Howto: Change users password in Linux with Java

Hi, how can i write a Java program to change user acounts passwords in linux?

this is how i solved the problem:
Runtime rt = Runtime.getRuntime();
        String[] callAndArgs = { "passwd",
                                 "--stdin",
                                 "ehi" };
        try {
            String line = null;
            Process child = rt.exec(callAndArgs);
            InputStream stdin = child.getInputStream();
            InputStreamReader isr = new InputStreamReader(stdin);
            BufferedReader br = new BufferedReader(isr);
            OutputStream os = child.getOutputStream();
            PrintWriter pw = new PrintWriter(os);
            pw.println ("empty");
            pw.flush();
            if ((line = br.readLine()) != null)
                           System.out.println(line);
            pw.println("password2");
            pw.flush();
            child.waitFor();
            System.out.println("Process exit code is: " + child.exitValue());
        catch(IOException e) {
            System.err.println(
                    "IOException starting process!");
        } catch (InterruptedException e) {
            e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
        }

Similar Messages

How can i add a new user and change user'password with javamail?

how can i add a new user and change user'password from a mailserver with javamail?
email:[email protected]

Well user creation and updation is a system property..U need to go through that part...as it depends on the system you are hosting pout your application...
if it is linux...u have to use some shell programming\
bye for now let me know if this guides you or if you need some more stuff.
bye

Problem with Notifications on Create User/ Change User Password

Hello,
I'm having a problem sending emails to users when an account is created in OIM.
I added a notification to the user and user's manager on the Create User task in the Xellerate User process definition but the emails are not being sent.
I know that if I create another task with the purpose of sending emails and invoke it through the response in the Create User task, it will work.
My aim is to avoid adding tasks for something OIM should be able to do OOTB.
I'm also unable to send an email when a password is updated.. I did the same thing as for the Create User and I know the task (Change User Password) is being invoked by looking at the logs but the emails aren't being sent.
Has anyone ran into such problems?
I'm having these problems in the Xellerate User process task.. i've added notifications in other process tasks (mainly approval tasks) and they are working fine.
Thanks in advance

Hi,
I am just confuse with your response.Have you added the "Password Updated" task in xellerate user provisioning process?
Now if you changing password in OIM profile it will trigger "Change User Password" task not the "Password Updated" task and even if you add "Password Updated" task on Xellerate User provisioning task you can't see this task in Resource Details.
Now assume if you added your notification on "Password Updated" task of any resource which user is provisioned to even then when you change oim password it only trigger "Change User Password" task.So try to have your notification on "Change User Password" task.
Please clarify so that I can response correctly.
Regards
Nitesh

Change User password not working in SAP ME 6.0

Hi,
In SAP ME 6.0 SP01 6.0.1.0 Counter 40, the activity "Change User Password" does not work for me or any other user.
The activity window (Netweaver) shows, but in the top it says "An error occurred - contact system administrator".
This is the output from the default trace file. Seems my user is not authorized, but where do I set this authorization?
Br,
Johan
#2.0 #2011 09 06 11:15:11:064#+0200#Error#com.sap.security.core.wd.jmxmodel.JmxModelComp#
#BC-JAS-SEC-UME#sap.com/tcsecumewduimodel#C0000AD3034800820000000100000450#9934850000000004#sap.com/tcsecumewdkit#com.sap.security.core.wd.jmxmodel.JmxModelComp#JONORD#16##380199ECD86811E088C3000000979802#ae0e9d52d86811e08e7a000000979802#ae0e9d52d86811e08e7a000000979802#0#Thread[HTTP Worker [@312363456],5,Dedicated_Application_Thread]#Plain##
public void supplyCompany(IPrivateJmxModelCompInterface.ICompanyNode node, IPrivateJmxModelCompInterface.IContextElement parentElement)
[EXCEPTION]
com.sap.engine.services.jmx.exception.JmxSecurityException: Caller JONORD not authorized, required permission missing (javax.management.MBeanPermission -\#getCompanyConceptEnabled[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)
     at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)
     at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)
     at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)
     at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:288)
     at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)
     at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)
     at com.sap.security.core.jmx._gen.IJmxServer$Impl.getCompanyConceptEnabled(IJmxServer.java:1415)
     at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.supplyCompany(JmxModelCompInterface.java:1498)
     at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.supplyCompany(InternalJmxModelCompInterface.java:710)
     at com.sap.security.core.wd.jmxmodel.wdp.IPublicJmxModelCompInterface$ICompanyNode.doSupplyElements(IPublicJmxModelCompInterface.java:4301)
     at com.sap.tc.webdynpro.progmodel.context.DataNode.supplyElements(DataNode.java:110)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.createMappedElementList(MappedNode.java:78)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.supplyElements(MappedNode.java:71)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.createMappedElementList(MappedNode.java:78)
     at com.sap.tc.webdynpro.progmodel.context.MappedNode.supplyElements(MappedNode.java:71)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElementListAsObject(Node.java:263)
     at com.sap.tc.webdynpro.progmodel.context.Node.getElements(Node.java:270)

Hi,
Change User Password screen is in fact user self services screen of NW UME and to access it, user must have Manage_My_Password action. Installation and Security Guide ask to assign this action to all roles.

JMenuBar display quirks with some window managers on Linux with Java 6

When I run this code on Windows with Java 5 or Java 6, it works fine.
When on Linux with Java 5, it works fine.
When on Linux with Java 6 in KDE, it works fine.
When on Linux with Java 6 with twm or e17, the JMenu shows when I click on the JMenuBar, but goes away as soon as I release the mouse button. If I manually move or resize the window, it then works fine.
If I remove setLocationByPlatform(true), the menu bar works, but it does not position the window by platform, which is the desired behavior.
Am I doing something wrong, is there something wrong with both twm and e17, or is this a bug?
import java.awt.Dimension;
import java.awt.Label;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import javax.swing.JFrame;
import javax.swing.JMenuBar;
import javax.swing.JMenu;
import javax.swing.JMenuItem;
import javax.swing.WindowConstants;
public class Test extends JFrame {
    public Test() {
        super();
        setDefaultCloseOperation( WindowConstants.EXIT_ON_CLOSE );
        getContentPane().add( new Label( "Hello World" ) );
        JMenuBar mainMenu = new JMenuBar();
        setJMenuBar( mainMenu );
        JMenu helpMenu = new JMenu();
        mainMenu.add( helpMenu );
        helpMenu.setMnemonic( 'H' );
        helpMenu.setText( "Help" );
        JMenuItem help_about = new JMenuItem();
        helpMenu.add( help_about );
        help_about.setMnemonic( 'A' );
        help_about.setText( "About" );
        help_about.addActionListener(
            new ActionListener() {
                public void actionPerformed( ActionEvent evt ) {
                    System.out.println( "HELP!" );
        pack();
        setLocationByPlatform( true );
        setVisible( true );
    public static void main( String[] args )
        throws Exception {
        java.awt.EventQueue.invokeLater(
            new Runnable() {
                public void run() {
                    Test test = new Test();
}

In 10.1.3, there's an option to disable the splash screen on the Environment Page in preferences (although, of course, it's not much use if you never get to the main window because of the dialog popping up behind the splash screen... :) )
The bug with the dialog appearing behind the splashscreen is fixed in the upcoming 11g release. FWIW, it's a problem that appears to be unique to X-based systems, where for some reason the splashscreen window ends up with some super-ueber topmost property that forces all other windows to go behind it.
There's also a command line flag to suppress the splashscreen in 11g.
Thanks,
Brian

***How to use Java to change user password in *mdw file?

Hi,
Is it possible to use java to change user's password in the MS Access workgroup file(*mdw)? I have been searching for this topic for a long time, but no discoveries yet. Anyone has any idea?
Sincerely,
nonameisname

There is probably a windows API call that does it.
Once you find it, you wrap it in C code and then use JNI to call it from Java.

Change user password with CUA

When I attempt to change a password on a CUA child, I enter tocde SU01 and enter the account. The I was to reset password via the icon. When I select the change password icon (shift+ F8) and then the popup window appear to prompting you to enter and reenter password.
After I enter new pwd twice the screen stays nothing happen pop screen stay up and no status is reported back on the status bar at the bottom.
If I open up the account and change it via logon data table the change.reset password works fine.
Any ideas?
Mikie B.

There was a similar (unconclusive) discussion recently ( Screen not getting refreshed after reseting password ), for which I found the following thread:
Password generation problem
Maybe that can help.

How to change user password from default realm programaticaly

Hello,
I would like to know if there are any ways to change a users password from a file
realm through java classes ie . programaticaly.

Thank you for the support.
After looking at the code, I noticed RealmManager is not documented in the BEA
Javadocs. Am I missing something or is it not documented. Lot of other methods
also not documented. Do you have the latest Javadocs?
Thanks
John
"Tom Moreau" <[email protected]> wrote:
>
See message #4589 - it posts the code magic needed
to change the password. The caller doesn't have to
be aware of which realm is being used - that's taken
care of for you.
-Tom
"John M" <[email protected]> wrote:
Hello,
I would like to know if there are any ways to change a users passwordfrom
a file
realm through java classes ie . programaticaly.

Best way to create a "change user password" site?

Hi,
I want to provide my users with a page where they can change their password. I thought that I could just use the one from the system application (changepw.htm). But it doesn't feature the design2003 and my application has to have a consistent look and feel.
So I copied it and tried to get it working but that wasn't possible because it relies on an application class which I can't get working (it relies on the IF_BSP_APPLICATION_EVENTS) because I don't want to use it as a general application-class and so some methods will not be called.
It seems that the only choice left is to start my own site which will reuse most of the code from the system application class. But before I start reinventing the wheel I would like to know: How have you implemented this functionality?

Hi Deepak,
My approach was the following. I created a new controller and a new view for the password site. Then I extracted all the useful methods from the CL_BSP_LOGIN_APPLICATION class and put it in my controller class. I recycled all the translation stuff so that the page is available in different languages and I also used a lot code from the CHANGE_PW_PROCESSING method. I think it took me nearly a day to get everything working. The most annoying part was testing it because our sap system didn't allow you to change your password twice a day so I had to use lots of test user accounts
Regarding your other question. I have never worked with the BW but from a technical standpoint I am sure that it's possible to change your password when https/SSO is not enabled. But I would never allow my users to change their password when they are not using https.

Why cant i change user password or pwdlastset after delegation for only certain users in an ou?

I remembered a while ago I used delegate control to assign the ability to reset pwd and reset change on next logon. It seems to work for some users but not others in same ou. effective permissions shows I have write access to the attribute for
the user; see imgur link below. the box for change pwd at next logon is gray. attribute editor tab doesn't allow me to edit it either. domain admins can change it. I'm wondering what else I should check out cus everything I know says
I have the right to change it.
forest / domain level 2003
http://imgur.com/1VHuh7h
mydomain\Allow Reset Win Pwd was used for delegation and the user trying to change the password is a part of that group. they are also a member of account operators
Owner: mydomain\Domain Admins
Group: mydomain\Domain Admins
Access list:
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow mydomain\Domain Admins SPECIAL ACCESS
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 DELETE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow mydomain\Enterprise Admins SPECIAL ACCESS
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 DELETE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow BUILTIN\Administrators SPECIAL ACCESS
 DELETE
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 DELETE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow NT AUTHORITY\Authenticated Users
 SPECIAL ACCESS
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow NT AUTHORITY\SYSTEM FULL CONTROL
Allow mydomain\Allow Reset Win Pwd SPECIAL ACCESS <Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow BUILTIN\Terminal Server License Servers
 SPECIAL ACCESS <Inherited
from parent>
 READ PERMISSONS
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
Allow mydomain\Enterprise Admins FULL CONTROL <Inherited from parent>
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 LIST CONTENTS
Allow BUILTIN\Administrators SPECIAL ACCESS <Inherited from parent>
 DELETE
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow mydomain\Delegate-Join-Domain-Rights
 SPECIAL ACCESS for computer
<Inherited from parent>
 CREATE CHILD
Allow Everyone SPECIAL ACCESS for computer <Inherited from parent>
 CREATE CHILD
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Account Restrictions
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Account Restrictions
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Logon Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Logon Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Group Membership
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for General Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for General Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Remote Access Information
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Remote Access Information
 READ PROPERTY
Allow mydomain\Cert Publishers SPECIAL ACCESS for userCertificate
 WRITE PROPERTY
 READ PROPERTY
Allow BUILTIN\Windows Authorization Access Group
 SPECIAL ACCESS for tokenGroupsGlobalAndUniversal
 READ PROPERTY
Allow BUILTIN\Terminal Server License Servers
 SPECIAL ACCESS for terminalServer
 WRITE PROPERTY
 READ PROPERTY
Allow mydomain\Allow Reset Win Pwd SPECIAL ACCESS for pwdLastSet <Inherited from parent>
 WRITE PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Account Restrictions
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Logon Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Group Membership
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for General Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Remote Access Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Terminal Server License Servers
 SPECIAL ACCESS for accountExpires
<Inherited from parent>
 WRITE PROPERTY
Allow BUILTIN\Terminal Server License Servers
 SPECIAL ACCESS for Terminal Server
License Server <Inherited from parent>
 WRITE PROPERTY
 READ PROPERTY
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
 SPECIAL ACCESS for tokenGroups
<Inherited from parent>
 READ PROPERTY
Allow NT AUTHORITY\SELF SPECIAL ACCESS for Private Information <Inherited from parent>
 WRITE PROPERTY
 READ PROPERTY
 CONTROL ACCESS
Allow Everyone Change Password
Allow NT AUTHORITY\SELF Change Password
Allow mydomain\Allow Reset Win Pwd Reset Password <Inherited from parent>
Permissions inherited to subobjects are:
Inherited to all subobjects
Allow mydomain\Enterprise Admins FULL CONTROL <Inherited from parent>
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 LIST CONTENTS
Allow BUILTIN\Administrators SPECIAL ACCESS <Inherited from parent>
 DELETE
 READ PERMISSONS
 WRITE PERMISSIONS
 CHANGE OWNERSHIP
 CREATE CHILD
 LIST CONTENTS
 WRITE SELF
 WRITE PROPERTY
 READ PROPERTY
 LIST OBJECT
 CONTROL ACCESS
Allow mydomain\Delegate-Join-Domain-Rights
 SPECIAL ACCESS for computer
<Inherited from parent>
 CREATE CHILD
Allow Everyone SPECIAL ACCESS for computer <Inherited from parent>
 CREATE CHILD
Allow NT AUTHORITY\SELF SPECIAL ACCESS for Private Information <Inherited from parent>
 WRITE PROPERTY
 READ PROPERTY
 CONTROL ACCESS
Inherited to group
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
 SPECIAL ACCESS for tokenGroups
<Inherited from parent>
 READ PROPERTY
Inherited to computer
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
 SPECIAL ACCESS for tokenGroups
<Inherited from parent>
 READ PROPERTY
Inherited to group
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Inherited to inetOrgPerson
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS <Inherited
from parent>
 READ PERMISSONS
 LIST CONTENTS
 READ PROPERTY
 LIST OBJECT
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Remote Access Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for General Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Group Membership
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Logon Information
<Inherited from parent>
 READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access
 SPECIAL ACCESS for Account Restrictions
<Inherited from parent>
 READ PROPERTY
The command completed successfully

I think this is a problem with the user object rather than the ou. Reasoning is that I can reset a password for a user in the same OU but not for another user in the same OU. Two users, same ou. I can reset one but not the other.
Effective Permissions shows I am granted permisiion to do so.
I believe the error was access denied when we tried to change the password via vbscript.
@seansobey - I applied the delegation at a ou higher in the tree. I forget how I had it apply down the tree but I confirmed that the acl is correct
and applied to the user
@Travis Vogel - It looks like the user with this problem is a part of Domain Users. I think the ACL is applied to the user because it shows in
the security window and effective permissions shows I have permission to reset the password. However, I see this other user is a part iof the builtin user group and the problematic user account is not. I may try adding the problematic user account
to that group and testing. It'll have to wait until tomorrow though.

How can you create a customized page to change user password?

Hello to all,
I would like to create a customized page for a user to change their password. We are using Portal version 3.0.9 on Windows NT/2000. Currently there is a page in portal where a user can change their password.
I tried linking to that page by copying the shortcut url and adding it as an html portlet. The problem is that we want to direct the users to a
page of our choosing when they click on the "cancel" and "ok" buttons. I read in the forums that there is a selfreg.cmd script.
I also read that there is some code that has been available.
Has anyone implemented a customized user password change page? Do you know of any links that might have steps to follow or
more informatioin?
Thanks in advance,
Lindsay

Hi,
I was able to customize the change password screen through a procedure. This is what I did:
* Created a procedure under the Portal30_sso schema:
CREATE OR REPLACE procedure reports_chage_password
site2pstoretoken in varchar2 default null
,p_username in varchar2 default null
,p_error_code in varchar2 default null
,p_submit_url in varchar2 default null
,p_done_url in varchar2 default null
,p_pwd_is_exp in varchar2 default null
,p_password in varchar2 default null
is
begin
htp.htmlopen;
htp.headopen;
htp.title ('<TITLE of Page>');
htp.headclose;
htp.bodyopen;
htp.p('<table width="100%"><tr><td colspan=2 align=center><IMG SRC=<directory of image if you want>"> <hr> </td></tr>');
htp.p('<tr><td colspan=2 align=center>');
htp.p('');
htp.header(nsize => 1 ,cheader => 'Change Password');
htp.p('');
htp.p('</td></tr><tr><td align=right>');
htp.formopen(curl => p_submit_url );
htp.p('');
htp.p ('Username:');
htp.p('</td><td alight=left>');
htp.p(p_username);
htp.p('');
htp.p('</td></tr>');
htp.formHidden(cname => 'p_username',cvalue => p_username);
htp.br;
htp.p('<tr><td align=right>');
htp.p('');
htp.p ('Old Password: ');
htp.p('');
htp.p('</td><td align=left>');
htp.p ( htf.formPassword(cname => 'p_old_password',csize => 30,cmaxlength => 30) );
htp.p('</td></tr>');
htp.br;
htp.p('<tr><td align=right>');
htp.p('');
htp.p ('New Password: ');
htp.p('');
htp.p('</td><td align=left>');
htp.p ( htf.formPassword(cname => 'p_new_password',csize => 30,cmaxlength => 30) );
htp.p('</td></tr>');
htp.br;
htp.p('<tr><td align=right>');
htp.p('');
htp.p ('Confirm New Password: ');
htp.p('');
htp.p('</td><td align=left>');
htp.p ( htf.formPassword(cname => 'p_new_password_confirm',csize => 30,cmaxlength => 30) );
htp.p('</td></tr>');
htp.p('<tr><td rowsapn=2>');
htp.formHidden(cname => 'p_done_url',cvalue => '<the url that you want users to go to when they are done>');
htp.formHidden(cname => 'p_pwd_is_exp',cvalue => p_pwd_is_exp);
htp.formHidden(cname => 'p_password',cvalue => p_password);
htp.formHidden(cname => 'site2pstoretoken',cvalue => site2pstoretoken);
htp.p('</td></tr>');
htp.p('<tr><td align=right>');
htp.formSubmit(cname => 'p_action',cvalue => 'OK');
htp.p('</td><td align=left>');
htp.formSubmit(cname => 'p_action',cvalue => 'CANCEL');
htp.p('</td></tr></table>');
if p_error_code is not null then
htp.br;
htp.fontOpen(ccolor=> 'red', csize=> 4);
if p_error_code = 'auth_fail_err' then
htp.p('Old password is incorrect');
elsif p_error_code = 'pwd_rule_err' then
htp.p('The new password does not follow '||
'the password policies.');
htp.br;
htp.p('Verify with your System Administrator '||
'about the Password Policies');
elsif p_error_code = 'confirm_pwd_fail_txt' then
htp.p('Confirmation for new passord is not '||
'the same as the New Passowrd');
elsif p_error_code = 'null_new_pwd_err' then
htp.p('New password cannot be null');
elsif p_error_code = 'null_old_pwd_err' then
htp.p('Old password cannot be null');
else
htp.p ('Error: ' || p_error_code );
end if;
htp.fontClose;
end if;
end;
* Grant this procedure to PUBLIC
* Update the portal30_sso.wwsso_ls_configuration_info_$:
UPDATE portal30_sso.wwsso_ls_configuration_info_$
SET LOGIN URL = '<YOUR CUSTOM LOGIN URL OR THE WORD UNUSED IF YOU DON'T HAVE ONE> http://<MACHINE_NAME>.<DOMAIN>/pls/portal30_sso/portal30_sso.<NAME OF PROCEDURE>';
* After you update the table, go to your account information link, and click on the change password link.
* Then copy the url that you see in your address line
* And if you want a change password link at the top of your portal page, just go to EDIT on your page, then edit the banner defaults. Then in the links add the Lable and the URL. The URL would be the URL you copied from the previous step.
Hope this helps.
I've customized the login page too if you would like some sample code for that. Let me know.
Martin

User is not able to change his own password... Only DBA can change users password ??

Hi,
I have this problem today.I am using Oracle 8.1.7 on Solaris 2.8
A Oracle user say " SCOTT" trying to change his password but could not.. he gets the followling message
SQL> alter user scott identified by abc123;
alter user scott identified by abc123
ERROR at line 1:
ORA-28003: password verification for the specified password failed
Scott's profile has password_verfiy function. Hence i thought abc123 password was not matching with the password verify condition. Surprisingly, what ever password SCOTT tries with, he could get the same error message and could not change his password.. Ultimatly SCOTT could never change his password. How is it possible ??
It is noteworthy to mention that if i give DBA role to SOCTT then he can change his password with abc123 or any thing that satisfies with password verification function.
Now Only a user who has DBA role or a DBA could change passwords..
Can somebody through some light on it and explain what corrective action to be taken so that Users can change their password without DBA's interreption.
Thanks in advance
Regards
Srini

<PRE>
This is the description of the error message:
=============================================================================
ORA-28003 password verification for the specified password failed
Cause: The new password did not meet the necessary complexity specifications
and the PASSWORD_VERIFY_FUNCTION failed.
Action: Enter a different password. Contact the database administrator to find
out the rules for choosing the new password.
=============================================================================
it clearly says that password has to match the complexity specifications. You will not be able
to change password without meeting the complexity requirements.
DBA's can make the change to the password because if DBA's can not change the password, it could lock
you out of the database (all users including the DBA's) and you will not be able to access the
database.
Try removing the password verify function and see if you can then change the password succssfully.
</PRE>
hi Prakash,
The verify password function is standard oracle function and I do not think the current problem is any way related to the rules that were framed in verify password function. The key point here is a user could not change his own password. But a DBA or a user who has ALTER USER system privs.. can do so..
Regards
Srini

Unable to change user password (OD-Master)

Hi!
Running a xserve with 10.9.5 as an OD-Master with more than 1000 users I realized that I cannot change their passwords anymore.
I'm using WorkgroupManager, and get the following message:
"In order to set the password of a a user with an Open Directory Password, your own password type must be Open Directory. Administrators with other password types cannot set the password of a user with an Open Directory password."
In the server.app I cannot change the password too without any error-message. The dialog is just not disappearing.
Any ideas?
Thank you,
Peter

Well I had exactly the same problem here with OS X 10.9.5 Mavericks Server and Security Update 2015-004 applied.
I tried several things (rekerberize my server, reset my Open Dir Admin password) but finally what worked for me:
I renewed my Certificate with Server.app > Certificates > double click on your certificate > a new window opens with the certificate > click "Renew..." > then "OK"
After that I could create a new user with a password with "Server.app" without trashing my whole OD-Master :-)
Also what could help: In "Workgroup Manager.app" > try to login with a local admin credential > then click on the right "Lock" icon > and authenticate
with the "OpenDir-Admin" credential so that you will see "Authenticated as myopendiradmin to directory; /LDAPv3/127.0.0.1
hope this helps
Gilles

Delay in the change user password OIM 11g

Hi guys,
I have a problem with OIM 11g. The user accesses the OIM to do change your password, when the message that password is changed show, the user executed log-off and try access with new password, but the new password isn't accepted.
The new password is posted to AD immediately.
Only after of some time, the new password is accepted in OIM.
I need the new password is applied as in AD. When changing the password.
Someone know resolve this issue??
Thanks

I don’t think this is possible. You can add some delay while changing target system password. But not guarantee.

Changing user password in Active Directory using the JNDI GSS-API/Kerberos5

Hello,
I am trying to the JNDI GSS-API to change a user password on an Active Directory Server 2003. I have seen a variation of this using SSL on the thread [*http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0*|http://forums.sun.com/thread.jspa?threadID=592611&start=0&tstart=0]
but I can't seem to make this work using the GSS-API. I can successfully create a javax.security.auth.login.LoginContext.LoginContext and then call the login method on it to log in as a user. I then call the javax.security.auth.Subject.doAs() method which calls the run method in a class extending the javax.security.PrivilegedActionClass. But when I actually try to change the password using InitialDirContext.modifyAttributes(), I get the exception:
*javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-03190DC9, problem 5003 (WILL_NOT_PERFORM), data 0*
*If anyone can help me figure out why it doesn't work, that would be great!*
P.S: I know the error seems to suggest that there might be some active directory setting that is preventing this from working, but I've checked all relevant settings on the Windows 2003 server Active Directory that I can think of: In the User properties->Account->Account options, I've made sure the user can change password. Also, in the Group Policy->Computer Configuration->Windows Settings->Security Settings->Account Policies->Password Policy, Maximum password age is zero and so is minimum password age.
Here's my java code:
{code}import javax.naming.*;
import javax.security.auth.*;
import java.security.PrivilegedAction;
import java.io.UnsupportedEncodingException;
public void changeSecret((String uid, String oldPassword, String newPassword)
 throws NamingException, ACException{
try {
 K5CallbackHandler cb = new K5CallbackHandler(uid, oldPassword);
 LoginContext lc = new LoginContext("marker", cb);
 lc.login();
 Subject.doAs(lc.getSubject(), new ChangePasswordAction(rz.getName(), oldPassword, newPassword));
 catch(LoginException e) {
 try {
 lc.logout();
 catch(LoginException e) {
}ChangePasswordAction.java is:import javax.naming.*;
import javax.naming.naming.directory.*;
import java.io.UnsupportedEncodingException;
private class ChangePasswordAction implements PrivilegedAction {
 private String uid;
 private String quotedOldPassword;
 private String quotedNewPassword;
 public ChangePasswordAction(String uid, String oldPassword, String newPassword) {
 this.uid = uid;
 quotedOldPassword = "\"" + oldPassword + "\"";
 quotedNewPassword = "\"" + newPassword + "\"";
 public Object run() {
 Hashtable env = new Hashtable(11);
 env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
 env.put(Context.PROVIDER_URL, "ldap://ad2k3:389");
 env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
 try {
 DirContext ctx = new InitialDirContext(env);
 ModificationItem[] mods = new ModificationItem[2];
 byte[] oldPasswordUnicode = quotedOldPassword.getBytes("UTF-16LE");
 byte[] newPasswordUnicode = quotedNewPassword.getBytes("UTF-16LE");
 mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldPasswordUnicode));
 mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newPasswordUnicode));
 ctx.modifyAttributes(uid, mods);
 ctx.close();
 } catch (NamingException e) {
 } catch (UnsupportedEncodingException e) {
 return null;
}K5CallbackHandler is:import javax.security.auth.callback.*;
final class K5CallbackHandler
implements CallbackHandler {
 private final String name;
 private final char[] passwd;
 public K5CallbackHandler(String nm, String pw) {
 name = nm;
 if(pw == null) {
 passwd = new char[0];
 else {
 passwd = pw.toCharArray();
 public void handle(Callback[] callbacks)
 throws java.io.IOException, UnsupportedCallbackException {
 for(int i = 0; i < callbacks.length; i++) {
 if(callbacks[i] instanceof NameCallback) {
 NameCallback cb = (NameCallback) callbacks;
 cb.setName(name);
 else {
 if(callbacks[i] instanceof PasswordCallback) {
 PasswordCallback cb = (PasswordCallback) callbacks[i];
 cb.setPassword(passwd);
 else {
 throw new UnsupportedCallbackException(callbacks[i]);
}The relevant entry in the JAAS.conf file that is referred to as "marker" in the LoginContext constructor is:
marker {
com.sun.security.auth.module.Krb5LoginModule required client=TRUE;

This is one of the two Active Directory operations I have never solved using Java/JNDI. (FYI the other one is Cross Domain Move).
My gut feel is that the underlying problem (which happens to be common to both Change Password & X-Domain Move) is that Java/JNDI/GSSAPI does not negotiate a sufficiently strong key length that allows Active Directory to change passwords or perform cross domain moves when using Kerberos & GSSAPI.
Active Directory requires at a minimum, 128 bit key lengths for these security related operations.
In more recent Kerberos suites and Java versions, support for RC4-HMAC & AES has been introduced, so it may be possible that you can negotiate a suitably string key length.
Make sure that your Kerberos configuration is using either RC4-HMAC or AES and that Java is requesting a strong level of protection. (You can do this by adding //Specify the quality of protection
//Eg. auth-conf; confidentiality, auth-int; integrity
//confidentiality is required to set a password
env.put("javax.security.sasl.qop","auth-conf");
//require high strength 128 bit crypto
env.put("javax.security.sasl.strength","high"); in your ChangePasswordAction class.
You may also want to enable sasl logging in your app to see what exactly is going on and you may also want to check on the Java Security forum how to configure/enforce/check both RC4-HMAC or AES is used as the Kerbeos cipher suite and that a string key length is being used.
Good luck.

Howto: Change users password in Linux with Java

Similar Messages

Maybe you are looking for