Reg ex for password validation
hi help me for password validation......
Password should contain 6 to 8 characters, at least one letter and at least one number, contain no spaces and no special characters (e.g. &, >, *,$)
String[] tests = {"abc1def", "2abcdef", "abcdef", "123456"};
for(String t: tests) {
if(t.matches("^(?=\\D*\\d)(?=[^a-zA-Z]*[a-zA-Z]).*$")) {
System.out.println("Accepted: "+t);
} else {
System.out.println("Rejected: "+t);
// Accepted: abc1def
// Accepted: 2abcdef
// Rejected: abcdef
// Rejected: 123456@OP: this does not answer your question, but it will get you started. Try to finish it yourself.
Similar Messages
-
Why are errors for password validation in struts 1.2.4 not being displayed
I have the following in my validation.xml file
<field property="passwordconfirm"
depends="required">
<arg0 key="registration.passwordconfirm"/>
</field>
In my jsp I have the following
Password Confirm<html:password property="passwordconfirm" size="10" />
<html:errors property="passwordconfirm"/>
In my ApplicationResources.properties file I have the following
errors.required={0} is required.
registration.firstname = First name
registration.passwordconfim= Password
Other text fields work fine i.e. the errors are shownsorry this should read why no errors shown for password validation in struts 1.2.4.
-
hi,
I am trying to write a custom java file for password validation. when we load it and compile using adadmin the class file is not getting generated.
also, i would like to know how to customize the message that appears.
example PASSWORD-INVALID. I would like to use explanatory message. Where do i define these strings.
package oracle.apps.fnd.security;
import oracle.apps.fnd.common.VersionInfo;
// Referenced classes of package oracle.apps.fnd.security:
// PasswordValidation
public class AppsPasswordValidationCUS
implements PasswordValidation
public String getErrorStackApplicationName()
return "FND";
public String getErrorStackMessageName()
return m_errorStackMessageName;
public boolean validate(String username, String password)
if(password ==null || password.length() == 0 || username == null || username.length() == 0)
m_errorStackMessageName = "PASSWORD-INVALID";
return false;
if(password.length() < 6)
m_errorStackMessageName = "PASSWORD-INVALID-LENGTH";
return false;
if(!validateLettersAndDigits(password))
m_errorStackMessageName = "PASSWORD-INVALID-LETTER-NUMBER";
return false;
if(!validateNoUsername(username, password))
m_errorStackMessageName = "PASSWORD-INVALID-USERNAME";
return false;
if(!validateNoRepeats(password))
m_errorStackMessageName = "PASSWORD-INVALID-REPEATS";
return false;
return true;
private boolean validateLettersAndDigits(String p_password)
boolean flag = false;
boolean flag1 = false;
for(int i = 0; i < p_password.length(); i++)
if(Character.isLetter(p_password.charAt(i)))
flag = true;
if(Character.isDigit(p_password.charAt(i)))
flag1 = true;
return flag && flag1;
private boolean validateNoUsername(String p_username, String p_password)
return p_password.toUpperCase().indexOf(p_username.toUpperCase()) == -1;
private boolean validateNoRepeats(String p_password)
for(int i = 1; i < p_password.length(); i++)
if(p_password.charAt(i) == p_password.charAt(i - 1))
return false;
return true;
private String m_errorStackMessageName;
}Hi Colin,
We are able to update the password in OIM user profile now. However, after the process is done in java code, it is not redirecting to OAM Password change success page which will have a Back button. Also, we are seeing a Bug Report form page with the content given below:
Bug Report Form
An error has occurred while executing the application.
Your browser doesn't support sending mail automatically!
Please send E-Mail to <a =""></a> with the following information:
Your Name
Organization
E-Mail Address
Phone Number
Comment
Make sure to append the following traceback in the mail.
Traceback Traceback is unavailable.
Product Lost Password ManagementVersion
Platform Linux
Any clue as when we will witness this?
-Mahendra. -
Pam.conf does not use ldap for password length check when changing passwd
I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
I have dsee 6.0 installed on a solaris 10 server (client).
I have a solaris 9 server (server) set up to use ldap authentication.
bash-2.05# cat /var/ldap/ldap_client_file
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= X, Y
NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= tls_profile
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
NS_LDAP_BIND_TIME= 10
bash-2.05# cat /var/ldap/ldap_client_cred
# Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
bash-2.05# cat /etc/nsswitch.conf
# /etc/nsswitch.ldap:
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
passwd: files ldap
group: files ldap
# consult /etc "files" only if ldap is down.
hosts: files dns
ipnodes: files
# Uncomment the following line and comment out the above to resolve
# both IPv4 and IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
# the Network Administration Guide for more details on using IPv6.
#ipnodes: ldap [NOTFOUND=return] files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: ldap
automount: files ldap
aliases: files ldap
# for efficient getservbyname() avoid ldap
services: files ldap
sendmailvars: files
printers: user files ldap
auth_attr: files ldap
prof_attr: files ldap
project: files ldap
bash-2.05# cat /etc/pam.conf
#ident "@(#)pam.conf 1.20 02/01/23 SMI"
# Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# PAM configuration
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
# Authentication management
# login service (explicit because of pam_dial_auth)
login auth requisite pam_authtok_get.so.1 debug
login auth required pam_dhkeys.so.1 debug
login auth required pam_dial_auth.so.1 debug
login auth binding pam_unix_auth.so.1 server_policy debug
login auth required pam_ldap.so.1 use_first_pass debug
# rlogin service (explicit because of pam_rhost_auth)
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1 use_first_pass
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
# PPP service (explicit because of pam_dial_auth)
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_dial_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1 use_first_pass
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
other auth requisite pam_authtok_get.so.1 debug
other auth required pam_dhkeys.so.1 debug
other auth binding pam_unix_auth.so.1 server_policy debug
other auth required pam_ldap.so.1 use_first_pass debug
# passwd command (explicit because of a different authentication module)
passwd auth binding pam_passwd_auth.so.1 server_policy debug
passwd auth required pam_ldap.so.1 use_first_pass debug
# cron service (explicit because of non-usage of pam_roles.so.1)
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
other account requisite pam_roles.so.1 debug
other account required pam_projects.so.1 debug
other account binding pam_unix_account.so.1 server_policy debug
other account required pam_ldap.so.1 no_pass debug
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
other session required pam_unix_session.so.1
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
other password required pam_dhkeys.so.1 debug
other password requisite pam_authtok_get.so.1 debug
other password requisite pam_authtok_check.so.1 debug
other password required pam_authtok_store.so.1 server_policy debug
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
bash-2.05$ passwd
passwd: Changing password for VV
Enter existing login password:
New Password:
passwd: Password too short - must be at least 8 characters.
Please try again
May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
I am using the default policy on the directory server which states a minimum password length of 6 characters.
server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
pwd-accept-hashed-pwd-enabled : N/A
pwd-check-enabled : off
pwd-compat-mode : DS6-mode
pwd-expire-no-warning-enabled : on
pwd-expire-warning-delay : 1d
pwd-failure-count-interval : 10m
pwd-grace-login-limit : disabled
pwd-keep-last-auth-time-enabled : off
pwd-lockout-duration : disabled
pwd-lockout-enabled : off
pwd-lockout-repl-priority-enabled : on
pwd-max-age : disabled
pwd-max-failure-count : 3
pwd-max-history-count : disabled
pwd-min-age : disabled
pwd-min-length : 6
pwd-mod-gen-length : 6
pwd-must-change-enabled : off
pwd-root-dn-bypass-enabled : off
pwd-safe-modify-enabled : off
pwd-storage-scheme : CRYPT
pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
pwd-strong-check-enabled : off
pwd-strong-check-require-charset : lower
pwd-strong-check-require-charset : upper
pwd-strong-check-require-charset : digit
pwd-strong-check-require-charset : special
pwd-supported-storage-scheme : CRYPT
pwd-supported-storage-scheme : SHA
pwd-supported-storage-scheme : SSHA
pwd-supported-storage-scheme : NS-MTA-MD5
pwd-supported-storage-scheme : CLEAR
pwd-user-change-enabled : off
Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
. It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
Edited by: ericduggan on Sep 8, 2008 5:30 AMyou can try passwd -r ldap for changing the ldap passwds...
-
ICal yields "Error during PUT for mailto:valid@email: iMIP request failed"
Hello,
I'm trying to bring up an iCal server (using Mac OS X Lion 10.7.3 Server on a Mac Mini). The basic configuration runs fine. But when I tried to enable eMail invitations, I got stuck with those messages in the error log:
[twistedcaldav.scheduling.imip#error] Could not do server-to-imip request : <twistedcaldav.scheduling.imip.ScheduleViaIMip object at 0x10075e5d0> User timeout caused connection failure.
[twistedcaldav.scheduling.scheduler.ScheduleResponseQueue#error] Error during PUT for mailto:valid@email: iMIP request failed
My configuration settings:
calendar:Scheduling:CalDAV:EmailDomain = ""
calendar:Scheduling:CalDAV:HTTPDomain = ""
calendar:Scheduling:CalDAV:AddressPatterns = _empty_array
calendar:Scheduling:iMIP:Sending:Server = "valid.mail.server"
calendar:Scheduling:iMIP:Sending:UseSSL = no
calendar:Scheduling:iMIP:Sending:Username = "valid@email"
calendar:Scheduling:iMIP:Sending:Address = "valid@email"
calendar:Scheduling:iMIP:Sending:Password = "safe_password"
calendar:Scheduling:iMIP:Sending:Port = 25
calendar:Scheduling:iMIP:Enabled = yes
calendar:Scheduling:iMIP:MailGatewayPort = 62310
calendar:Scheduling:iMIP:Receiving:Server = "valid.mail.server"
calendar:Scheduling:iMIP:Receiving:UseSSL = yes
calendar:Scheduling:iMIP:Receiving:Username = "valid_email"
calendar:Scheduling:iMIP:Receiving:PollingSeconds = 30
calendar:Scheduling:iMIP:Receiving:Type = "imap"
calendar:Scheduling:iMIP:Receiving:Password = "safe_password"
calendar:Scheduling:iMIP:Receiving:Port = 993
calendar:Scheduling:iMIP:AddressPatterns:_array_index:0 = "mailto:.*"
calendar:Scheduling:iMIP:MailGatewayServer = "valid.mail.server"
calendar:Scheduling:iSchedule:Enabled = no
calendar:Scheduling:iSchedule:Servers = "servertoserver.xml"
calendar:Scheduling:iSchedule:AddressPatterns = _empty_array
It does not even try to connect to the given smtp server. How do I proceed?I dug into the sources, and am now smarter
the above settings are invalid, because of the gateway (this has to be iCal itself):
calendar:Scheduling:iMIP:MailGatewayServer = "localhost"
Now the IMAP server is being asked, but now I have the next problem:
[mailgateway] 2012-03-27 11:14:37+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadFactory#debug] Scheduling next IMAP4 poll
[mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] RECEIVED: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
[mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] IMAP servergreeting
[mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] SENDING: 0001 AUTHENTICATE PLAIN
[mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] RECEIVED: +
[mailgateway] 2012-03-27 11:15:07+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] SENDING: 1GNhbEwhZHNwZXJ0LmRlAFlpZXE5YW==
[mailgateway] 2012-03-27 11:15:09+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] RECEIVED: 0001 NO [AUTHENTICATIONFAILED] Authentication failed.
[mailgateway] 2012-03-27 11:15:09+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] IMAP authenticate failed for valid@email, trying login
[mailgateway] 2012-03-27 11:15:09+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] SENDING: 0002 LOGIN "valid@email" "valid_password"
[mailgateway] 2012-03-27 11:15:16+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#debug] RECEIVED: 0002 NO [AUTHENTICATIONFAILED] Authentication failed.
[mailgateway] 2012-03-27 11:15:16+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadProtocol#error] IMAP login failed for valid@email
[mailgateway] 2012-03-27 11:15:16+0200 [IMAP4DownloadProtocol,client] [twistedcaldav.mail.IMAP4DownloadFactory#debug] IMAP factory connection lost -
Mapping file for Password Sync
The directions are -
Synchronizing Passwords from Oracle Internet Directory to Microsoft Active Directory - Before Active Directory Connector can synchronize passwords in this direction, do the following:
Add a mapping rule that enables password synchronization. For example:
Userpassword: : :inetorgperson:unicodepwd: :user
Req -
Can some one share there mapping file which they would have used for password Sync . you can mail it to me on [email protected]
Regards,
RashidHi,
Below is the mapping I used :
DomainRules
cn=users,dc=test,dc=com:cn=users,dc=coreid,dc=test,dc=com
AttributeRules
# Organizational Unit Mapping
ou: : :organizationalunit:ou: : organizationalunit
# Container mapping
cn: : :orclcontainer: cn: :Container
#Domain cannot be exported
#name: : :domain: dc: :domain
cn:1: :inetorgperson:cn: :User
uid|cn: : :inetorgperson:SAMAccountName: :User
#orclSAMAccountName:1: :inetorgperson:SAMAccountName: :User: truncl(orclSAMAccountName,'$')
#cn:1: :inetortperson:SAMAccountName: :User
# attribute rule for mapping Active Directory LOGIN id
#mail: : :person:sn: :User:
mail: : :person:UserPrincipalName: :User:
# attribute rule for mapping entry and to create orclUserV2
# There should be a mapping rule with orcluserv2 objectclass
# without which the PORTAL may not function properly
sn: : :inetorgperson:sn: :person
givenname: : :inetorgperson:givenname: :person
cn: : :person:displayName: :person
# mail needs to be assigned valid value for default settings ing DAS
mail: : :inetorgperson:mail: :person
userpassword: : :inetorgperson:unicodepwd: :person:
cn: : :person:useraccountcontrol: :person:"512"
mobile: : :inetorgperson:mobile: :organizationalperson:
orclisenabled: : :inetorgperson:obuseraccountcontrol: :oblixOrgPerson:"ACTIVATED"
# GROUP ENTRY MAPPING RULES
cn: : :orclgroup:cn: :group:
# This will work successfully only when cn doesn't have any
# special characters associated with it.
cn: : :orclgroup:SAMAccountName: :group:
uniquemember: : :groupofuniquenames:member: :group: -
Bringing back an old password validation rule
Good afternoon
On our old 4.6C system, there was a password validation rule that stated the first three characters of the password cannot occur in the same order in the user ID. This rule was removed when we upgraded to ECC 6.0
While the users hated that rule, that rule was a SOX requirement at our company and I would like to have it back. Before I resort to programming user exits, is there a way to reactivate or at least simulate that rule? I cannot use USR40 because not only does it effect all users on the system, it only works on the second logon and not at validation time.
If programming user exits like EXIT_SAPLSUSF_001 is my only option, where can I get the password at logon time? From my understanding, SAP does not store this in a system value or even a global variable or table to prevent the recording of passwords. While this is a valid security reason, it would solve the resurrection of this password role through programming.
Please advise.
Kind Regards
MoggieHi Moggie,
> Pending the result of the contract programmer's research, placing a 3 character prefix of each new user ID in table USR40 is looking like the best option, though I do hate to place that kind of check for all user IDS when only one ID really needs that validation rule.
A problem with that will soon arise when you have for example 10000 user ID's and want the users to have the opportunity to use strong pass-phrases (not just pass-words). Additionally, the passwords are now case-sensitive but the user ID is not. A pass-phrase for users such as "The_D0g_&_Cat_r_FAT" would go undetected even if you have any "THERON's" in the system, but why should it not be allowed? It's a good one!
Users will soon notice that only passwords which are very cryptic can be used, and they will start writing them down on Post-It's.
While that is going on... the "real sinners" who dish out weak or the same initial / reset passwords (like "INIT1234") or administrate the users for whom passwords don't change (like "RFC4PROD") will not have any further "idiot-proof" controls as it is only a warning, which is intentional.
> If the passwords are cycled regularly, adhere to profile values in the instance that encourage strict password rules, and are kept private and secure, it is not a compliance issue to the auditors.
There you have it.
Tell them that. Even if they do use the first 3 bname characters as the first 3 CAPS_ON password characters, they won't be able to do it for long anyway if the password rules are appropriate...
Incase you are not aware of it, please also take a look at (and search here and SAP notes for) infos about instance parameter login/password_compliance_to_current_policy (e.g. SAP Note 862989). With appropriate minimum password rules (not overkilled - because the system must still be able to generate compliant wizard-passwords!), you will catch the bigger risks than any one 'BSM?????'s in there somewhere....
Cheers,
Julius -
Extend WL Authentication Provider Password Validation
Hi folks
I'm looking for any advice on how to extend the OOB password validation that is available and documented here:
http://docs.oracle.com/cd/E12840_01/wls/docs103/secmanage/atn.html#wp1212100
Specifically we'd like to test whether the desired password has been used in the last 8 they've used and also to enforce that it expire after x days. Any pointers would be much appreciated.
Thanks,
Paul1- How can an authentication provider supports password validation providers ?
We decided to make our own authentication provider so I doubt we support it
Yes, your custom authentication provider will not support it.
2- How it is suppose to work ?
Now, when a user change his password (or any of his attributes), we call a stored procedure (DB) which updates the user table ...
The way I see it, the web application should call the password validation provider before (or instead and then the provider will call the stored procedure)
Have u configured the a databse authenticator? Looks like you are modifying the password in the database directly ( using stored procedures) so Password Validator will not come in picture at all. -
I faced some problem while validating a password that will contain minimum 5 characters using regex.
I am using a very simple regex as below:
String REGEX_PATTERN = "(?=.*[a-z|A-Z]{5,}).{8,}";
It says password must contains minimum 5 characters(a-z|A-Z), and password length will be minimum 8 chars.
It is working fine for the string "aasaT124". But fails for the string "aa12sa4T".
Clearly the difference is regex matches only if the characters are sequential.
The String for which validation fails also contains minimum 5 characters but characters are not sequential.
Pls tell me where is the problem in my regex that introduces this problem. I just need to validate simply whether my string contains minimum 5 characters or not independent of any position or sequence.836548 wrote:
masijade wrote:
836548 wrote:
The regex pattern should be like below :
"(?=.*[a-z|0-9|A-Z]{5,}+).{8,}"
it will work.
That does not fulfill the requirements, however.
Yes you are right..
I think this cannot be achieved using regex (not sure) . You can use the javascript function or java method to validate the password.
As I explained in my first response it most definitely can be achieved using a regex. The change to the OP's original regex is almost trivial!
P.S. Why do people think they need to use '|' inside a character class to mean 'or' ? -
BizTalk Schema Email address/Password Validation
Hi,
I want to develop a schema which has the email address and password field.
We have particular format to validate the email address and password format. I am not sure how to check those setting for the schema to validate the incoming file.
Please help me to solve the issue.
Regards, Aboorva Raja R Please remember to mark the replies as answers if they help and unmark them if they provide no help.Hi,
You should use the
Pattern property.
Like for Email you can set Base Data Type property with xs:string, setting the
Data Type property with "Email" and paste "\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" (without the ") into the
Pattern property.
You can have Pattern on similar lines for Password as well.
Refer:
Email address format validation in XSD schemas
Rachit
Please mark as answer or vote as helpful if my reply does -
I did force shutdown on my MacBook Pro (2006 year, 15.4"), so, when I tried to boot, it shows apple logo (as usual) and shuts down. When I booting MacBook with Option key pressed it shows lock icon and field for password. Please help me.
Wait for advice on repairing a damaged filesystem. Forceshutdown stops processs in mid-stream and leaves some parts not-valid.
Do not proceed until you get that avice. -
Custom Attibute with Password Validations
Hi,
Is it possible to trigger the password validations for the custom attribute(who's display type as Password) which is defined in OAM objectclass of User Manager Configuration?
However the custom attribute value passed to LDAP is stored in the form of unencrypted/clear text.
Any inputs will be appreciated?
Thanks,
ABP
Edited by: user11970322 on 14-Jan-2011 10:33Please post ASP.NET questions in the ASP.NET forums (http://forums.asp.net ).
-
I can't update my apps each time it asks for password when entered it goes straight back to update. I don't think I am alone in this. I have tried changing the date, rebooting, switching off and on signing out and nothing works. Does anyone know of a solution or will I have to take it to an apple shop. My misses has no trouble with her updates, they are both on iOS 6. Hope someone can help.
Tried that just said cant connect to iTunes Store which was different.
-
Default option for password in UME
Hi,
Is there a way that when we create new users in UME, that the default option for password management is set to "Disabled Password" in stead of "Define Initial Password".
We are using SPML SOAP message to create the users and if there is no password in the SPML messgae, the user is created, but no logon is possible as the system expects that you should have a password.
We will like to avoid sending in the password as part of user creation process, as these users will have to be created with no password. These users will never do a basis authentication, but are needed for SSO using HTTP header variable..
Thanks,
Vikrant sudIs this a portal or what?
On the ABAP side this is possible, so I would expect the Java APIs to offer the same.
Looking in the PASSWORD structure is the wrong place, try the LOGONDATA (if it is done the same way). If you activate it in the call it should delete the PASSWORD regardless.
Sorry, I have an ABAP mentality... but consistent APIs make it easier (to have to understand less concepts) and SAP increasingly does this.
Cheers,
Julius
Edited by: Julius Bussche on Nov 19, 2009 9:47 PM -
not able to open mail from my mac, gmail repeatedly asking for password. but using same password able to open gmail on safari
okay well they got me to take out some .plist files to see if that would help it didn't. I'm not sure what ones that they deleted for my self maybe someone here would be abel to tell you what ones to take out but didn't work the one that came close to working was this going into keychain and deleting the account(s) then reading them again.
if you are to do this please back up first with Time Machine. You can do this with a usb drive.
Okay so go back to where you had internet accounts and make sure mail is shut. click the - on the account your having problems with then quit system preferences.
Okay so then press cmd and space bar at the same time then type 'keychain access' into the search then click on 'keychain access'
once it is open go to the top of the window and put your email address that you are having problems with.
once you have put in your full email, have a look at what comes up i deleted things in the kind colome with 'internet password' and anything with under name that had smtp.gmail.com or imap.gmail.com so it would look like this, map.gmail.com - internet password.
right click and delete them. make sure not to touch any other files that dont say them things on them.
Once you have done this quit keychain access and then restart the computer, once the computer is restarted go back to system preferences and internet accounts and re-add the account.
Hope this helps. if something is not clear just ask.
Maybe you are looking for
-
First Gen G5 iMac: Shuts Down In Just Seconds
My first generation G5 iMac shuts down within about 30 seconds to several minutes upon boot up. I had it off for about 3 or 4 days days while away, prior to this it worked fine. I purchased it in November of 2004. OS 10.4.8 I have it connected to an
-
Link between PO_Distributions_All and MTL_SECONDARY_INVENTORIES
Hello, Can anyone please provide the join between PO_Distributions_All and MTL_SECONDARY_INVENTORIES Thank you Bob
-
All of my ringtones were deleted when I updated to 5.1. Both purchased ringtones and ones that I created myself have disappeared. How do I recover them?
-
"Could not load Multiprocsessor support module..."
Q: I have a machine running Dual Core, Dual Processor Xeons with Hyperthreading activated, thus showing 8CPU in Task Manager, and when I try to run Photoshop, I receive the following message: "Could not load Multiprocsessor support module because it
-
I am currently evaluating LR and so far I am pretty impressed, I have also pre ordered a copy as its a reduced price so a bit of a deal and will be shipped next Thursday so I need to make my mind up before then. Probably the wrong forum to ask this b