Changing expired password

Is it possible to change expired password from JDBC 2.0?

By JS page, I'm assuming you mean JSP (Javaserver Page?)
The answer greatly depends on the middle-tier technology you are using.. For example straight JDBC, BC4J etc..
If you give more info on your middle tier technology we could probably help out better..
-Chris

Similar Messages

802.1X cannot change expired password at login

Hi all,
I'm trying to roll out 802.1X authentication for wifi access at my company, however there's one major problem I can't for the life of me figure out. I'm not able to get the Macs to prompt for a password change when the password has expired at login.
On Windows when you log in it will prompt you to change your password when it's expired. However on OSX when you're on the workstation login screen, you can see the wireless icon briefly connect, then it will think for a bit and the user cannot log in at all.
OSX can definitely can change expired passwords via 802.1X, as if I log into a local account and connect to the wifi with the user whose password has expired, it will prompt to change it, and changes it successfully.
I'm using NPS for RADIUS authentication against AD, and using Profile Manager in OSX Server to create the 802.1X profile.
Does anyone have any experience with OSX and using WPA Enterprise/802.1X Profiles?
Thanks!

Hi,
Can you post a screenshot for this situation?
Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
current credential provider via the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
You should compare the result with the values in the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
If the current value is third party credential provider, try to disable it:
To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support

Changing expired password on a cbckend database from a frontend database

I have a split database with an Oracle backend (BE) and MS Access frontend (FE). My question is how to reset an expired password on the BE from the FE.
If I log on to the backend via sqlplus an error ORA-28001 (Password expired) occurs and the system immediately prompts for a new password before completing the login process.
If I log on from the frontend I get the same ORA error from the BE, but as far as I can tell, I can't reset the password from the FE.
I can capture the error fine at the FE and I am thinking that I could use this to open a dialog to reset the password and change it over the ODBC connection. The problem is that I need to get a connection to the BE database before sending a command to change the password from the FE, but since login cannot be completed from the FE, because of the expired password, I can't get an ALTER USER statement to execute on the BE to reset the password.
Is there a way to change a pre-expired password on an Oracle backend database from a frontend database? I don't see this as an Oracle/Access problem but as a problem that exists for any split database.

I have thought about this a little and I am thinking about keeping a table of password update information. I can use this to create a "soft" expired password, using an expiration date in the table for each account. If the password is expired by the database then we can just update it with sqlplus or one of the other options.
As far as getting the organization to change it is waaaay to big and stupid to change their policy.

Changing expired password in forms 6.0

I'm trying to offer a possibility to users to change their passwords.
in forms they user is prompt to change is password, but after changes an validation the message FRM-10201 Impossible de changer le mot de passe (unable to change the password)
When i try it on sql plus i got this :
SQL> connect ntci/ntci@post
ERREUR:
ORA-28001: le mot de passe est expiré
Modification de mot de passe pour ntci
Ancien mot de passe : *****
Erreur du système d'exploitation (Operating system error, password not modified)
Mot de passe non modifié
I dont know what is happening.
Would you mind helping me

Thank you for replying to my message.
I've read in doc 52718.1 that from forms release 6.0 it is possible to handle this situation.
After expiring the password an trying a connection, the system first prompt that the password is expired and ask for a password replacement but this never reach (the operating system error is raised).
I'm using Forms 6.0 against Database 9.0.2..on windows XP client
Maybe this could explain moore
thank you once again

Changing expired password from a JS page

Hi,
We are developing an application in which one JS page will be used to login to the database using database user id and password. If the database user id has expired then the JS page will display another JS page to change the password. While displaying the change password page can be accomplished by trapping the ORA-28001 error, can anybody tell me how actually to go about in changing the password for the user. I am not allowed to hardcode any userid and password in the JS pages for achieving this.
Thanks in advance.
Cheers,
Lala

By JS page, I'm assuming you mean JSP (Javaserver Page?)
The answer greatly depends on the middle-tier technology you are using.. For example straight JDBC, BC4J etc..
If you give more info on your middle tier technology we could probably help out better..
-Chris

Changing expired password with OCIPasswordChange

I know that ODP.NET has a option to open a connection with a new password when the old one has expired. I'm using System.Data.OracleClient from .Net instead of ODP because I'm using the Instant Client, which does not seem to work with ODP. Can somebody tell me how to call OCIPasswordChange?

Hi,
OCIPasswordChange is an OCI call. You'd have to write a complete OCI application in C to be able to use that, and OCI coding isnt for the faint of heart.
I do have a complete OCI sample that does it though.. here you go.
Cheers,
Greg
This sample demonstrates the use of OCIPasswordChange once the
password has expired, which requires setting the session into
the service context. Tested with oci 8.1.5, vc++ 6.0 sp3.
first create the user with expired password:
SQL> create user testuser identified by oldpass password expire;
SQL> grant create session to testuser;
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <oci.h>
static OCIEnv          *p_env;
static OCIError          *p_err;
static OCIServer *p_srv;
static OCISession *p_ses;
static OCISvcCtx     *p_svc;
void main()
     int          rc;
     char     errbuf[100];
     int          errcode;
     // Step 1: Initialize OCI
     rc = OCIInitialize((ub4) OCI_DEFAULT, (dvoid *)0,
          (dvoid * (*)(dvoid *, size_t)) 0,
          (dvoid * (*)(dvoid *, dvoid *, size_t))0,
          (void (*)(dvoid *, dvoid *)) 0 );
     // Step 2: Initialize the OCI evironment
     rc = OCIEnvInit( (OCIEnv **) &p_env, OCI_DEFAULT, (size_t) 0, (dvoid **) 0 );
     // Step 3: Initialize the OCI handles
     rc = OCIHandleAlloc( (dvoid *) p_env, (dvoid **) &p_err, OCI_HTYPE_ERROR,
          (size_t) 0, (dvoid **) 0);
     rc = OCIHandleAlloc( (dvoid *) p_env, (dvoid **) &p_svc, OCI_HTYPE_SVCCTX,
          (size_t) 0, (dvoid **) 0);
     rc = OCIHandleAlloc( (dvoid *) p_env, (dvoid **) &p_srv, OCI_HTYPE_SERVER,
          (size_t) 0, (dvoid **) 0);
     rc = OCIHandleAlloc((dvoid *) p_env, (dvoid **)&p_ses, (ub4) OCI_HTYPE_SESSION,
          (size_t) 0, (dvoid **) 0);
     // Step 4: Connect using a mutli-session connect
     rc = OCIServerAttach( p_srv, p_err,
          (text *)"local", 5, 0);
     // Create a server context
     rc = OCIAttrSet( (dvoid *) p_svc, OCI_HTYPE_SVCCTX,
          (dvoid *)p_srv, (ub4) 0,
          (ub4) OCI_ATTR_SERVER, (OCIError *) p_err);
     // Create a session context
     rc = OCIAttrSet((dvoid *) p_ses, (ub4) OCI_HTYPE_SESSION,
          (dvoid *) "testuser", (ub4) 8,
          (ub4) OCI_ATTR_USERNAME, p_err);
     rc = OCIAttrSet((dvoid *) p_ses, (ub4) OCI_HTYPE_SESSION,
          (dvoid *) "oldpass", (ub4) 7,
          (ub4) OCI_ATTR_PASSWORD, p_err);
     rc = OCIAttrSet((dvoid *) p_svc, (ub4) OCI_HTYPE_SVCCTX,
          (dvoid *) p_ses, (ub4) 0,
          (ub4) OCI_ATTR_SESSION, p_err);
     // Open the session on the server
     rc = OCISessionBegin ( p_svc, p_err, p_ses, OCI_CRED_RDBMS,
          (ub4) OCI_DEFAULT);
     // This is a generic error checking routine
     if (rc != 0)
          OCIErrorGet((dvoid *)p_err, (ub4) 1, (text *) NULL, &errcode,
               (text*)errbuf, (ub4) sizeof(errbuf), OCI_HTYPE_ERROR);
          printf("Error - %.*s\n", 512, errbuf);
          // If the error is a 28001, change the password.
          if(errcode==28001)
               // You need to set the Session into the service context
               // before you can call OCIPasswordChange(), and you also need
               // to allocate both the session and service context handles
               // before hand. Then you can call OCIPasswordChange.
               rc = OCIAttrSet((dvoid *)p_svc, OCI_HTYPE_SVCCTX,
                    (dvoid *)p_ses,0,OCI_ATTR_SESSION, p_err);
               rc = OCIPasswordChange(p_svc, p_err, "testuser",8,
                    "oldpass",7, "newpass",8, OCI_DEFAULT);
               if(rc != 0) printf("Password change failed.\n");
               else printf("Password successfully changed.\n");
     // Step 10: Disconnect from the server and free the
     rc = OCIServerDetach( p_srv, p_err, OCI_DEFAULT );
     rc = OCIHandleFree((dvoid *) p_srv, OCI_HTYPE_SERVER);
     rc = OCIHandleFree((dvoid *) p_svc, OCI_HTYPE_SVCCTX);
     rc = OCIHandleFree((dvoid *) p_err, OCI_HTYPE_ERROR);
     printf("Disconnected.\n\n");
     return;
}

Change expired password using oracle jdbc thin driver

Hello,
I have a java program that uses the oracle jdbc thin driver (ojdbc6 - version 11.2.0.3) for database connection. My question is if I have any possibility to change an expired password (java.sql.SQLException: ORA-28001: the password has expired) using the thin driver - NOT OCI?

No - the thin driver doesn't have any password management features.

JSSO change expired password

Hi,
Does JSSO has support to enable users to change their password when it expires (we use OID with passwd policies)?
If not, is there an alternative method of authenticating users agains ldap(OID) with functionality to change passwords and notify when a user is in his grace period.
We want to use/create one authentication/authorisation instance which we can use for multiple applications.
Kind regards,
Albert

JSSO usually uses a xml file to store the passwords. When you use OID it implies that you already have an AS Infrastructure.
Why don't you use the Oracle SSO server?
It does solve a part of your problem.
Unfortunately the issue with the grace periods (or better to receive a notification before your password expires) is not yet solved. You need to build your own (nifty script scanning the last pwd change time and the expiration time).
cu
Andreas

User cannot change expired password at logon

Hi
I've got 4 Fujitsu laptop with Windows 7 business SP1 x64 (Fujitsu setup). When the domain password expired, users cannot change their password at logon. Also, they can change password in their opened session before it expire (CTRL+ALT+DEL ==>
change password).
The change password at logon windows is buggy : It only display one field to put password in, the confirmation field does not display.
When user valid is change, Windows display error "wrong username or password ". Only way to unlock this situation is to reset user password in ADUC and never let expire.
I seen no sofware or driver wich could interfe.
Domain controler (only one) is Windows server 2012 standard.
Has somebody ever seen this type of problem ?

Hi,
Can you post a screenshot for this situation?
Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
current credential provider via the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
You should compare the result with the values in the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
If the current value is third party credential provider, try to disable it:
To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support

User can't change expired password

Hi,
Using Solaris 9 Clients and DS 5.2p4.
In my old NIS+ installation users with expired passwords (not expired accounts!!) where foreced to change their password during login.
Now using ldap naming service, such users are NOT asked to change their passwords, they just can't login, seeing:
Your password has expired.
Access denied
Using keyboard-interactive authentication.
Password:Is this a bug, a feature or do I need to change my config?
my pam.conf looks like:
other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth binding            pam_unix_auth.so.1 server_policy
other   auth required           pam_ldap.so.1 use_first_pass
other   account requisite       pam_roles.so.1
other   account required        pam_projects.so.1
other   account required        pam_unix_account.so.1 server_policy
other   account required        pam_ldap.so.1
other   password required       pam_dhkeys.so.1
other   password requisite      pam_authtok_get.so.1
other   password requisite      pam_authtok_check.so.1
other   password required       pam_authtok_store.so.1 server_policyThe only workarround I found so far is, to change the account flag to optional
other   account optional        pam_ldap.so.1This allows the user to login, but he is still not forces to change his password.

There is a way arround.
The password policy which appies to this user needs to have passwordExpireWithoutWarning=off.Than the user gets a "new chance". His passwordexpirationtime gets expended to the current date + passwordWarning periode. This allows the user to login and change his password. In adddition passwordexpwarned=1 for this user is set, to prevent doing this over and over.
See Sun Document 75326
http://sunsolve.sun.com/search/document.do?assetkey=1-25-75326-1
Message was edited by:
mzeilinger

Getting invalid username/ password when trying to change expired password

I am using Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production.
I created a user with password expire option and gave create session grant. When I tried to connect with the user it gives me password expired message as expected but when I try to put new password it gives me invalid username/password as show below. I have tried many times and made sure new password and retype new password are same and long enough.
Could anyone please advice what am I missing?
SQL> conn schu/xxx@abc
ERROR:
ORA-28001: the password has expired
Changing password for schu
New password: ********
Retype new password: ********
ERROR:
ORA-01017: invalid username/password; logon denied
Password unchanged
SQL>

spur230 wrote:
sb92075 wrote:
spur230 wrote:
It works that way but I need to use password expire option.
I see the words, but do not understand what they/you mean.The code you asked me to run work perfectly but I am getting ORA-01017 when I use password expire option.
With your code if I do
alter user schu password expire.
It will ask me to enter new password and verify password after which I am getting
ERROR:
ORA-01017: invalid username/password; logon deniedI am not sure what you are doing & doing wrong; but it works OK for me.
SQL> CREATE USER USER3 IDENTIFIED BY USER3 PASSWORD EXPIRE;
User created.
SQL> GRANT CREATE SESSION TO USER3;
Grant succeeded.
SQL> CONNECT USER3/USER3
ERROR:
ORA-28001: the password has expired
Changing password for USER3
New password:
Retype new password:
Password changed
Connected.
SQL> CONNECT USER3/USER4
Connected.
SQL> show user
USER is "USER3"
SQL>

Changing expired password of "system" user

Hello,
today I got a message that said that "system"-s password is expired.
I used sqlplus:
sqlplus system/mypass@myserver:1521/dwh
Then I got:
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Oct 14 12:05:50 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-28001: the password has expired
Changing password for system
New password:
But when I entered the new password twice after prompting, I got:
ERROR:
ORA-01017: invalid username/password; logon denied
Password unchanged
Weird, can somebody explain this?

user10298630 wrote:
Hello,
today I got a message that said that "system"-s password is expired.
I used sqlplus:
sqlplus system/mypass@myserver:1521/dwh
Then I got:
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Oct 14 12:05:50 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-28001: the password has expired
Changing password for system
New password:
But when I entered the new password twice after prompting, I got:
ERROR:
ORA-01017: invalid username/password; logon denied
Password unchanged
Weird, can somebody explain this?What exactly is weird in it? There must be a mistake in the typing of yours due to which you have got this error, the same worked for me dandy,
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Oct 14 17:19:10 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area 167772160 bytes
Fixed Size                  1247900 bytes
Variable Size              67110244 bytes
Database Buffers           96468992 bytes
Redo Buffers                2945024 bytes
Database mounted.
Database opened.
SQL> conn fortest/test
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> drop user fortest cascade;
User dropped.
SQL> create user fortest identified by test password expire;
User created.
SQL> grant create session to fortest;
Grant succeeded.
SQL> conn fortest/test
ERROR:
ORA-28001: the password has expired
Changing password for fortest
New password:
Retype new password:
Password changed
Connected.
SQL> +So the reason you got the error is 99.99% a typing mistake. To get back the user working, like others have suggested already, use Sys account and unlock it.
HTH
Aman....

Cannot change password expired password

Hi there,
I am not able to change expired password on Windows server 2012. I am getting the error message that "You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support"
I had similar issue in Windows 2008 servers and was resolved when I changed the the RDP security layer to negociate. But I couldn't find Session host configuration snap-in since RDS is not enabled.
Any one faced same issue?
Thanks,
Ranjith

Hi Ranjith,
How are things going?
You could try to change the Security Layer to
RDP Security Layer in the Security section of
Session Collection properties.
In addition, if you are using remote desktop over RD Gateway, there is no support for being able to use the “User must change password at next logon”.
Please refer to these two threads which is similar with your issues.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/320ef31a-1160-4c33-9912-79a3838fc24d/forcefuly-user-should-change-his-password-when-loggin-for-the-first-time?forum=winserverTS
https://social.technet.microsoft.com/Forums/windowsserver/en-US/8761e29a-72a0-4f9c-b31b-ff81633020dd/user-must-change-password-setting-using-rdp-to-server-2012?forum=winserverTS
Hope this helps.
Best Regards,
Tina

Expire password

Good day,
I have a problem when the password of the user is expired, it throws ORA-28001, I would like to give user in web application an option to change the password (when it is expired), exactly the way SQL Plus allows user to change expired password. How can I do that?
Please help, thanks
edz

You didn't mention the database version you are using but take a look at Note:124970.1 on MetaLink. Hopefully this will answer your question.
Thanks
Shail

Windows Server 2012 R2 - RD Gateway and expired passwords

We got tired of script kiddies trying to brute force our old RDP servers, so we thought RD Gateway was a good idea and implemented this on our newest RDS servers.
That worked fine until the first password change. The support phone got hot for some days.
I understand after investigating the issue that expired has been a problem in the 2008/2008R2 version of RD Gateway.
Are expired/change on first logon still a problem in 2012 R2? I fint this strange after seeing all the old complains.
Are there any solution to this problem (other than running Citrix wich manage password change with no problems)?
Jens Tore Fremmegaard ::.::.:: ServerParkering AS

NLA is disabled. This was never a problem when we used 2008 servers.
On our old 2008 (and 2003 before that) terminal servers the users have always had the opportunity to both change expired passwords and "change password on first logon".
After migrating to 2012 none of them work.
We have a script that warns the users prior to password expiry date, but ther's always someone that waits to long. And then they have to call our support techs to get their passwords changed since password change not working on the rds servers.
Off course they could change it through Exchange OWA, but try to tell that to the CEO that's used to only click their RDS shortcut.
Jens Tore Fremmegaard ::.::.:: ServerParkering AS

Changing expired password

Similar Messages

Maybe you are looking for