Home » RDBMS Server » Security » Password Policy
Password Policy [message #149416] Thu, 01 December 2005 11:53 Go to next message
mparmete
Messages: 3
Registered: December 2005
Junior Member
We have a password policy set up that requires users to have a certainnumber of different characters in their password. What i woud like to know is: is there any way to edit the message the user gets when the password as expired or create a message that is displayed when the password expires letting them know how their password has to be structured.
Re: Password Policy [message #149417 is a reply to message #149416] Thu, 01 December 2005 11:58 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Something like this?

http://www.orafaq.com/forum/t/20819/0/
Re: Password Policy [message #149418 is a reply to message #149417] Thu, 01 December 2005 12:02 Go to previous messageGo to next message
mparmete
Messages: 3
Registered: December 2005
Junior Member
That is basicly how we have it set up and the passwords do expire and the users are prompted to change their passwords, the problem comes in that they never remember what the password policy is and can not create a valid password then we get work orders to change their passwords. What we are looking for is something that will tell them the policy when they are forced to change the password.
Re: Password Policy [message #149421 is a reply to message #149418] Thu, 01 December 2005 12:36 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Excuse my ignorance.
I still do not understand your issue.
All you need is a decreeing userfriendly message, that states your policy.
Right?

sys@9i > @restrict_password

Function created.


Profile dropped.


Profile created.


User dropped.


User created.


User altered.


Grant succeeded.

sys@9i > connect sample/sample
Connected.
sys@9i > password
Changing password for SAMPLE
Old password:
New password:
Retype new password:
ERROR:
ORA-28003: password verification for the specified password failed
ORA-20001: password policy: Password should be greater than 4 characters


Password unchanged
sys@9i > get restrict_password
  1  CREATE OR REPLACE FUNCTION check_new_password  (username VARCHAR2,
  2                                             password VARCHAR2,
  3                                             old_password VARCHAR2) RETURN boolean IS
  4  BEGIN
  5  if length(password) < 4  then
  6     raise_application_error(-20001, 'password policy: Password should be greater than 4 characters') ;
  7  END if;
  8  end;
  9  /
 10  drop profile restrict_user cascade;
 11  CREATE  PROFILE restrict_user  LIMIT PASSWORD_VERIFY_FUNCTION check_new_password;
 12  drop user sample;
 13  create user sample identified by sample;
 14  alter user sample profile restrict_user;
 15* grant connect to sample;
Re: Password Policy [message #149422 is a reply to message #149421] Thu, 01 December 2005 12:44 Go to previous message
mparmete
Messages: 3
Registered: December 2005
Junior Member
yes that is all I need....

Changing password for SAMPLE
Old password:
New password:
Retype new password:


is what pops up like it should, but I would like some way to tell them what it must contain to be a valid password.
Previous Topic: ORA-01017: invalid username/password; logon denied
Next Topic: 10g - FGA (Fine Grained Auditing) question
Goto Forum:
  


Current Time: Thu Mar 28 17:00:06 CDT 2024