Curiosity about expired passwords

Good afternoon,
It is fairly standard to expire user passwords after a period of time for security reasons.
Oracle includes this functionality, what is interesting and different than in most other systems, is the user can select the same password as the one that expired. Most systems don't allow the same password to be new password.
I thought that was worth noting.
John.

Did you use PASSWORD_VERIFY_FUNCTION in your profile
Below password checks occur in the verify_function_11G password verification function.
1.The password must be a minimum of eight characters in length.
2.The password must include one digit and one alpha character.
3.Simple passwords will be rejected.
4.The password cannot be the same as the username.
5.The password cannot be the same length as the username.
6.The password cannot be the username spelled backwards.
7.The password cannot be the same as the server name or the server name with digits from 1 to 100 appended.
9-Ensuring that a password differs from the previous password by at least three characters
see this post
http://www.articles.freemegazone.com/oracle-11g-password-features.php?ref=1
:)

Similar Messages

  • Cisco ISE - User with expired password is forced to logoff before they can change password.

    I came across a situation today where a user was logged into a laptop with an expired password and could not change it by simply locking the computer and logging in with the correct credentials. (They had previously changed it on their main computer) The port restricted any communication since the user was failing authentication.
    So, the I had the user logout and immediately the computer authenticated, and the user was able to login with the correct credentials.   I dont want my users to have to logout completely in this situation.  Below is the port config and the ISE error messages.
     switchport access vlan 423
     switchport mode access
     switchport block unicast
     switchport voice vlan 425
     ip arp inspection limit rate 10
     ip access-group ACL-LOW-IMPACT-MODE in
     authentication event fail action next-method
     authentication event server dead action authorize voice
     authentication event server alive action reinitialize
     authentication host-mode multi-auth
     authentication open
     authentication order dot1x mab
     authentication priority dot1x mab
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     authentication timer inactivity server
     authentication violation restrict
     mab
     snmp trap mac-notification change added
     dot1x pae authenticator
     dot1x timeout tx-period 3600
     spanning-tree portfast
     spanning-tree bpduguard enable
     ip dhcp snooping limit rate 100

    Completely forgot about odac version. I have ODT with ODAC 102.02 installed.
    I want to download new drivers from here:
    Oracle10g Release 2 ODAC and Oracle Developer Tools for Visual Studio .NET
    http://download.oracle.com/otn/other/ole-oo4o/ODTwithODAC1020221.exe
    And old drivers from here (just for testing)
    Oracle Developer Tools for Visual Studio .NET 10.1.0.4.0
    http://download.oracle.com/otn/other/ODT10104.exe
    Does anybody know something about these releases? Do they have the same behavior?
    Thanks.

  • Changing expired password on a cbckend database from a frontend database

    I have a split database with an Oracle backend (BE) and MS Access frontend (FE). My question is how to reset an expired password on the BE from the FE.
    If I log on to the backend via sqlplus an error ORA-28001 (Password expired) occurs and the system immediately prompts for a new password before completing the login process.
    If I log on from the frontend I get the same ORA error from the BE, but as far as I can tell, I can't reset the password from the FE.
    I can capture the error fine at the FE and I am thinking that I could use this to open a dialog to reset the password and change it over the ODBC connection. The problem is that I need to get a connection to the BE database before sending a command to change the password from the FE, but since login cannot be completed from the FE, because of the expired password, I can't get an ALTER USER statement to execute on the BE to reset the password.
    Is there a way to change a pre-expired password on an Oracle backend database from a frontend database? I don't see this as an Oracle/Access problem but as a problem that exists for any split database.

    I have thought about this a little and I am thinking about keeping a table of password update information. I can use this to create a "soft" expired password, using an expiration date in the table for each account. If the password is expired by the database then we can just update it with sqlplus or one of the other options.
    As far as getting the organization to change it is waaaay to big and stupid to change their policy.

  • Sybase expired password changed via JDBC ...

    hi,
    please help me in this matter : i can't figure out how to change an already expired password via Sybase JDBC implementation ( jConnect ).
    i read the postings about Oracle having passed a custom value for this kind of change but i just don't seem to find a similar Sybase approach.
    thank you very much,
    -ionut-

    I've never used Sybase, but here's a suggestion. I'm guessing you are already trying to call the sp_password stored procedure.
    Try to call it using con.executeQuery(). Something along the lines of
    con.executeQWuery("execute sp_password 'old','new';");
    A lot of drivers make extra database calls when you use prepareCall() and prepareStatement().

  • Resetting expired password from JDBC

    Hi All,
    I would like to know if it is possible to change an expired password from a java client that uses JDBC (classes12.zip) "thin client" to connect to oracle database (8.1.7.4).
    Can we capture the "password expired" exception from the client and change the expired password from within the java client.
    The current connect string is --->
    Connection conn;
    DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
    conn = DriverManager.getConnection("jdbc:oracle:thin:@host:port:sid",user,pass);
    Is it possible to do something like this ???
    try {
    conn = DriverManager.getConnection("jdbc:oracle:thin:@host:port:sid",user,pass);
    catch ( SQLException sqle ) {
    if ( sqle.getErrorCode() == 28001 ) // i.e. passwd expired
    //1. ask user to enter the new passwd &
    //2. change it in the database.
    Is there any other way of doing this ??
    Thanks in advance
    Arun

    I haven't tried this, but there some things to think about.
    1) Have you tried to capture the Exception? Is it a problem?
    2) Have you tried to alter a password through JDBC? Is it a problem? To execute other DDL you have to use executeUpdate() I would assum that if you can do this it will also require an executeUpdate().
    Now assuming #1 and #2 are OK
    3) How are you going to change a password when the you cannot connect because the password has expired? Are you going to hard code another non-expired userid/password in the code (bad idea). Are you going to ask the user to enter some type of administrative userid/password that will allow them to change their password?
    Just some thoughts, sorry I cannot help more...

  • Resetting an Expired Password

    Hello All
    I am not sure if this is the right forum so please let me know if not.
    I currently have an ASP page that authenticates users against a Sun ONE LDAP server. The problem we seem to have is that when a users password expires, we cannot bind anymore. The easiest way for us to sort this would be to get the "Password has expired" return code but I cannot work out how to do this in ASP.
    Or is the problem deeper than this and once a password has expired a user cannot reset it? Do we need to change something else to allow a user to bind with their old password to reset their password. Remembering we are trying to do this all with asp.net.
    Thanks
    D

    I also am ignorant of asp.net; however, Sun DS 6 has several features that can help solve your problem if you can figure out how to access them:
    1. If you configure the "expiration warning" feature in the password policy, once a entry's password is in the warning period, an unsolicited "expiration warning" control is returned with each bind. The control data is the seconds until expiration. Password policy configuration is documented in http://docs.sun.com/app/docs/doc/820-2491/fhkrj?a=view . You can search for "OID 2.16.840.1.113730.3.4.5" on google for info about the control. You should also become familiar with the unsolicited password expired control "OID 2.16.840.1.113730.3.4.4". These controls are also implemented in DS5.
    2. If you supply the bind (or most other) operation with the IETF draft password policy request control, Sun DS 6.1 and later return a (properly encoded) password policy response control containing password policy operational state. Search for "OID 1.3.6.1.4.1.42.2.27.8.5.1"
    3. Your application can request the operational state of an entry via the user status control in Sun DS 6.1 and later. Search for "OID 1.3.6.1.4.1.42.2.27.9.5.8"
    4. If you have implemented some form of expiration warning, then presumably the majority of your users will have changed passwords before expiration, and you can force the others to go through some self-service or help-desk password reset function (i.e., enable must-change-on-reset, then administratively change the user's password, forcing him/her to change it at next bind).
    5. If you want to allow users with an expired password to access the DS solely for the purpose of changing the password, see http://docs.sun.com/app/docs/doc/820-2491/6ne3dhdht?a=view#resetting-expired-passwords . If you do some more investigation on Sun DS (6.2 and later) implementation of the password modify extended operation (and ldappasswd), you should find details on enabling the extension to allow a user to change an expired password.
    6. You might also take a look at http://docs.sun.com/app/docs/doc/820-2490/6ne3cisoj?a=view#pwdpol for an overview of the new password policy implementation in DS6, compared to the DS5 password policy, and the strategy to migrate from DS5 to DS6.

  • Expired Password issue

    Any update on the issues with expired passwords? We have seen the same
    issue other users have reported - and anxiously await some kind of real fix.
    Jim

    James,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
    - Check all of the other support tools and options available at
    http://support.novell.com.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://support.novell.com/forums)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://support.novell.com/forums/faq_general.html
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • Fingerprints and expired passwords

    Hi Community,
    I have recently encountered this problem and I've yet to find a solution for it. Maybe someone here has experienced something similar before and can shed some light on how to fix it.
    I'm on a T410 with XP.
    I use an ActiveDirectory login to access my computer and my password for ActiveDirectory expires every 60 (or 90 days) I believe. In the past, when I was prompted to update my expired password upon logging in, Client Security Solution would pop up and tell me that I'm about to update a password already existed in the record and it simply updates it and everything syncs up nice and happy.
    This last time, however, I didn't get the Client Security Solution prompt when I attempted to update the expired password, and what has happened, is that now, when I swipe my finger, my old password is entered which obviously fails every time. So I'm having to enter my password every time I log-on making the fingerprint reader rather useless.
    I have attempted finding an entry for "Windows Login" in the Password Manager, but it seems that Windows/AD passwords are stored somewhere separate. My question is, how would I go about updating the password linked to my fingerprint? Do I have to delete the old profiles for my fingerprints and create new ones? Would that even solve the issue?
    Any help/suggestions are kindly appreciated.
    Cheers.
    -Andy

    What website/application are you trying to log into, where password manager is still using the old password?
    Or is this an issue where you can no longer log into windows itself, with your fingerprint?

  • Reset expired Passwords?

    Recently the DBAs overhauled out account policies to have passwords expire every X days. I'm running into my first expired account and I'm getting an ORA-28001: the password has expired error, but no prompt to reset the password.
    I thought I'd put in a feature request for a password reset window for this situation, but it seems that there was already one out there: http://htmldb.oracle.com/pls/otn/f?p=42626:39:2786248920877118::NO::P39_ID:22121
    Closed: "Context menu to Reset Password is available"
    Does anybody know how to go about resetting expired passwords in SQL Developer?

    So my help-desk finally got around to doing an install of the 11g client. Still having an issue. I've done the following:
    -Made my ORACLE_HOME the 11g client base dir.
    -Made %ORACLE_HOME%\bin the first entry in my path
    Still getting the same error. Even tried creating a new connection. I can connect with 11g SqlPlus.
    Any thoughts?

  • How to deal with expired passwords in authentication schemes?

    IHi,
    I am trying to build an authentication scheme that deals with expired passwords. After the user has provided their valid but expired password they should be redirected to a password reset page. After they have provided a new password they should be allowed to continue to the page they would have otherwise gone to had their password not expired.
    I have written my authentication processs as follows:
    CREATE OR REPLACE FUNCTION inventory_test.inventory_authentication (
    p_username IN VARCHAR2,
    p_password IN VARCHAR2
    RETURN BOOLEAN
    IS
    r1 apex_users%ROWTYPE;
    valid_password BOOLEAN;
    BEGIN
    IF p_password IS NULL
    THEN
    RETURN FALSE;
    END IF;
    SELECT *
    INTO r1
    FROM apex_users
    WHERE UPPER (username) = UPPER (p_username);
    valid_password :=
    DBMS_OBFUSCATION_TOOLKIT.md5 (input_string => p_password
    || TO_CHAR (r1.SEED, '99999')
    ) = r1.PASSWORD;
    IF valid_password AND (r1.password_expiration_date < SYSDATE)
    THEN
    apex_util.set_session_state ('FSP_AFTER_PASSWORD_RESET_URL', v ('FSP_AFTER_LOGIN_URL')); -- My new application item
    apex_util.set_session_state ('FSP_AFTER_LOGIN_URL',
    'F?P=' || v ('APP_ID') || ':14:' || v ('APP_SESSION')
    END IF;
    RETURN valid_password;
    EXCEPTION
    WHEN NO_DATA_FOUND
    THEN
    RETURN FALSE;
    END;
    This redirects the user to the password reset page but FSP_AFTER_PASSWORD_RESET_URL is null - presumably because the login process changes the session.
    This seems the wrong approach anyway as the user, once authenticated, can change the page number in the URL and avoid the password reset. I would guess that I need to use the APEX_CUSTOM_AUTH package somehow. However, I am thoroughly confused about the relationship between the LOGIN and POST_LOGIN procedures. Also, I gather from other posts in this forum that there is some asynchronous processing that goes on as new sessions are created. Can someone point me in the right direction please?
    --Tony
    [http://tonyhasler.wordpress.com/][http://tonyhasler.wordpress.com/]

    Sorry for taking so long to acknowledge your helpful suggestions.
    Scott's proposal is a tiny tiny bit awkward as,if i understand it correctly, the user would have to reauthenticate after resetting the password.
    /dev/null's suggestion is actually not too bad for me. I already have each page being authorised and I use only a limited mumber of (once per session) authorization schemes. I think all I have to do is to place an extra line or two in each scheme to check the expiration date of the user's password and remember to call APEX_UTIL.RESET_AUTHORIZATIONS when the password is reset.
    I successfully redirected to the password reset page using owa_util.redirect_url from the post-authentication procedure but what I am still having trouble with is the deep-linking bit. It seems I have to obtain the target URL by 'editing' FSP_AFTER_LOGIN_URL to replace '|' characters by ':' characters and inserting the session id in the right place. Given the fact that FSP_AFTER_LOGIN_URL may not be set and that there may not be sufficient ':' characters in the URL this is very clunky.
    Is there an easier way to do this?
    --- Never mind. I worked out how to use regular expressions with SQL to do this. A full explanation is in my blog.
    --Tony
    http://tonyhasler.wordpress.com
    Edited by: TonyHasler on Sep 6, 2008 3:17 PM

  • Site Login Behavior For SharePoint Foundation 2013 Users With Expired Passwords?

    What are the most user-friendly ways of getting external users with expired AD passwords back into the SharePoint site with a new working password?
    We already send automated email notifications to users reminding them to change their soon-to-expire passwords.  However, sometimes they miss seeing the email notifications before the password expires (such as after returning from vacation or just carelessness
    and lack of attention to email messages) or they see the warning messages and forget to act on it.
    When this happens and they try to log into the SharePoint site from the Internet, their login fails without telling the user the reason they can't log in is because their password expired.  So, they end up confused and call the help desk to get their
    password reset.
    Is there a way to set up SharePoint Foundation 2013 login in a similar way to the OWA login so that, when a user with a correct but expired password tries to log in, it gives them a prompt to set a new password right there rather than just an error indicating
    their login failed for unknown reasons or password is "incorrect?"

    It could be done. You get a different event log entry for an expired login attempt than for a wrong password, 4625 events denote a login failure and an error ID of 23 denotes a logon failure.
    A naff, but simple, approach would be to create a tool that checks your server logon event log for 4625 entries and then emails that user, or the help desk, or security, that they're trying to get onto your system with expired credentials.
    For a more polished experience you've got a lot more work and bluntly it's going to be impractical for you. You'd have to re-write sections of the SharePoint authentication process or intercept the process, both are risky and not a good idea to try.
    There's a really interesting paper here that might be of interest, it won't help you in your current situation but it might shed more light on the overall authentication/authorisation process.
    http://www.sans.org/reading-room/whitepapers/forensics/windows-logon-forensics-34132

  • Firefox promted me to save about 4 passwords and now won't prompt me. All the setting are just as they should be. Why has it stop prompting me to save passwords?

    This is a new machine though I am not new to Firefox. There are certain sites I have multiple accounts on in which Firefox as of a month ago saved every password for every account. Just turning on this machine for the first time yesterday I immediately downloaded Firefox and set the settings as I had them on the previous machine. As I began getting things in order and all favorites back in place, Firefox did prompt me to save about 4 passwords and abruptly stopped. I have checked all the settings and nothing has changed. No addresses have been blocked, no exceptions. Even addresses and on sites I know for certain will let Firefox save the passwords I am not being prompted. I am at a loss as to what to do.
    Any help would be appreciated.
    Thank you for your time.
    John

    Try the following:
    close iWeb.
    delete the iWeb preference file, com.apple.iWeb.plist, that resides in your Home/Library/Preferences folder.
    go to your Home/Library/Caches/com.apple.iWeb folder and delete its contents.
    reboot.
    launch iWeb and try again.
    If that doesn't help continue with:
    move the domain file from your Home/Library/Application Support/iWeb folder to the Desktop.
    launch iWeb, create a new test site, save the new domain file and close iWeb.
    go to the your Home/Library/Application Support/iWeb folder and delete the new domain file.
    move your original domain file from the Desktop to the iWeb folder.
    launch iWeb and try again.
    OT

  • Hi, Dear. I purcahse my iphone 4S on of the guy, my problem is when i update any app from App store and i click update there is an e-mail address is coming which i doesnt know about the password, how can i revome the e-mail address for update our apps.

    Hi, Dear. I purcahse my iphone 4S on of the guy, my problem is when i update any app from App store and i click update there is an e-mail address is coming which i doesnt know about the password, how can i revome the e-mail address for update our apps.

    Yes. Delete the Apps that were not Purchased using Your Apple ID.
    But a Restore as New is the way to go.

  • Which attribute shows if a user has an expired password?

    DSEE 6.3
    I created my own password policy, and applied it to a single user.
    I would like to know which attribute shows if a user has an expired password, and how do I query that attribute for the user. How would I query the time till expiration as well?
    I am basically looking for example queries to such information.
    thanks,

    My limited experience with this sort of thing is to run a query like the following:
    ldapsearch -1TL -h `hostname` -D 'cn=Directory Manager' -b "dc=<your dc>,dc=com" uid=<uid your choice> pwdAccountLockedTime pwdFailureTime pwdLastAuthTim
    e pwdChangedTime passwordRetryCount nscpentrywsi
    This dumps some helpful stuff. I've noticed ... in our ldap instance that a locked account has the following output:
    pwdAccountLockedTime: 000001010000Z
    I don't know why it shows up that way ... but it's something I can key on and search for to find locked accounts. Not necessarily an indication that a password has expired, of course, but sort of interesting to me. An account can be locked for other reasons obviously.
    I think pwdChangedTime might be what you want assuming you know what the password expiration time is set to ...

  • Problem about Changing Password?

    1 After logining in mobile server,I tried to change the password,but it sometimes failed.
    2 After changing the password in webtogo client,I found the password in mobile server had been also changed.
    What relationship about the password between online and offline?
    Will you please give me some advice?
    Thanks a lot!

    No, we didn't change the network name or the SSID.
    I am trying to get my head around how the preference files work. I understand that changing the password would change the preference file, but after further changing, I noticed that if I changed the password back to the original password, it would no longer connect. Then, I changed it back to the password from which I had changed the original password, and it did not connect. Then, after changing it to a brand new password, it connected.

Maybe you are looking for