Changing expired password with OCIPasswordChange

I know that ODP.NET has a option to open a connection with a new password when the old one has expired. I'm using System.Data.OracleClient from .Net instead of ODP because I'm using the Instant Client, which does not seem to work with ODP. Can somebody tell me how to call OCIPasswordChange?

Hi,
OCIPasswordChange is an OCI call. You'd have to write a complete OCI application in C to be able to use that, and OCI coding isnt for the faint of heart.
I do have a complete OCI sample that does it though.. here you go.
Cheers,
Greg
This sample demonstrates the use of OCIPasswordChange once the
password has expired, which requires setting the session into
the service context. Tested with oci 8.1.5, vc++ 6.0 sp3.
first create the user with expired password:
SQL> create user testuser identified by oldpass password expire;
SQL> grant create session to testuser;
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <oci.h>
static OCIEnv          *p_env;
static OCIError          *p_err;
static OCIServer *p_srv;
static OCISession *p_ses;
static OCISvcCtx     *p_svc;
void main()
     int          rc;
     char     errbuf[100];
     int          errcode;
     // Step 1: Initialize OCI
     rc = OCIInitialize((ub4) OCI_DEFAULT, (dvoid *)0,
          (dvoid * (*)(dvoid *, size_t)) 0,
          (dvoid * (*)(dvoid *, dvoid *, size_t))0,
          (void (*)(dvoid *, dvoid *)) 0 );
     // Step 2: Initialize the OCI evironment
     rc = OCIEnvInit( (OCIEnv **) &p_env, OCI_DEFAULT, (size_t) 0, (dvoid **) 0 );
     // Step 3: Initialize the OCI handles
     rc = OCIHandleAlloc( (dvoid *) p_env, (dvoid **) &p_err, OCI_HTYPE_ERROR,
          (size_t) 0, (dvoid **) 0);
     rc = OCIHandleAlloc( (dvoid *) p_env, (dvoid **) &p_svc, OCI_HTYPE_SVCCTX,
          (size_t) 0, (dvoid **) 0);
     rc = OCIHandleAlloc( (dvoid *) p_env, (dvoid **) &p_srv, OCI_HTYPE_SERVER,
          (size_t) 0, (dvoid **) 0);
     rc = OCIHandleAlloc((dvoid *) p_env, (dvoid **)&p_ses, (ub4) OCI_HTYPE_SESSION,
          (size_t) 0, (dvoid **) 0);
     // Step 4: Connect using a mutli-session connect
     rc = OCIServerAttach( p_srv, p_err,
          (text *)"local", 5, 0);
     // Create a server context
     rc = OCIAttrSet( (dvoid *) p_svc, OCI_HTYPE_SVCCTX,
          (dvoid *)p_srv, (ub4) 0,
          (ub4) OCI_ATTR_SERVER, (OCIError *) p_err);
     // Create a session context
     rc = OCIAttrSet((dvoid *) p_ses, (ub4) OCI_HTYPE_SESSION,
          (dvoid *) "testuser", (ub4) 8,
          (ub4) OCI_ATTR_USERNAME, p_err);
     rc = OCIAttrSet((dvoid *) p_ses, (ub4) OCI_HTYPE_SESSION,
          (dvoid *) "oldpass", (ub4) 7,
          (ub4) OCI_ATTR_PASSWORD, p_err);
     rc = OCIAttrSet((dvoid *) p_svc, (ub4) OCI_HTYPE_SVCCTX,
          (dvoid *) p_ses, (ub4) 0,
          (ub4) OCI_ATTR_SESSION, p_err);
     // Open the session on the server
     rc = OCISessionBegin ( p_svc, p_err, p_ses, OCI_CRED_RDBMS,
          (ub4) OCI_DEFAULT);
     // This is a generic error checking routine
     if (rc != 0)
          OCIErrorGet((dvoid *)p_err, (ub4) 1, (text *) NULL, &errcode,
               (text*)errbuf, (ub4) sizeof(errbuf), OCI_HTYPE_ERROR);
          printf("Error - %.*s\n", 512, errbuf);
          // If the error is a 28001, change the password.
          if(errcode==28001)
               // You need to set the Session into the service context
               // before you can call OCIPasswordChange(), and you also need
               // to allocate both the session and service context handles
               // before hand. Then you can call OCIPasswordChange.
               rc = OCIAttrSet((dvoid *)p_svc, OCI_HTYPE_SVCCTX,
                    (dvoid *)p_ses,0,OCI_ATTR_SESSION, p_err);
               rc = OCIPasswordChange(p_svc, p_err, "testuser",8,
                    "oldpass",7, "newpass",8, OCI_DEFAULT);
               if(rc != 0) printf("Password change failed.\n");
               else printf("Password successfully changed.\n");
     // Step 10: Disconnect from the server and free the
     rc = OCIServerDetach( p_srv, p_err, OCI_DEFAULT );
     rc = OCIHandleFree((dvoid *) p_srv, OCI_HTYPE_SERVER);
     rc = OCIHandleFree((dvoid *) p_svc, OCI_HTYPE_SVCCTX);
     rc = OCIHandleFree((dvoid *) p_err, OCI_HTYPE_ERROR);
     printf("Disconnected.\n\n");
     return;
}

Similar Messages

  • 802.1X cannot change expired password at login

    Hi all,
    I'm trying to roll out 802.1X authentication for wifi access at my company, however there's one major problem I can't for the life of me figure out. I'm not able to get the Macs to prompt for a password change when the password has expired at login.
    On Windows when you log in it will prompt you to change your password when it's expired. However on OSX when you're on the workstation login screen, you can see the wireless icon briefly connect, then it will think for a bit and the user cannot log in at all.
    OSX can definitely can change expired passwords via 802.1X, as if I log into a local account and connect to the wifi with the user whose password has expired, it will prompt to change it, and changes it successfully.
    I'm using NPS for RADIUS authentication against AD, and using Profile Manager in OSX Server to create the 802.1X profile.
    Does anyone have any experience with OSX and using WPA Enterprise/802.1X Profiles?
    Thanks!

    Hi,
    Can you post a screenshot for this situation?
    Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
     current credential provider via the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
    You should compare the result with the values in the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
    If the current value is third party credential provider, try to disable it:
    To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
    The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
    If you have any feedback on our support, please click
    here
    Alex Zhao
    TechNet Community Support

  • Changing expired password

    Is it possible to change expired password from JDBC 2.0?

    By JS page, I'm assuming you mean JSP (Javaserver Page?)
    The answer greatly depends on the middle-tier technology you are using.. For example straight JDBC, BC4J etc..
    If you give more info on your middle tier technology we could probably help out better..
    -Chris

  • What are the possible reasons why I cannot reactivate using my AppleID, even though I already change its password with the help of Apple personel

    What are the possible reasons why I cannot reactivate my Iphone5 using my AppleID, even though I already change its password with the help Apple personel

    If the password for your Apple ID works at id.apple.com > Manage Apple ID, then it's likely that the Apple ID the device wants you use is not the same as the Apple ID you are using.
    Exactly what screen are you at on your iPhone?  It sounds like it is in Activation Lock.

  • Changing expired password on a cbckend database from a frontend database

    I have a split database with an Oracle backend (BE) and MS Access frontend (FE). My question is how to reset an expired password on the BE from the FE.
    If I log on to the backend via sqlplus an error ORA-28001 (Password expired) occurs and the system immediately prompts for a new password before completing the login process.
    If I log on from the frontend I get the same ORA error from the BE, but as far as I can tell, I can't reset the password from the FE.
    I can capture the error fine at the FE and I am thinking that I could use this to open a dialog to reset the password and change it over the ODBC connection. The problem is that I need to get a connection to the BE database before sending a command to change the password from the FE, but since login cannot be completed from the FE, because of the expired password, I can't get an ALTER USER statement to execute on the BE to reset the password.
    Is there a way to change a pre-expired password on an Oracle backend database from a frontend database? I don't see this as an Oracle/Access problem but as a problem that exists for any split database.

    I have thought about this a little and I am thinking about keeping a table of password update information. I can use this to create a "soft" expired password, using an expiration date in the table for each account. If the password is expired by the database then we can just update it with sqlplus or one of the other options.
    As far as getting the organization to change it is waaaay to big and stupid to change their policy.

  • JSSO change expired password

    Hi,
    Does JSSO has support to enable users to change their password when it expires (we use OID with passwd policies)?
    If not, is there an alternative method of authenticating users agains ldap(OID) with functionality to change passwords and notify when a user is in his grace period.
    We want to use/create one authentication/authorisation instance which we can use for multiple applications.
    Kind regards,
    Albert

    JSSO usually uses a xml file to store the passwords. When you use OID it implies that you already have an AS Infrastructure.
    Why don't you use the Oracle SSO server?
    It does solve a part of your problem.
    Unfortunately the issue with the grace periods (or better to receive a notification before your password expires) is not yet solved. You need to build your own (nifty script scanning the last pwd change time and the expiration time).
    cu
    Andreas

  • Expired passwords with LEAP

    Hello,
    Does LEAP support expired passwords from the Active
    Directory?
    When I login with LEAP( my username and passowrd is forwarded by the ACS to the domain controller), if my password gets expired on the domain controller.
    LEAP does not give me the option to change my password.
    I am unable to login.
    Any suggestions ?
    regds

    LEAP does not support MS-CHAP v2, only MS-CHAP v1. Like the previous poster stated, they have no plans to make any changes.
    Danny

  • User cannot change expired password at logon

    Hi
    I've got 4 Fujitsu laptop with Windows 7 business SP1 x64 (Fujitsu setup). When the domain password expired, users cannot change their password at logon. Also, they can change password in their opened session before it expire (CTRL+ALT+DEL ==>
    change password).
    The change password at logon windows is buggy : It only display one field to put password in, the confirmation field does not display.
    When user valid is change, Windows display error "wrong username or password ". Only way to unlock this situation is to reset user password in ADUC and never let expire.
    I seen no sofware or driver wich could interfe.
    Domain controler (only one) is Windows server 2012 standard.
    Has somebody ever seen this type of problem ?

    Hi,
    Can you post a screenshot for this situation?
    Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
     current credential provider via the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
    You should compare the result with the values in the following path:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
    If the current value is third party credential provider, try to disable it:
    To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
    The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
    If you have any feedback on our support, please click
    here
    Alex Zhao
    TechNet Community Support

  • User can't change expired password

    Hi,
    Using Solaris 9 Clients and DS 5.2p4.
    In my old NIS+ installation users with expired passwords (not expired accounts!!) where foreced to change their password during login.
    Now using ldap naming service, such users are NOT asked to change their passwords, they just can't login, seeing:
    Your password has expired.
    Access denied
    Using keyboard-interactive authentication.
    Password:Is this a bug, a feature or do I need to change my config?
    my pam.conf looks like:
    other   auth requisite          pam_authtok_get.so.1
    other   auth required           pam_dhkeys.so.1
    other   auth binding            pam_unix_auth.so.1 server_policy
    other   auth required           pam_ldap.so.1 use_first_pass
    other   account requisite       pam_roles.so.1
    other   account required        pam_projects.so.1
    other   account required        pam_unix_account.so.1 server_policy
    other   account required        pam_ldap.so.1
    other   password required       pam_dhkeys.so.1
    other   password requisite      pam_authtok_get.so.1
    other   password requisite      pam_authtok_check.so.1
    other   password required       pam_authtok_store.so.1 server_policyThe only workarround I found so far is, to change the account flag to optional
    other   account optional        pam_ldap.so.1This allows the user to login, but he is still not forces to change his password.

    There is a way arround.
    The password policy which appies to this user needs to have passwordExpireWithoutWarning=off.Than the user gets a "new chance". His passwordexpirationtime gets expended to the current date + passwordWarning periode. This allows the user to login and change his password. In adddition passwordexpwarned=1 for this user is set, to prevent doing this over and over.
    See Sun Document 75326
    http://sunsolve.sun.com/search/document.do?assetkey=1-25-75326-1
    Message was edited by:
    mzeilinger

  • How can i add a new user and change user'password with javamail?

    how can i add a new user and change user'password from a mailserver with javamail?
    email:[email protected]

    Well user creation and updation is a system property..U need to go through that part...as it depends on the system you are hosting pout your application...
    if it is linux...u have to use some shell programming\
    bye for now let me know if this guides you or if you need some more stuff.
    bye

  • Changing expired password in forms 6.0

    I'm trying to offer a possibility to users to change their passwords.
    in forms they user is prompt to change is password, but after changes an validation the message FRM-10201 Impossible de changer le mot de passe (unable to change the password)
    When i try it on sql plus i got this :
    SQL> connect ntci/ntci@post
    ERREUR:
    ORA-28001: le mot de passe est expiré
    Modification de mot de passe pour ntci
    Ancien mot de passe : *****
    Erreur du système d'exploitation (Operating system error, password not modified)
    Mot de passe non modifié
    I dont know what is happening.
    Would you mind helping me

    Thank you for replying to my message.
    I've read in doc 52718.1 that from forms release 6.0 it is possible to handle this situation.
    After expiring the password an trying a connection, the system first prompt that the password is expired and ask for a password replacement but this never reach (the operating system error is raised).
    I'm using Forms 6.0 against Database 9.0.2..on windows XP client
    Maybe this could explain moore
    thank you once again

  • Changing expired password from a JS page

    Hi,
    We are developing an application in which one JS page will be used to login to the database using database user id and password. If the database user id has expired then the JS page will display another JS page to change the password. While displaying the change password page can be accomplished by trapping the ORA-28001 error, can anybody tell me how actually to go about in changing the password for the user. I am not allowed to hardcode any userid and password in the JS pages for achieving this.
    Thanks in advance.
    Cheers,
    Lala

    By JS page, I'm assuming you mean JSP (Javaserver Page?)
    The answer greatly depends on the middle-tier technology you are using.. For example straight JDBC, BC4J etc..
    If you give more info on your middle tier technology we could probably help out better..
    -Chris

  • Change expired password using oracle jdbc thin driver

    Hello,
    I have a java program that uses the oracle jdbc thin driver (ojdbc6 - version 11.2.0.3) for database connection. My question is if I have any possibility to change an expired password (java.sql.SQLException: ORA-28001: the password has expired) using the thin driver - NOT OCI?

    No - the thin driver doesn't have any password management features.

  • Change user password with CUA

    When I attempt to change a password on a CUA child, I enter tocde SU01 and enter the account. The I was to reset password via the icon. When I select the change password icon (shift+ F8) and then the popup window appear to prompting you to enter and reenter password.
    After I enter new pwd twice the screen stays nothing happen pop screen stay up and no status is reported back on the status bar at the bottom.
    If I open up the account and change it via logon data table the change.reset password works fine.
    Any ideas?
    Mikie B.

    There was a similar (unconclusive) discussion recently ( Screen not getting refreshed after reseting password ), for which I found the following thread:
    Password generation problem
    Maybe that can help.

  • Getting invalid username/ password when trying to change expired password

    I am using Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production.
    I created a user with password expire option and gave create session grant. When I tried to connect with the user it gives me password expired message as expected but when I try to put new password it gives me invalid username/password as show below. I have tried many times and made sure new password and retype new password are same and long enough.
    Could anyone please advice what am I missing?
    SQL> conn schu/xxx@abc
    ERROR:
    ORA-28001: the password has expired
    Changing password for schu
    New password: ********
    Retype new password: ********
    ERROR:
    ORA-01017: invalid username/password; logon denied
    Password unchanged
    SQL>

    spur230 wrote:
    sb92075 wrote:
    spur230 wrote:
    It works that way but I need to use password expire option.
    I see the words, but do not understand what they/you mean.The code you asked me to run work perfectly but I am getting ORA-01017 when I use password expire option.
    With your code if I do
    alter user schu password expire.
    It will ask me to enter new password and verify password after which I am getting
    ERROR:
    ORA-01017: invalid username/password; logon deniedI am not sure what you are doing & doing wrong; but it works OK for me.
    SQL> CREATE USER USER3 IDENTIFIED BY USER3 PASSWORD EXPIRE;
    User created.
    SQL> GRANT CREATE SESSION TO USER3;
    Grant succeeded.
    SQL> CONNECT USER3/USER3
    ERROR:
    ORA-28001: the password has expired
    Changing password for USER3
    New password:
    Retype new password:
    Password changed
    Connected.
    SQL> CONNECT USER3/USER4
    Connected.
    SQL> show user
    USER is "USER3"
    SQL>

Maybe you are looking for

  • Quantity in Sales order

    Hi, I have the scenario like Sales order --> Delivery --> Invoice --> Accounting.. Once i create Delivery document with reference to Sales order, the quantity in the sales order line item should not alove any changes. where can i control this... Pls

  • Cups Job History shows Name 'Unknown' User 'Withheld'

    We have previously used the cups interface to review our print job history and indenify problems with jobs that went missing at the press. This worked great in previously versions of OS X, but in Lion every job we send, regardless of what printer we

  • Edit a PDF file

    In the past I have been able to edit PDF downloads, But I am now unable to do so. Example being, when I downloaded the last two PDF forms from separate sources, I have not been able to Fill in the blanks, so that I can print, sign and return as reque

  • Increasing sensitivity of Firefox Skype Click-to-C...

    Hello! I'd like to edit the regular expressions used by the Firefox Click-to-call plugin. I work online, and unfortunately the phone numbers we use are entered by the workers in a text field, and therefore frequently aren't properly formatted, so I'd

  • Help! Safari keeps quitting unexpectedly, tamedosvfor.tmp seems to be the issue. What is it? how do I get rid of it?

    Help! I don't know what to do. Safari keeps quitting. What is TameDosvfor.tmp? Can I get rid of it?