How to check: password expired,password forced to change,user disable
I am writing application to detect the following. I just need to check whether the condition is true. What are the things that I need to check for:
- when a user password is going to expired in x days?
- when a user is forced to changed a his password?
- when a user is disabled? For this, do I check the attribute "nsaccountlock=true"?
Chooichin
I am writing application to detect the following. I
just need to check whether the condition is true.
What are the things that I need to check for:
- when a user password is going to expired in x
days?
you can use he passwordControls during a BIND operation and investigate if the password expired/expiring in so many secs
- when a user is forced to changed a his password?
- when a user is disabled? For this, do I check the
attribute "nsaccountlock=true"?Yes, if some interface is actually using this to disable the user in the first place.
>
Chooichin
Similar Messages
-
How to deal with expired passwords in authentication schemes?
IHi,
I am trying to build an authentication scheme that deals with expired passwords. After the user has provided their valid but expired password they should be redirected to a password reset page. After they have provided a new password they should be allowed to continue to the page they would have otherwise gone to had their password not expired.
I have written my authentication processs as follows:
CREATE OR REPLACE FUNCTION inventory_test.inventory_authentication (
p_username IN VARCHAR2,
p_password IN VARCHAR2
RETURN BOOLEAN
IS
r1 apex_users%ROWTYPE;
valid_password BOOLEAN;
BEGIN
IF p_password IS NULL
THEN
RETURN FALSE;
END IF;
SELECT *
INTO r1
FROM apex_users
WHERE UPPER (username) = UPPER (p_username);
valid_password :=
DBMS_OBFUSCATION_TOOLKIT.md5 (input_string => p_password
|| TO_CHAR (r1.SEED, '99999')
) = r1.PASSWORD;
IF valid_password AND (r1.password_expiration_date < SYSDATE)
THEN
apex_util.set_session_state ('FSP_AFTER_PASSWORD_RESET_URL', v ('FSP_AFTER_LOGIN_URL')); -- My new application item
apex_util.set_session_state ('FSP_AFTER_LOGIN_URL',
'F?P=' || v ('APP_ID') || ':14:' || v ('APP_SESSION')
END IF;
RETURN valid_password;
EXCEPTION
WHEN NO_DATA_FOUND
THEN
RETURN FALSE;
END;
This redirects the user to the password reset page but FSP_AFTER_PASSWORD_RESET_URL is null - presumably because the login process changes the session.
This seems the wrong approach anyway as the user, once authenticated, can change the page number in the URL and avoid the password reset. I would guess that I need to use the APEX_CUSTOM_AUTH package somehow. However, I am thoroughly confused about the relationship between the LOGIN and POST_LOGIN procedures. Also, I gather from other posts in this forum that there is some asynchronous processing that goes on as new sessions are created. Can someone point me in the right direction please?
--Tony
[http://tonyhasler.wordpress.com/][http://tonyhasler.wordpress.com/]Sorry for taking so long to acknowledge your helpful suggestions.
Scott's proposal is a tiny tiny bit awkward as,if i understand it correctly, the user would have to reauthenticate after resetting the password.
/dev/null's suggestion is actually not too bad for me. I already have each page being authorised and I use only a limited mumber of (once per session) authorization schemes. I think all I have to do is to place an extra line or two in each scheme to check the expiration date of the user's password and remember to call APEX_UTIL.RESET_AUTHORIZATIONS when the password is reset.
I successfully redirected to the password reset page using owa_util.redirect_url from the post-authentication procedure but what I am still having trouble with is the deep-linking bit. It seems I have to obtain the target URL by 'editing' FSP_AFTER_LOGIN_URL to replace '|' characters by ':' characters and inserting the session id in the right place. Given the fact that FSP_AFTER_LOGIN_URL may not be set and that there may not be sufficient ':' characters in the URL this is very clunky.
Is there an easier way to do this?
--- Never mind. I worked out how to use regular expressions with SQL to do this. A full explanation is in my blog.
--Tony
http://tonyhasler.wordpress.com
Edited by: TonyHasler on Sep 6, 2008 3:17 PM -
Ad-User script to check if expired password = true and email helpdesk
I have a script that runs each day and reminds my users that their password will expire. This works well.
I'm having trouble creating a script to email our helpdesk once the password has expired so engineers can reset it automatically.
The code I have displays nothing yet I know I have expired passwords.
Get-ADUser -filter {(Enabled -eq $True) -and (PasswordNeverExpires -eq $False) -and (PasswordExpired -eq $True)} -properties PasswordLastSet, PasswordExpired, PasswordNeverExpires, EmailAddress, GivenName
Please help!I looked at a test user meeting these criteria. Although the AccountExpirationDate was in the past, the AccountExpired property was still $False. I'm not sure what process is responsible for changing the AccountExpired property based on AccountExpirationDate,
but this is where your script seems to fail.
This works:
Get-ADUser -filter {(Enabled -eq $True) -and (PasswordNeverExpires -eq $False)} -properties PasswordLastSet, PasswordExpired, PasswordNeverExpires, EmailAddress, GivenName, AccountExpirationDate |
Where { $_.AccountExpirationDate -lt (Get-Date) }
Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) _________________________________________________________________________________
Powershell: Learn it before it's an emergency http://technet.microsoft.com/en-us/scriptcenter/powershell.aspx http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx
Account expired is derived by the Classes. It is not on the raw object. It is all that needs to be checked. If an account is not set to be expired then that will always be false.
Like this:
Get-ADUser -filter * -properties * |?{$_.passwordexpired} | select passwordexpired
You can also do the math.
¯\_(ツ)_/¯ -
Remove password expiration time limit for ocs users
Hello,
I want to know how to remove password expiration time limit for ocs (11gR2) users? In our system all user accounts are getting expired in 1 week. I have to remove expdate. (profile was changed)
ThxSQL> select * from dba_profiles where RESOURCE_NAME LIKE 'PASSWORD_LIFE_TIME';
PROFILE RESOURCE_NAME RESOURCE LIMIT
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
MONITORING_PROFILE PASSWORD_LIFE_TIME PASSWORD DEFAULT
SQL> ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
Profile altered.
SQL> select * from dba_profiles where RESOURCE_NAME LIKE 'PASSWORD_LIFE_TIME';
PROFILE RESOURCE_NAME RESOURCE LIMIT
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED
MONITORING_PROFILE PASSWORD_LIFE_TIME PASSWORD
To change the password for a user:
alter user username identified by new_password;
Edited by: hitgon on Apr 30, 2012 7:33 PM -
Cannot change password expired password
Hi there,
I am not able to change expired password on Windows server 2012. I am getting the error message that "You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support"
I had similar issue in Windows 2008 servers and was resolved when I changed the the RDP security layer to negociate. But I couldn't find Session host configuration snap-in since RDS is not enabled.
Any one faced same issue?
Thanks,
RanjithHi Ranjith,
How are things going?
You could try to change the Security Layer to
RDP Security Layer in the Security section of
Session Collection properties.
In addition, if you are using remote desktop over RD Gateway, there is no support for being able to use the “User must change password at next logon”.
Please refer to these two threads which is similar with your issues.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/320ef31a-1160-4c33-9912-79a3838fc24d/forcefuly-user-should-change-his-password-when-loggin-for-the-first-time?forum=winserverTS
https://social.technet.microsoft.com/Forums/windowsserver/en-US/8761e29a-72a0-4f9c-b31b-ff81633020dd/user-must-change-password-setting-using-rdp-to-server-2012?forum=winserverTS
Hope this helps.
Best Regards,
Tina -
How to check the expired date of a public key stored in my keyStore
Hello,
I would like to know if there is any possibility to check the expiration date of a public key which is present in my keystore.
I did read the help of keytool but did not found any explanation about that.
Thanks in advance for your answers.
Alain.
Message was edited by:
PhilipinaPublic key doesn't have an expiration date. Certificate has. Run keytool -list -v and you can read something looks like:
Valid from: ... until: ... -
How to check Username and Password
hai
in my application i'm navigating from Login page to Home Page . in login page i have to check for particular user name and password let us say abc and abc. if the user enters wrong username and password it should redirect to login page. is there any snippet of codeHi Sravan,
Import this package in your login view
com.sap.tc.webdynpro.progmodel.controller.MessageManager;
And if your context attributes are Name and Password.And if you are navigating from LoginView to HomeView. Write the code given below inside your action event.
String login=wdContext.currentContextElement().getName();
String password=wdContext.currentContextElement().getPassword();
if(login!=null && login.equalsIgnoreCase("XXX") && password!=null && password.equalsIgnoreCase("YYY"))
wdThis.wdFirePlugToHomeView();
else
MessageManager msgMgr= (MessageManager) wdThis.wdGetAPI().getComponent().getMessageManager();
msgMgr.reportException("Login failure.Pls check login details",true);
Hope this will help you
Regards,
Rajeev -
How can you create a customized page to change user password?
Hello to all,
I would like to create a customized page for a user to change their password. We are using Portal version 3.0.9 on Windows NT/2000. Currently there is a page in portal where a user can change their password.
I tried linking to that page by copying the shortcut url and adding it as an html portlet. The problem is that we want to direct the users to a
page of our choosing when they click on the "cancel" and "ok" buttons. I read in the forums that there is a selfreg.cmd script.
I also read that there is some code that has been available.
Has anyone implemented a customized user password change page? Do you know of any links that might have steps to follow or
more informatioin?
Thanks in advance,
LindsayHi,
I was able to customize the change password screen through a procedure. This is what I did:
* Created a procedure under the Portal30_sso schema:
CREATE OR REPLACE procedure reports_chage_password
site2pstoretoken in varchar2 default null
,p_username in varchar2 default null
,p_error_code in varchar2 default null
,p_submit_url in varchar2 default null
,p_done_url in varchar2 default null
,p_pwd_is_exp in varchar2 default null
,p_password in varchar2 default null
is
begin
htp.htmlopen;
htp.headopen;
htp.title ('<TITLE of Page>');
htp.headclose;
htp.bodyopen;
htp.p('<table width="100%"><tr><td colspan=2 align=center><IMG SRC=<directory of image if you want>"><br><hr><br></td></tr>');
htp.p('<tr><td colspan=2 align=center>');
htp.p('<font COLOR="#000080" face="Times New Roman" size=+2><b>');
htp.header(nsize => 1 ,cheader => 'Change Password');
htp.p('</b></font>');
htp.p('</td></tr><tr><td align=right>');
htp.formopen(curl => p_submit_url );
htp.p('<font color="#000080" face="Times New Roman" size=+1>');
htp.p ('Username:');
htp.p('</td><td alight=left><font color="#000080" face="Times New Roman" size=+1>');
htp.p(p_username);
htp.p('</font>');
htp.p('</td></tr>');
htp.formHidden(cname => 'p_username',cvalue => p_username);
htp.br;
htp.p('<tr><td align=right>');
htp.p('<font color="#000080" face="Times New Roman" size=+1>');
htp.p ('Old Password: ');
htp.p('</font>');
htp.p('</td><td align=left>');
htp.p ( htf.formPassword(cname => 'p_old_password',csize => 30,cmaxlength => 30) );
htp.p('</td></tr>');
htp.br;
htp.p('<tr><td align=right>');
htp.p('<font color="#000080" face="Times New Roman" size=+1>');
htp.p ('New Password: ');
htp.p('</font>');
htp.p('</td><td align=left>');
htp.p ( htf.formPassword(cname => 'p_new_password',csize => 30,cmaxlength => 30) );
htp.p('</td></tr>');
htp.br;
htp.p('<tr><td align=right>');
htp.p('<font color="#000080" face="Times New Roman" size=+1>');
htp.p ('Confirm New Password: ');
htp.p('</font>');
htp.p('</td><td align=left>');
htp.p ( htf.formPassword(cname => 'p_new_password_confirm',csize => 30,cmaxlength => 30) );
htp.p('</td></tr>');
htp.p('<tr><td rowsapn=2>');
htp.formHidden(cname => 'p_done_url',cvalue => '<the url that you want users to go to when they are done>');
htp.formHidden(cname => 'p_pwd_is_exp',cvalue => p_pwd_is_exp);
htp.formHidden(cname => 'p_password',cvalue => p_password);
htp.formHidden(cname => 'site2pstoretoken',cvalue => site2pstoretoken);
htp.p('</td></tr>');
htp.p('<tr><td align=right>');
htp.formSubmit(cname => 'p_action',cvalue => 'OK');
htp.p('</td><td align=left>');
htp.formSubmit(cname => 'p_action',cvalue => 'CANCEL');
htp.p('</td></tr></table>');
if p_error_code is not null then
htp.br;
htp.fontOpen(ccolor=> 'red', csize=> 4);
if p_error_code = 'auth_fail_err' then
htp.p('Old password is incorrect');
elsif p_error_code = 'pwd_rule_err' then
htp.p('The new password does not follow '||
'the password policies.');
htp.br;
htp.p('Verify with your System Administrator '||
'about the Password Policies');
elsif p_error_code = 'confirm_pwd_fail_txt' then
htp.p('Confirmation for new passord is not '||
'the same as the New Passowrd');
elsif p_error_code = 'null_new_pwd_err' then
htp.p('New password cannot be null');
elsif p_error_code = 'null_old_pwd_err' then
htp.p('Old password cannot be null');
else
htp.p ('Error: ' || p_error_code );
end if;
htp.fontClose;
end if;
end;
* Grant this procedure to PUBLIC
* Update the portal30_sso.wwsso_ls_configuration_info_$:
UPDATE portal30_sso.wwsso_ls_configuration_info_$
SET LOGIN URL = '<YOUR CUSTOM LOGIN URL OR THE WORD UNUSED IF YOU DON'T HAVE ONE> http://<MACHINE_NAME>.<DOMAIN>/pls/portal30_sso/portal30_sso.<NAME OF PROCEDURE>';
* After you update the table, go to your account information link, and click on the change password link.
* Then copy the url that you see in your address line
* And if you want a change password link at the top of your portal page, just go to EDIT on your page, then edit the banner defaults. Then in the links add the Lable and the URL. The URL would be the URL you copied from the previous step.
Hope this helps.
I've customized the login page too if you would like some sample code for that. Let me know.
Martin -
How to check which license is assign to current user?
Hi all,
I want to fire some action when a CRM user click on my sdk program but if a Prof user click on it, other action will be fire. May I know how to do it?Hi,
I don't know the programming part how to access the information, but which licence is assigned to which user is stored in the file B1Upf.xml on the licence server.
HTH, Sandra -
How to check query is getting reused after changing parametr cursor_sharing
Hello,
Oracle Version: 11g
OS Version: Windows 2003 64Bit
How to find if a particular query is getting reused after change in a cursor_sharing parameter from EXACT to SIMILAR.
Which set of Views/DD's should i query go get the relevant details.
Thanks in advance.
-Vijay.SQL> desc v$sqlarea
Name Null? Type
SQL_TEXT VARCHAR2(1000)
SQL_FULLTEXT CLOB
SQL_ID VARCHAR2(13)
SHARABLE_MEM NUMBER
PERSISTENT_MEM NUMBER
RUNTIME_MEM NUMBER
SORTS NUMBER
VERSION_COUNT NUMBER
LOADED_VERSIONS NUMBER
OPEN_VERSIONS NUMBER
USERS_OPENING NUMBER
FETCHES NUMBER
EXECUTIONS NUMBER
PX_SERVERS_EXECUTIONS NUMBER
END_OF_FETCH_COUNT NUMBER
USERS_EXECUTING NUMBER
LOADS NUMBER
FIRST_LOAD_TIME VARCHAR2(19)
INVALIDATIONS NUMBER
PARSE_CALLS NUMBER
DISK_READS NUMBER
DIRECT_WRITES NUMBER
BUFFER_GETS NUMBER
APPLICATION_WAIT_TIME NUMBER
CONCURRENCY_WAIT_TIME NUMBER
CLUSTER_WAIT_TIME NUMBER
USER_IO_WAIT_TIME NUMBER
PLSQL_EXEC_TIME NUMBER
JAVA_EXEC_TIME NUMBER
ROWS_PROCESSED NUMBER
COMMAND_TYPE NUMBER
OPTIMIZER_MODE VARCHAR2(10)
OPTIMIZER_COST NUMBER
OPTIMIZER_ENV RAW(797)
OPTIMIZER_ENV_HASH_VALUE NUMBER
PARSING_USER_ID NUMBER
PARSING_SCHEMA_ID NUMBER
PARSING_SCHEMA_NAME VARCHAR2(30)
KEPT_VERSIONS NUMBER
ADDRESS RAW(4)
HASH_VALUE NUMBER
OLD_HASH_VALUE NUMBER
PLAN_HASH_VALUE NUMBER
MODULE VARCHAR2(64)
MODULE_HASH NUMBER
ACTION VARCHAR2(64)
ACTION_HASH NUMBER
SERIALIZABLE_ABORTS NUMBER
OUTLINE_CATEGORY VARCHAR2(64)
CPU_TIME NUMBER
ELAPSED_TIME NUMBER
OUTLINE_SID VARCHAR2(40)
LAST_ACTIVE_CHILD_ADDRESS RAW(4)
REMOTE VARCHAR2(1)
OBJECT_STATUS VARCHAR2(19)
LITERAL_HASH_VALUE NUMBER
LAST_LOAD_TIME DATE
IS_OBSOLETE VARCHAR2(1)
CHILD_LATCH NUMBER
SQL_PROFILE VARCHAR2(64)
PROGRAM_ID NUMBER
PROGRAM_LINE# NUMBER
EXACT_MATCHING_SIGNATURE NUMBER
FORCE_MATCHING_SIGNATURE NUMBER
LAST_ACTIVE_TIME DATE
BIND_DATA RAW(2000) -
Want a solution for a scenario-To Set Password expiration in OID from OIM
Hi,
I have one scenario. Please guide me in some details to achieve this.
I have one password policy in OIM. When user's password expires in OIM, then his password should also expire in OID. We have OID as user's repository.
For this I have one solution but dont know how to implement this in OIM.
"OID has the LDAP attribute called “pwdMaxAge” map this attribute to the OIM resource object and reset this value to number of days (as per password policy) whenever you change the password in OIM. This will set the password expiration time in the OID without having the password policy in place. "
Plesae suggest.
Thanks in advance.Well here is what you can do:
- For OIM the user's password will be governed with the Xellerate User password policy, which says that password must be changed every 28 days. So you are good in handling this in OIM.
Now for OID side, you have two options - *1. User changes OID password directly* and *2. User changes OID password through update in OIM profile password*. Most probably tou would want the second case. If true then here is what you can do.
- As user changes the OIM password. Create automatic trigger Change User Password which updates the password in the process form of OID.
- This invokes the Password Updated task.
- On SUCCESS of this task, call another task which goes to OID target and updates the attribute pwdMaxAge to Current date + 28
Thanks
Sunny -
Password expire date back to 2011 from 2012 after assigned a user profile
Friends,
I created a profile test as
COMPOSITE_LIMIT UNLIMITED
SESSIONS_PER_USER UNLIMITED
CPU_PER_SESSION UNLIMITED
CPU_PER_CALL UNLIMITED
LOGICAL_READS_PER_SESSION UNLIMITED
LOGICAL_READS_PER_CALL UNLIMITED
IDLE_TIME 60
CONNECT_TIME UNLIMITED
PRIVATE_SGA UNLIMITED
FAILED_LOGIN_ATTEMPTS 5
PASSWORD_LIFE_TIME 120
PASSWORD_REUSE_TIME 60
PASSWORD_REUSE_MAX 30
PASSWORD_VERIFY_FUNCTION NULL
PASSWORD_LOCK_TIME 1
PASSWORD_GRACE_TIME 7;
the user default profile default PASSWORD_LIFE_TIME is 180 and password expired date is 1/7/2012. the test account was created in 7/11/2011.
Now I assign test user to test profile successfully.
However. expire date becomes 11/8/2011 1 from 1/7/2012 by select dba_users
which wrong is in my profile or somewhere?
As I think, the account password expired should be start after assigned new profile with PASSWORD_LIFE_TIME. but is seems expire date is start from original account created date.
Thanks
newdba
Edited by: Oradb on May 24, 2012 1:56 PMI would think the expire time would be based on the last password change time which Oracle stores in the rdbms base table for user information (user$). Find a second user, alter the password, check the expire date, then assign the user to the new profile, re-check the expiration date. Post back. Behavior may vary between releases so include full Oracle version of test.
HTH -- Mark D Powell -- -
Remove Password Expiration Time setup
Hello,
I want to know how to remove password expiration time limit for ocs users? In our system all user accounts are getting expired after 3 to 4 weeks. I have to remove this restriction and make password never expiresYou have to do this directly in OID using oidadmin (Oracle Directory Administrator)
Instructions are in the admin guide at this URL
http://download-west.oracle.com/docs/cd/B25553_01/collab.1012/b25490/ch_users_groups.htm#OCSAG373 -
Changing expired password on a cbckend database from a frontend database
I have a split database with an Oracle backend (BE) and MS Access frontend (FE). My question is how to reset an expired password on the BE from the FE.
If I log on to the backend via sqlplus an error ORA-28001 (Password expired) occurs and the system immediately prompts for a new password before completing the login process.
If I log on from the frontend I get the same ORA error from the BE, but as far as I can tell, I can't reset the password from the FE.
I can capture the error fine at the FE and I am thinking that I could use this to open a dialog to reset the password and change it over the ODBC connection. The problem is that I need to get a connection to the BE database before sending a command to change the password from the FE, but since login cannot be completed from the FE, because of the expired password, I can't get an ALTER USER statement to execute on the BE to reset the password.
Is there a way to change a pre-expired password on an Oracle backend database from a frontend database? I don't see this as an Oracle/Access problem but as a problem that exists for any split database.I have thought about this a little and I am thinking about keeping a table of password update information. I can use this to create a "soft" expired password, using an expiration date in the table for each account. If the password is expired by the database then we can just update it with sqlplus or one of the other options.
As far as getting the organization to change it is waaaay to big and stupid to change their policy. -
Hi,
We have recently implmented CFLDAP authentication on one of
our websites & discovered a new issue of expired passwords.
I have been trying to read attrubutes like maxPwdAge or
accountExpires but not able to read the values as I guesss they are
flags. What I found on net is that coldfusion is not capable to
read ADSI & need to use java or vb object. Is that correct or
is there any other method of checking the expired password &
redirecting the page to change password form.
Thanks in advance
Any help is greatly appreciated
Thanksalter user <username> identified by <new_password>;
to make password unexpired:
in the profile of the user--> alter profile <profile_name> LIMIT password_life_time UNLIMITED;
*not recommended
Maybe you are looking for
-
How can I play a video in the background iphone 5s?
Hello there. As a Mac user I've got the pleasure to have the experience to do several things at the same time. One of them has been playing a video in the background I mean in the screen there's a small square that you can move freely and You can typ
-
IMac G5 20" Hard Drive Replacement?
Hi all, My brother has a 20" iMac G5 with a Maxtor HDD. It's a couple of years old and he doesn't have an AppleCare on it. The hard drive has been acting a little funny lately and I've had some bad experience with Maxtor in the past so I'm interested
-
I am using Internet Explorer 8. I have tried to install Flash Player 10.2.152.32. It goes through the Installation Manager & appears to have done all the installation with no problems. I get no error messages & get an installation done confirmation,
-
Hi, I have problem with the second online redo log file. SQL> ALTER DATABASE OPEN; ALTER DATABASE OPEN; ERROR at line 1: ORA-00322: log 2 of thread 1 is not current copy ORA-00312: online log 2 thread 1: 'D:\ORACLEXE\ORADATA\XE\O1_MF_2_266RQQDC_.LOG'
-
Is there a way to switch primary computers
i would like to unlock my screen but forgot the combination and i dont want to restore my ipod to factory settings and have to load all of my data again can someone plz help if i can just switch primary computers that would be great.