Oracle Password expiry - urgent

[engineer2100]

We are designing login window which would allow user to login to our application. We have attached profile which would expire user password in 80 days with 10 days grace period.

Now, when password expires Oracle throws "ORA - 28001 : The Password expired....."

In SQLPlus user is forced to change password.

On login screen when we handle this exception, how do we force user to change password as user has still not connected to the database

or connection is made and then exception ORA - 28001 is thrown and that forces user to change password??

 

[uadmin]

Hi,

The error message means that your passwd has expired so simply login as followed.

1. sqlplus /nolog
2. connect sys as sysdba -- Enter sysdba passwd
3. alter user <user> identified by <password>;

Regards,
Simon

Simon Peter Wickham
Email: s.wickham@zoom.co.uk

 

[SantaMufasa]

Simon,

Unless I am mistaken, "Engineer" understands how to deal with this issue at the SQL*Plus level...her/his problem is how to deal with expiry errors if the user has no SQL*Plus access, only application access, and receives this error and the application is not connected to Oracle and thus is not in a position to change the expired password to a new value.

It's a very fascinating issue for which I am not aware of the answer. Any others out there with a clever solution?

Mufasa
(aka Dave of Sandy, Utah, USA)
[

http://www.dasages.com:

Providing low-cost remote Database Admin services]
Click here to join Utah Oracle Users Group on Tek-Tips if you use Oracle in Utah USA.

 

[dbomrrsm]

Great question - love to see the solution

[blue]DBomrrsm[/blue]

[blue]Software code, like laws and sausages, should never be examined in production[/blue][black] - [/black][purple]Edward Tenner[/purple]

 

[Thargy]

Gents,

I have a custom solution, so it may not be of any benefit to engineer.

My system has an open account, to which the application logs in, e.g. user name/ password = gainaccess/gainaccess.
The 'gainaccess' account can do nothing other than call an authentication routine, which validates the user's password etc. Behind the scenes, the application always logs in as 'gainaccess', and then feeds the password entered by the user into the authentication routine.

The authentication performs various checks, e.g. Oracle account exists, account is not locked, account is not expired etc. and returns English language text messages to the user, advising of any problems. If the password has expired, the user is advised to contact their system administrator for assistance.

I've posted some of this code previously, so have a squint for it. The bottom line is that you either allow users to un-expire their own accounts, or you don't. If the latter is required, your problem is not a problem at all, but a legitimate task for a suitably authorised administrator and/or DBA.

If you are required to provide un-expire capability from a custom application, then you have no choice but give that application access to an account with the relevant permissions, so that it does the un-expiring. To do that, you must have connected to the database.

Having just written a security/authentication suite, I'm a bit of a security geek, so please feel free to pose further questions if this doesn't help.

Regards

Tharg

Grinding away at things Oracular