (20)
Password: Shadow Password
I have deleted that troublesome user name and created a new name (for that user), just in case, in the re-creation of the same user name (after deletion) some corruption gets inherited.
thanks,
macguitarman
Power Mac G5 Dual 2.0 Mac OS X (10.4.7)

Using Tiger Server, I have found that enabling ACLs, or Access Control Lists on the volume, and then specifying users and/or groups into the specific ACLs for the share point has been very helpful. Also note that 10.4.10 server seems to work better than 10.4.11, so if you haven't upgraded, don't go beyond 10.4.10. .11 seems to have some permissions issues and other problems.
I assume you are connecting to the server via AFS (i.e. Go > Connect to Server > ip address) and not SMB? SMB sometimes is more problematic about ownership. But either way, Mac or PC clients, it seems ACLs are the way to go.
Crazy as it seems, on my server, even if the owner is, say, admin, and the group with r/w permissions is, say, Prepress, it helps to specifically add the Prepress group to the ACL for that share. Then be sure to propagate the permissions down (unless you don't want to, for some reason). To do this, click the little gear icon and propagate all the permissions -- owner, group, acl, etc. down. This will take a bit of time depending on how much stuff you have. I also find that a server reboot can be helpful.
[[ All this said, 10.5.1 seems to do some crazy things, and I hope 10.5.2 addresses them. I have one machine (not user ID) that always creates a folder on a share with no permissions for anyone. Only from that Mac; the same login on another works just fine. Go figure]]

Change User password not working in SAP ME 6.0

Hi,
In SAP ME 6.0 SP01 6.0.1.0 Counter 40, the activity "Change User Password" does not work for me or any other user.
The activity window (Netweaver) shows, but in the top it says "An error occurred - contact system administrator".
This is the output from the default trace file. Seems my user is not authorized, but where do I set this authorization?
Br,
Johan
#2.0 #2011 09 06 11:15:11:064#+0200#Error#com.sap.security.core.wd.jmxmodel.JmxModelComp#
#BC-JAS-SEC-UME#sap.com/tcsecumewduimodel#C0000AD3034800820000000100000450#9934850000000004#sap.com/tcsecumewdkit#com.sap.security.core.wd.jmxmodel.JmxModelComp#JONORD#16##380199ECD86811E088C3000000979802#ae0e9d52d86811e08e7a000000979802#ae0e9d52d86811e08e7a000000979802#0#Thread[HTTP Worker [@312363456],5,Dedicated_Application_Thread]#Plain##
public void supplyCompany(IPrivateJmxModelCompInterface.ICompanyNode node, IPrivateJmxModelCompInterface.IContextElement parentElement)
[EXCEPTION]
com.sap.engine.services.jmx.exception.JmxSecurityException: Caller JONORD not authorized, required permission missing (javax.management.MBeanPermission -\#getCompanyConceptEnabled[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
     at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)
     at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)
     at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)
     at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:288)
     at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)
     at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)
     at com.sap.security.core.jmx._gen.IJmxServer$Impl.getCompanyConceptEnabled(IJmxServer.java:1415)
     at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.supplyCompany(JmxModelCompInterface.java:1498)
     at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.supplyCompany(InternalJmxModelCompInterface.java:710)
     at com.sap.security.core.wd.jmxmodel.wdp.IPublicJmxModelCompInterface$ICompanyNode.doSupplyElements(IPublicJmxModelCompInterface.java:4301)
     at com.sap.tc.webdynpro.progmodel.context.DataNode.supplyElements(DataNode.java:110)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.createMappedElementList(MappedNode.java:78)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.supplyElements(MappedNode.java:71)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.createMappedElementList(MappedNode.java:78)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.supplyElements(MappedNode.java:71)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElements(Node.java:270)

Hi,
Change User Password screen is in fact user self services screen of NW UME and to access it, user must have Manage_My_Password action. Installation and Security Guide ask to assign this action to all roles.

How can i add a new user and change user'password with javamail?

how can i add a new user and change user'password from a mailserver with javamail?
email:[email protected]

Well user creation and updation is a system property..U need to go through that part...as it depends on the system you are hosting pout your application...
if it is linux...u have to use some shell programming\
bye for now let me know if this guides you or if you need some more stuff.
bye

How can i change my password when i open my mac?

where do I go to change my password when i login?

Change password?
http://support.apple.com/kb/PH10746
Reset Password?
OS X 10.7 Lion /10.8 MountainLion
Follow the instructions in the first and the third boxes.
http://pondini.org/OSX/Password.html
Note
Keychain
http://support.apple.com/kb/TS1544
Best.

Who can I call about the email message to change my password when I haven't requested this

Who can I call about email messages to change my password when I have not requested this

See my reply to your earlier post.

Why cant i change user password or pwdlastset after delegation for only certain users in an ou?

I remembered a while ago I used delegate control to assign the ability to reset pwd and reset change on next logon. It seems to work for some users but not others in same ou. effective permissions shows I have write access to the attribute for
the user; see imgur link below. the box for change pwd at next logon is gray. attribute editor tab doesn't allow me to edit it either. domain admins can change it. I'm wondering what else I should check out cus everything I know says
I have the right to change it.
forest / domain level 2003
http://imgur.com/1VHuh7h
mydomain\Allow Reset Win Pwd was used for delegation and the user trying to change the password is a part of that group. they are also a member of account operators
Owner: mydomain\Domain Admins
Group: mydomain\Domain Admins
Access list:
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow mydomain\Domain Admins SPECIAL ACCESS
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 DELETE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow mydomain\Enterprise Admins SPECIAL ACCESS
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 DELETE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow BUILTIN\Administrators SPECIAL ACCESS
 DELETE
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 DELETE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow NT AUTHORITY\Authenticated Users
 SPECIAL ACCESS
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow NT AUTHORITY\SYSTEM FULL CONTROL
Allow mydomain\Allow Reset Win Pwd SPECIAL ACCESS <Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow BUILTIN\Terminal Server License Servers
 SPECIAL ACCESS <Inherited
from parent>
 READ PERMISSONS
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
Allow mydomain\Enterprise Admins FULL CONTROL <Inherited from parent>
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 LIST CONTENTS
Allow BUILTIN\Administrators SPECIAL ACCESS <Inherited from parent>
 DELETE
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow mydomain\Delegate-Join-Domain-Rights
 SPECIAL ACCESS for computer
<Inherited from parent>
 CREATE CHILD
Allow Everyone SPECIAL ACCESS for computer <Inherited from parent>
 CREATE CHILD
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Account Restrictions
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Account Restrictions
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Logon Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Logon Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Group Membership
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for General Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for General Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Remote Access Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Remote Access Information
 READ PROPERTY
Allow mydomain\Cert Publishers SPECIAL ACCESS for userCertificate
 WRITE PROPERTY
 READ PROPERTY
Allow BUILTIN\Windows Authorization Access Group
 SPECIAL ACCESS for tokenGroupsGlobalAndUniversal
 READ PROPERTY
Allow BUILTIN\Terminal Server License Servers
 SPECIAL ACCESS for terminalServer
 WRITE PROPERTY
 READ PROPERTY
Allow mydomain\Allow Reset Win Pwd SPECIAL ACCESS for pwdLastSet <Inherited from parent>
 WRITE PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Account Restrictions
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Logon Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Group Membership
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for General Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Remote Access Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Terminal Server License Servers
 SPECIAL ACCESS for accountExpires
<Inherited from parent>
 WRITE PROPERTY
Allow BUILTIN\Terminal Server License Servers
 SPECIAL ACCESS for Terminal Server
License Server <Inherited from parent>
 WRITE PROPERTY
 READ PROPERTY
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
 SPECIAL ACCESS for tokenGroups
<Inherited from parent>
 READ PROPERTY
Allow NT AUTHORITY\SELF SPECIAL ACCESS for Private Information <Inherited from parent>
 WRITE PROPERTY
 READ PROPERTY
 CONTROL ACCESS
Allow Everyone Change Password
Allow NT AUTHORITY\SELF Change Password
Allow mydomain\Allow Reset Win Pwd Reset Password <Inherited from parent>
Permissions inherited to subobjects are:
Inherited to all subobjects
Allow mydomain\Enterprise Admins FULL CONTROL <Inherited from parent>
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 LIST CONTENTS
Allow BUILTIN\Administrators SPECIAL ACCESS <Inherited from parent>
 DELETE
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow mydomain\Delegate-Join-Domain-Rights
 SPECIAL ACCESS for computer
<Inherited from parent>
 CREATE CHILD
Allow Everyone SPECIAL ACCESS for computer <Inherited from parent>
 CREATE CHILD
Allow NT AUTHORITY\SELF SPECIAL ACCESS for Private Information <Inherited from parent>
 WRITE PROPERTY
 READ PROPERTY
 CONTROL ACCESS
Inherited to group
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
 SPECIAL ACCESS for tokenGroups
<Inherited from parent>
 READ PROPERTY
Inherited to computer
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
 SPECIAL ACCESS for tokenGroups
<Inherited from parent>
 READ PROPERTY
Inherited to group
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Inherited to inetOrgPerson
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Remote Access Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for General Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Group Membership
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Logon Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Account Restrictions
<Inherited from parent>
 READ PROPERTY
The command completed successfully

I think this is a problem with the user object rather than the ou. Reasoning is that I can reset a password for a user in the same OU but not for another user in the same OU. Two users, same ou. I can reset one but not the other.
Effective Permissions shows I am granted permisiion to do so.
I believe the error was access denied when we tried to change the password via vbscript.
@seansobey - I applied the delegation at a ou higher in the tree. I forget how I had it apply down the tree but I confirmed that the acl is correct
and applied to the user
@Travis Vogel - It looks like the user with this problem is a part of Domain Users. I think the ACL is applied to the user because it shows in
the security window and effective permissions shows I have permission to reset the password. However, I see this other user is a part iof the builtin user group and the problematic user account is not. I may try adding the problematic user account
to that group and testing. It'll have to wait until tomorrow though.

How can you create a customized page to change user password?

Hello to all,
I would like to create a customized page for a user to change their password. We are using Portal version 3.0.9 on Windows NT/2000. Currently there is a page in portal where a user can change their password.
I tried linking to that page by copying the shortcut url and adding it as an html portlet. The problem is that we want to direct the users to a
page of our choosing when they click on the "cancel" and "ok" buttons. I read in the forums that there is a selfreg.cmd script.
I also read that there is some code that has been available.
Has anyone implemented a customized user password change page? Do you know of any links that might have steps to follow or
more informatioin?
Thanks in advance,
Lindsay

Hi,
I was able to customize the change password screen through a procedure. This is what I did:
* Created a procedure under the Portal30_sso schema:
CREATE OR REPLACE procedure reports_chage_password
site2pstoretoken in varchar2 default null
,p_username in varchar2 default null
,p_error_code in varchar2 default null
,p_submit_url in varchar2 default null
,p_done_url in varchar2 default null
,p_pwd_is_exp in varchar2 default null
,p_password in varchar2 default null
is
begin
htp.htmlopen;
htp.headopen;
htp.title ('<TITLE of Page>');
htp.headclose;
htp.bodyopen;
htp.p('<table width="100%"><tr><td colspan=2 align=center><IMG SRC=<directory of image if you want>"> <hr> </td></tr>');
htp.p('<tr><td colspan=2 align=center>');
htp.p('');
htp.header(nsize => 1 ,cheader => 'Change Password');
htp.p('');
htp.p('</td></tr><tr><td align=right>');
htp.formopen(curl => p_submit_url );
htp.p('');
htp.p ('Username:');
htp.p('</td><td alight=left>');
htp.p(p_username);
htp.p('');
htp.p('</td></tr>');
htp.formHidden(cname => 'p_username',cvalue => p_username);
htp.br;
htp.p('<tr><td align=right>');
htp.p('');
htp.p ('Old Password: ');
htp.p('');
htp.p('</td><td align=left>');
htp.p ( htf.formPassword(cname => 'p_old_password',csize => 30,cmaxlength => 30) );
htp.p('</td></tr>');
htp.br;
htp.p('<tr><td align=right>');
htp.p('');
htp.p ('New Password: ');
htp.p('');
htp.p('</td><td align=left>');
htp.p ( htf.formPassword(cname => 'p_new_password',csize => 30,cmaxlength => 30) );
htp.p('</td></tr>');
htp.br;
htp.p('<tr><td align=right>');
htp.p('');
htp.p ('Confirm New Password: ');
htp.p('');
htp.p('</td><td align=left>');
htp.p ( htf.formPassword(cname => 'p_new_password_confirm',csize => 30,cmaxlength => 30) );
htp.p('</td></tr>');
htp.p('<tr><td rowsapn=2>');
htp.formHidden(cname => 'p_done_url',cvalue => '<the url that you want users to go to when they are done>');
htp.formHidden(cname => 'p_pwd_is_exp',cvalue => p_pwd_is_exp);
htp.formHidden(cname => 'p_password',cvalue => p_password);
htp.formHidden(cname => 'site2pstoretoken',cvalue => site2pstoretoken);
htp.p('</td></tr>');
htp.p('<tr><td align=right>');
htp.formSubmit(cname => 'p_action',cvalue => 'OK');
htp.p('</td><td align=left>');
htp.formSubmit(cname => 'p_action',cvalue => 'CANCEL');
htp.p('</td></tr></table>');
if p_error_code is not null then
htp.br;
htp.fontOpen(ccolor=> 'red', csize=> 4);
if p_error_code = 'auth_fail_err' then
htp.p('Old password is incorrect');
elsif p_error_code = 'pwd_rule_err' then
htp.p('The new password does not follow '||
'the password policies.');
htp.br;
htp.p('Verify with your System Administrator '||
'about the Password Policies');
elsif p_error_code = 'confirm_pwd_fail_txt' then
htp.p('Confirmation for new passord is not '||
'the same as the New Passowrd');
elsif p_error_code = 'null_new_pwd_err' then
htp.p('New password cannot be null');
elsif p_error_code = 'null_old_pwd_err' then
htp.p('Old password cannot be null');
else
htp.p ('Error: ' || p_error_code );
end if;
htp.fontClose;
end if;
end;
* Grant this procedure to PUBLIC
* Update the portal30_sso.wwsso_ls_configuration_info_$:
UPDATE portal30_sso.wwsso_ls_configuration_info_$
SET LOGIN URL = '<YOUR CUSTOM LOGIN URL OR THE WORD UNUSED IF YOU DON'T HAVE ONE> http://<MACHINE_NAME>.<DOMAIN>/pls/portal30_sso/portal30_sso.<NAME OF PROCEDURE>';
* After you update the table, go to your account information link, and click on the change password link.
* Then copy the url that you see in your address line
* And if you want a change password link at the top of your portal page, just go to EDIT on your page, then edit the banner defaults. Then in the links add the Lable and the URL. The URL would be the URL you copied from the previous step.
Hope this helps.
I've customized the login page too if you would like some sample code for that. Let me know.
Martin

Changing user password in Active Directory using the JNDI GSS-API/Kerberos5

Hello,
I am trying to the JNDI GSS-API to change a user password on an Active Directory Server 2003. I have seen a variation of this using SSL on the thread [*http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0*|http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0]
but I can't seem to make this work using the GSS-API. I can successfully create a javax.security.auth.login.LoginContext.LoginContext and then call the login method on it to log in as a user. I then call the javax.security.auth.Subject.doAs() method which calls the run method in a class extending the javax.security.PrivilegedActionClass. But when I actually try to change the password using InitialDirContext.modifyAttributes(), I get the exception:
*javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190DC9, problem 5003 (WILL_NOT_PERFORM), data 0*
*If anyone can help me figure out why it doesn't work, that would be great!*
P.S: I know the error seems to suggest that there might be some active directory setting that is preventing this from working, but I've checked all relevant settings on the Windows 2003 server Active Directory that I can think of: In the User properties->Account->Account options, I've made sure the user can change password. Also, in the Group Policy->Computer Configuration->Windows Settings->Security Settings->Account Policies->Password Policy, Maximum password age is zero and so is minimum password age.
Here's my java code:
{code}import javax.naming.*;
import javax.security.auth.*;
import java.security.PrivilegedAction;
import java.io.UnsupportedEncodingException;
public void changeSecret((String uid, String oldPassword, String newPassword)
 throws NamingException, ACException{
try {
 K5CallbackHandler cb = new K5CallbackHandler(uid, oldPassword);
 LoginContext lc = new LoginContext("marker", cb);
 lc.login();
 Subject.doAs(lc.getSubject(), new ChangePasswordAction(rz.getName(), oldPassword, newPassword));
 catch(LoginException e) {
 try {
 lc.logout();
 catch(LoginException e) {
}ChangePasswordAction.java is:import javax.naming.*;
import javax.naming.naming.directory.*;
import java.io.UnsupportedEncodingException;
private class ChangePasswordAction implements PrivilegedAction {
 private String uid;
 private String quotedOldPassword;
 private String quotedNewPassword;
 public ChangePasswordAction(String uid, String oldPassword, String newPassword) {
 this.uid = uid;
 quotedOldPassword = "\"" + oldPassword + "\"";
 quotedNewPassword = "\"" + newPassword + "\"";
 public Object run() {
 Hashtable env = new Hashtable(11);
 env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
 env.put(Context.PROVIDER_URL, "ldap://ad2k3:389");
 env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
 try {
 DirContext ctx = new InitialDirContext(env);
 ModificationItem[] mods = new ModificationItem[2];
 byte[] oldPasswordUnicode = quotedOldPassword.getBytes("UTF-16LE");
 byte[] newPasswordUnicode = quotedNewPassword.getBytes("UTF-16LE");
 mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldPasswordUnicode));
 mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newPasswordUnicode));
 ctx.modifyAttributes(uid, mods);
 ctx.close();
 } catch (NamingException e) {
 } catch (UnsupportedEncodingException e) {
 return null;
}K5CallbackHandler is:import javax.security.auth.callback.*;
final class K5CallbackHandler
implements CallbackHandler {
 private final String name;
 private final char[] passwd;
 public K5CallbackHandler(String nm, String pw) {
 name = nm;
 if(pw == null) {
 passwd = new char[0];
 else {
 passwd = pw.toCharArray();
 public void handle(Callback[] callbacks)
 throws java.io.IOException, UnsupportedCallbackException {
 for(int i = 0; i < callbacks.length; i++) {
 if(callbacks[i] instanceof NameCallback) {
 NameCallback cb = (NameCallback) callbacks;
 cb.setName(name);
 else {
 if(callbacks[i] instanceof PasswordCallback) {
 PasswordCallback cb = (PasswordCallback) callbacks[i];
 cb.setPassword(passwd);
 else {
 throw new UnsupportedCallbackException(callbacks[i]);
}The relevant entry in the JAAS.conf file that is referred to as "marker" in the LoginContext constructor is:
marker {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE;

This is one of the two Active Directory operations I have never solved using Java/JNDI. (FYI the other one is Cross Domain Move).
My gut feel is that the underlying problem (which happens to be common to both Change Password & X-Domain Move) is that Java/JNDI/GSSAPI does not negotiate a sufficiently strong key length that allows Active Directory to change passwords or perform cross domain moves when using Kerberos & GSSAPI.
Active Directory requires at a minimum, 128 bit key lengths for these security related operations.
In more recent Kerberos suites and Java versions, support for RC4-HMAC & AES has been introduced, so it may be possible that you can negotiate a suitably string key length.
Make sure that your Kerberos configuration is using either RC4-HMAC or AES and that Java is requesting a strong level of protection. (You can do this by adding //Specify the quality of protection
//Eg. auth-conf; confidentiality, auth-int; integrity
//confidentiality is required to set a password
env.put("javax.security.sasl.qop","auth-conf");
//require high strength 128 bit crypto
env.put("javax.security.sasl.strength","high"); in your ChangePasswordAction class.
You may also want to enable sasl logging in your app to see what exactly is going on and you may also want to check on the Java Security forum how to configure/enforce/check both RC4-HMAC or AES is used as the Kerbeos cipher suite and that a string key length is being used.
Good luck.

How to change user password from default realm programaticaly

Hello,
I would like to know if there are any ways to change a users password from a file
realm through java classes ie . programaticaly.

Thank you for the support.
After looking at the code, I noticed RealmManager is not documented in the BEA
Javadocs. Am I missing something or is it not documented. Lot of other methods
also not documented. Do you have the latest Javadocs?
Thanks
John
"Tom Moreau" <[email protected]> wrote:
>
See message #4589 - it posts the code magic needed
to change the password. The caller doesn't have to
be aware of which realm is being used - that's taken
care of for you.
-Tom
"John M" <[email protected]> wrote:
Hello,
I would like to know if there are any ways to change a users passwordfrom
a file
realm through java classes ie . programaticaly.

Change user password , when DB is in mount state

Similar Messages

Maybe you are looking for