FAQ
I have set up a profile where the passwords expire in 30 days, 6 characters
minimum, grace period before the account locks to 6 days. It works as
expected when the user logs in to our web site and tries to change the
password. Users receive error messages whenever their password doesn't
comply with the rules we have set up in the profile. We use the
verify_function.

The only problem I have is that when the users go to our web site they are
presented with a login screen. If their account is locked or expired, or
it is within the grace period before the account expires they don't receive
a message to that account. If the account is expired the login screen
resets and prompts for user id and password over and over.

I have opened a TAR wit Oracle support, but they don't have an answer to
that effect. They say it is an application issue. I've researched
everywhere I could think of and everything I have found is the same, use
profiles and the verify_function function. I've also read the
documentation regarding password management, but I couldn't find anything
of help.

Our database is 8.1.7.2, and we're in Unix 5.8. We're using 9iAS release
1. We have created a DAD to connect to the database. When users click on
our link then they see the login screen, just the same way as Metalink's.
Only if they sign on successfully and try to change the password the
profile works as a charm.

I guess we need something that checks for the password status once the user
enters id and password in the login screen.

I'd appreciate any help in finding documents or web sites I can visit to
find a solution to this problem. We'd like to enforce our password
policies as soon as possible, but upper management doesn't want me to do it
until we can display the information regarding password status. Users may
be at a loss if they just see the login screen resetting without knowing
why, and our Help Desk would be inundated with calls.

Thanks again for any suggestions!

Ana E. Choto
Systems Programmer
American University
e-Operations - Information Technology
Phone (202) 885-2275
Fax (202) 885-2224

--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Ana Choto
INET: achoto_at_american.edu

Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).

Search Discussions

  • Mladen Gogala at Jan 20, 2004 at 8:24 pm

    On 01/20/2004 02:34:45 PM, Ana Choto wrote:




    I have set up a profile where the passwords expire in 30 days, 6
    characters
    minimum, grace period before the account locks to 6 days. It works
    as
    expected when the user logs in to our web site and tries to change
    the
    password. Users receive error messages whenever their password
    doesn't
    comply with the rules we have set up in the profile. We use the
    verify_function.

    The only problem I have is that when the users go to our web site
    they
    are
    presented with a login screen. If their account is locked or
    expired,
    or
    it is within the grace period before the account expires they don't
    receive
    a message to that account. If the account is expired the login
    screen
    resets and prompts for user id and password over and over.

    I have opened a TAR wit Oracle support, but they don't have an answer
    to
    that effect. They say it is an application issue. I've researched
    everywhere I could think of and everything I have found is the same,
    use
    profiles and the verify_function function. I've also read the
    documentation regarding password management, but I couldn't find
    anything
    of help.

    Our database is 8.1.7.2, and we're in Unix 5.8. We're using 9iAS
    release
    1. We have created a DAD to connect to the database. When users
    click on
    our link then they see the login screen, just the same way as
    Metalink's.
    Only if they sign on successfully and try to change the password the
    profile works as a charm.

    I guess we need something that checks for the password status once
    the
    user
    enters id and password in the login screen.

    I'd appreciate any help in finding documents or web sites I can visit
    to
    find a solution to this problem. We'd like to enforce our password
    policies as soon as possible, but upper management doesn't want me to
    do it
    until we can display the information regarding password status.
    Users
    may
    be at a loss if they just see the login screen resetting without
    knowing
    why, and our Help Desk would be inundated with calls.
    So, let me make things straight: the problem is happening only
    when they attempt to access the database through the web?
    What authorization mechanism are you using on the web? JSP? ASP?
    CGI? EJB? The part that performs user authentication should be
    cabable of detecting the error, just like SQL*Plus is. Oracle
    support is probably right.

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Mladen Gogala
    INET: mladen_at_wangtrading.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
  • Ana Choto at Jan 20, 2004 at 8:49 pm
    We're using pl/sql gateway and the Apache server. We've set up a default
    DAD on the gateway configuration screen, the connect string is our server
    name. Basic authentication, Package/Session Management Type:
    Stateless(Reset Package State).

    I've tried the profile by setting up a test user and expiring the account.
    If I go to sqlplus and log in with the expired user account sqlplus prompts
    me for a new password. I don't have a problem with that, but you know how
    users are, they wouldn't figure out why. And management wants users to
    receive a message telling them why they have to change their passwords
    without going through the Help Desk.

    My guess is that a pl/sql package has to be written so users get their
    password check at login time and receive messages such as the number of
    days they have before the password expires, or that the password is
    actually expired.

    Thanks

    Ana E. Choto
    Systems Programmer
    American University
    e-Operations - Information Technology
    Phone (202) 885-2275
    Fax (202) 885-2224

    Mladen Gogala
    To
    Sent by: Multiple recipients of list
    ml-errors_at_fatcity ORACLE-L
    .com cc

    Subject
    01/20/2004 03:24 Re: Password management using
    PM profiles

    Please respond to
    ORACLE-L_at_fatcity.
    com
    On 01/20/2004 02:34:45 PM, Ana Choto wrote:




    I have set up a profile where the passwords expire in 30 days, 6
    characters
    minimum, grace period before the account locks to 6 days. It works
    as
    expected when the user logs in to our web site and tries to change
    the
    password. Users receive error messages whenever their password
    doesn't
    comply with the rules we have set up in the profile. We use the
    verify_function.

    The only problem I have is that when the users go to our web site
    they
    are
    presented with a login screen. If their account is locked or
    expired,
    or
    it is within the grace period before the account expires they don't
    receive
    a message to that account. If the account is expired the login
    screen
    resets and prompts for user id and password over and over.

    I have opened a TAR wit Oracle support, but they don't have an answer
    to
    that effect. They say it is an application issue. I've researched
    everywhere I could think of and everything I have found is the same,
    use
    profiles and the verify_function function. I've also read the
    documentation regarding password management, but I couldn't find
    anything
    of help.

    Our database is 8.1.7.2, and we're in Unix 5.8. We're using 9iAS
    release
    1. We have created a DAD to connect to the database. When users
    click on
    our link then they see the login screen, just the same way as
    Metalink's.
    Only if they sign on successfully and try to change the password the
    profile works as a charm.

    I guess we need something that checks for the password status once
    the
    user
    enters id and password in the login screen.

    I'd appreciate any help in finding documents or web sites I can visit
    to
    find a solution to this problem. We'd like to enforce our password
    policies as soon as possible, but upper management doesn't want me to
    do it
    until we can display the information regarding password status.
    Users
    may
    be at a loss if they just see the login screen resetting without
    knowing
    why, and our Help Desk would be inundated with calls.
    So, let me make things straight: the problem is happening only
    when they attempt to access the database through the web?
    What authorization mechanism are you using on the web? JSP? ASP?
    CGI? EJB? The part that performs user authentication should be
    cabable of detecting the error, just like SQL*Plus is. Oracle
    support is probably right.

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Mladen Gogala
    INET: mladen_at_wangtrading.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Ana Choto
    INET: achoto_at_american.edu

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
  • Reginald.W.Bailey_at_jpmorgan.com at Jan 20, 2004 at 10:59 pm
    You have to check for errors in the ORA-28000 range, for this is the range
    that password problems will use. Add a check in your connection section
    that will propagate any exception encountered. You can also trap the Oracle
    errors for password expiration or locked account and display a more
    understandable message instead. This is the way I did it. Also, create a
    function or procedure that checks the EXPIRY_DATE and ACCOUNT_STATUS in the
    all_users or dba_users table to determine when the password will expire or
    if it has already. The function/procedure then can raise an exception if
    the account is within the grace period or locked.

    RWB

    Reginald W. Bailey
    IBM Global Services
    JPMC Account - DCI ETS Database Management
    Your Friendly Neighborhood DBA
    713-216-7703 (Office) 281-798-5474 (Mobile)
    reginald.w.bailey_at_jpmorgan.com
    baileyre_at_us.ibm.com

    achoto_at_america
    n.edu To: ORACLE-L_at_fatcity.com
    Sent by: cc:
    ml-errors_at_fatc Subject: Re: Password management using profiles
    ity.com

    01/20/2004
    02:49 PM
    Please respond
    to ORACLE-L

    We're using pl/sql gateway and the Apache server. We've set up a default
    DAD on the gateway configuration screen, the connect string is our server
    name. Basic authentication, Package/Session Management Type:
    Stateless(Reset Package State).

    I've tried the profile by setting up a test user and expiring the account.
    If I go to sqlplus and log in with the expired user account sqlplus prompts
    me for a new password. I don't have a problem with that, but you know how
    users are, they wouldn't figure out why. And management wants users to
    receive a message telling them why they have to change their passwords
    without going through the Help Desk.

    My guess is that a pl/sql package has to be written so users get their
    password check at login time and receive messages such as the number of
    days they have before the password expires, or that the password is
    actually expired.

    Thanks

    Ana E. Choto
    Systems Programmer
    American University
    e-Operations - Information Technology
    Phone (202) 885-2275
    Fax (202) 885-2224

    Mladen Gogala
    To
    Sent by: Multiple recipients of list
    ml-errors_at_fatcity ORACLE-L
    .com cc

    Subject
    01/20/2004 03:24 Re: Password management using
    PM profiles

    Please respond to
    ORACLE-L_at_fatcity.
    com
    On 01/20/2004 02:34:45 PM, Ana Choto wrote:




    I have set up a profile where the passwords expire in 30 days, 6
    characters
    minimum, grace period before the account locks to 6 days. It works
    as
    expected when the user logs in to our web site and tries to change
    the
    password. Users receive error messages whenever their password
    doesn't
    comply with the rules we have set up in the profile. We use the
    verify_function.

    The only problem I have is that when the users go to our web site
    they
    are
    presented with a login screen. If their account is locked or
    expired,
    or
    it is within the grace period before the account expires they don't
    receive
    a message to that account. If the account is expired the login
    screen
    resets and prompts for user id and password over and over.

    I have opened a TAR wit Oracle support, but they don't have an answer
    to
    that effect. They say it is an application issue. I've researched
    everywhere I could think of and everything I have found is the same,
    use
    profiles and the verify_function function. I've also read the
    documentation regarding password management, but I couldn't find
    anything
    of help.

    Our database is 8.1.7.2, and we're in Unix 5.8. We're using 9iAS
    release
    1. We have created a DAD to connect to the database. When users
    click on
    our link then they see the login screen, just the same way as
    Metalink's.
    Only if they sign on successfully and try to change the password the
    profile works as a charm.

    I guess we need something that checks for the password status once
    the
    user
    enters id and password in the login screen.

    I'd appreciate any help in finding documents or web sites I can visit
    to
    find a solution to this problem. We'd like to enforce our password
    policies as soon as possible, but upper management doesn't want me to
    do it
    until we can display the information regarding password status.
    Users
    may
    be at a loss if they just see the login screen resetting without
    knowing
    why, and our Help Desk would be inundated with calls.
    So, let me make things straight: the problem is happening only
    when they attempt to access the database through the web?
    What authorization mechanism are you using on the web? JSP? ASP?
    CGI? EJB? The part that performs user authentication should be
    cabable of detecting the error, just like SQL*Plus is. Oracle
    support is probably right.

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Mladen Gogala
    INET: mladen_at_wangtrading.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Ana Choto
    INET: achoto_at_american.edu

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author:
    INET: Reginald.W.Bailey_at_jpmorgan.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
  • Spears, Brian at Jan 21, 2004 at 7:54 pm
    Yup..we just added the functionalty to the verify_password
    function....wala.

    Brian S.

    -----Original Message-----
    Reginald.W.Bailey_at_jpmorgan.com
    Sent: Tuesday, January 20, 2004 5:59 PM
    To: Multiple recipients of list ORACLE-L

    You have to check for errors in the ORA-28000 range, for this is the
    range that password problems will use. Add a check in your connection
    section that will propagate any exception encountered. You can also trap
    the Oracle errors for password expiration or locked account and display
    a more understandable message instead. This is the way I did it. Also,
    create a function or procedure that checks the EXPIRY_DATE and
    ACCOUNT_STATUS in the all_users or dba_users table to determine when the
    password will expire or if it has already. The function/procedure then
    can raise an exception if the account is within the grace period or
    locked.

    RWB

    Reginald W. Bailey
    IBM Global Services
    JPMC Account - DCI ETS Database Management
    Your Friendly Neighborhood DBA
    713-216-7703 (Office) 281-798-5474 (Mobile)
    reginald.w.bailey_at_jpmorgan.com baileyre_at_us.ibm.com



    achoto_at_america

    n.edu To: ORACLE-L_at_fatcity.com

    Sent by: cc:

    ml-errors_at_fatc Subject: Re: Password
    management using profiles
    ity.com

    01/20/2004

    02:49 PM

    Please respond

    to ORACLE-L

    We're using pl/sql gateway and the Apache server. We've set up a
    default DAD on the gateway configuration screen, the connect string is
    our server name. Basic authentication, Package/Session Management Type:
    Stateless(Reset Package State).

    I've tried the profile by setting up a test user and expiring the
    account. If I go to sqlplus and log in with the expired user account
    sqlplus prompts me for a new password. I don't have a problem with
    that, but you know how users are, they wouldn't figure out why. And
    management wants users to receive a message telling them why they have
    to change their passwords without going through the Help Desk.

    My guess is that a pl/sql package has to be written so users get their
    password check at login time and receive messages such as the number of
    days they have before the password expires, or that the password is
    actually expired.

    Thanks

    Ana E. Choto
    Systems Programmer
    American University
    e-Operations - Information Technology
    Phone (202) 885-2275
    Fax (202) 885-2224

    Mladen Gogala

    To
    Sent by: Multiple recipients of list
    ml-errors_at_fatcity ORACLE-L
    .com

    cc



    Subject

    01/20/2004 03:24 Re: Password management using
    PM profiles

    Please respond to
    ORACLE-L_at_fatcity.
    com
    On 01/20/2004 02:34:45 PM, Ana Choto wrote:




    I have set up a profile where the passwords expire in 30 days, 6
    characters minimum, grace period before the account locks to 6 days.
    It works as
    expected when the user logs in to our web site and tries to change
    the
    password. Users receive error messages whenever their password
    doesn't
    comply with the rules we have set up in the profile. We use the
    verify_function.

    The only problem I have is that when the users go to our web site they
    are
    presented with a login screen. If their account is locked or
    expired,
    or
    it is within the grace period before the account expires they don't
    receive
    a message to that account. If the account is expired the login
    screen
    resets and prompts for user id and password over and over.

    I have opened a TAR wit Oracle support, but they don't have an answer
    to that effect. They say it is an application issue. I've researched
    everywhere I could think of and everything I have found is the same,
    use
    profiles and the verify_function function. I've also read the
    documentation regarding password management, but I couldn't find
    anything
    of help.

    Our database is 8.1.7.2, and we're in Unix 5.8. We're using 9iAS
    release 1. We have created a DAD to connect to the database. When
    users click on
    our link then they see the login screen, just the same way as
    Metalink's.
    Only if they sign on successfully and try to change the password the
    profile works as a charm.

    I guess we need something that checks for the password status once the
    user
    enters id and password in the login screen.

    I'd appreciate any help in finding documents or web sites I can visit
    to find a solution to this problem. We'd like to enforce our password
    policies as soon as possible, but upper management doesn't want me to
    do it
    until we can display the information regarding password status.
    Users
    may
    be at a loss if they just see the login screen resetting without
    knowing
    why, and our Help Desk would be inundated with calls.
    So, let me make things straight: the problem is happening only
    when they attempt to access the database through the web?
    What authorization mechanism are you using on the web? JSP? ASP?
    CGI? EJB? The part that performs user authentication should be
    cabable of detecting the error, just like SQL*Plus is. Oracle
    support is probably right.

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Mladen Gogala
    INET: mladen_at_wangtrading.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Ana Choto
    INET: achoto_at_american.edu

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author:
    INET: Reginald.W.Bailey_at_jpmorgan.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Spears, Brian
    INET: BSpears_at_Limitedbrands.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
  • Mladen Gogala at Jan 21, 2004 at 8:59 pm

    On 01/21/2004 02:54:25 PM, "Spears, Brian" wrote:
    Yup..we just added the functionalty to the verify_password
    function....wala.

    Brian S.
    Brian, are you related to the young lady named Britney and whose
    marriage was shorter then the average transaction on my database?
    She happens to have the same last name as you.

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Mladen Gogala
    INET: mladen_at_wangtrading.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
  • Ana Choto at Jan 21, 2004 at 9:04 pm
    Thanks for your reponses. We're working on make these changes now.

    Ana E. Choto
    American University
    e-Operations - Information Technology
    Phone (202) 885-2275
    Fax (202) 885-2224

    "Spears, Brian"
    To
    Sent by: Multiple recipients of list
    ml-errors_at_fatcity ORACLE-L
    .com cc

    Subject
    01/21/2004 02:54 RE: Password management using
    PM profiles

    Please respond to
    ORACLE-L_at_fatcity.
    com

    Yup..we just added the functionalty to the verify_password
    function....wala.

    Brian S.

    -----Original Message-----
    Reginald.W.Bailey_at_jpmorgan.com
    Sent: Tuesday, January 20, 2004 5:59 PM
    To: Multiple recipients of list ORACLE-L

    You have to check for errors in the ORA-28000 range, for this is the
    range that password problems will use. Add a check in your connection
    section that will propagate any exception encountered. You can also trap
    the Oracle errors for password expiration or locked account and display
    a more understandable message instead. This is the way I did it. Also,
    create a function or procedure that checks the EXPIRY_DATE and
    ACCOUNT_STATUS in the all_users or dba_users table to determine when the
    password will expire or if it has already. The function/procedure then
    can raise an exception if the account is within the grace period or
    locked.

    RWB

    Reginald W. Bailey
    IBM Global Services
    JPMC Account - DCI ETS Database Management
    Your Friendly Neighborhood DBA
    713-216-7703 (Office) 281-798-5474 (Mobile)
    reginald.w.bailey_at_jpmorgan.com baileyre_at_us.ibm.com

    achoto_at_america

    n.edu To: ORACLE-L_at_fatcity.com

    Sent by: cc:

    ml-errors_at_fatc Subject: Re: Password
    management using profiles
    ity.com

    01/20/2004

    02:49 PM

    Please respond

    to ORACLE-L

    We're using pl/sql gateway and the Apache server. We've set up a
    default DAD on the gateway configuration screen, the connect string is
    our server name. Basic authentication, Package/Session Management Type:
    Stateless(Reset Package State).

    I've tried the profile by setting up a test user and expiring the
    account. If I go to sqlplus and log in with the expired user account
    sqlplus prompts me for a new password. I don't have a problem with
    that, but you know how users are, they wouldn't figure out why. And
    management wants users to receive a message telling them why they have
    to change their passwords without going through the Help Desk.

    My guess is that a pl/sql package has to be written so users get their
    password check at login time and receive messages such as the number of
    days they have before the password expires, or that the password is
    actually expired.

    Thanks

    Ana E. Choto
    Systems Programmer
    American University
    e-Operations - Information Technology
    Phone (202) 885-2275
    Fax (202) 885-2224

    Mladen Gogala

    To
    Sent by: Multiple recipients of list
    ml-errors_at_fatcity ORACLE-L
    .com

    cc

    Subject

    01/20/2004 03:24 Re: Password management using
    PM profiles

    Please respond to
    ORACLE-L_at_fatcity.
    com
    On 01/20/2004 02:34:45 PM, Ana Choto wrote:




    I have set up a profile where the passwords expire in 30 days, 6
    characters minimum, grace period before the account locks to 6 days.
    It works as
    expected when the user logs in to our web site and tries to change
    the
    password. Users receive error messages whenever their password
    doesn't
    comply with the rules we have set up in the profile. We use the
    verify_function.

    The only problem I have is that when the users go to our web site they
    are
    presented with a login screen. If their account is locked or
    expired,
    or
    it is within the grace period before the account expires they don't
    receive
    a message to that account. If the account is expired the login
    screen
    resets and prompts for user id and password over and over.

    I have opened a TAR wit Oracle support, but they don't have an answer
    to that effect. They say it is an application issue. I've researched
    everywhere I could think of and everything I have found is the same,
    use
    profiles and the verify_function function. I've also read the
    documentation regarding password management, but I couldn't find
    anything
    of help.

    Our database is 8.1.7.2, and we're in Unix 5.8. We're using 9iAS
    release 1. We have created a DAD to connect to the database. When
    users click on
    our link then they see the login screen, just the same way as
    Metalink's.
    Only if they sign on successfully and try to change the password the
    profile works as a charm.

    I guess we need something that checks for the password status once the
    user
    enters id and password in the login screen.

    I'd appreciate any help in finding documents or web sites I can visit
    to find a solution to this problem. We'd like to enforce our password
    policies as soon as possible, but upper management doesn't want me to
    do it
    until we can display the information regarding password status.
    Users
    may
    be at a loss if they just see the login screen resetting without
    knowing
    why, and our Help Desk would be inundated with calls.
    So, let me make things straight: the problem is happening only
    when they attempt to access the database through the web?
    What authorization mechanism are you using on the web? JSP? ASP?
    CGI? EJB? The part that performs user authentication should be
    cabable of detecting the error, just like SQL*Plus is. Oracle
    support is probably right.

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Mladen Gogala
    INET: mladen_at_wangtrading.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Ana Choto
    INET: achoto_at_american.edu

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author:
    INET: Reginald.W.Bailey_at_jpmorgan.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Spears, Brian
    INET: BSpears_at_Limitedbrands.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.net
    --
    Author: Ana Choto
    INET: achoto_at_american.edu

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedJan 20, '04 at 7:34p
activeJan 21, '04 at 9:04p
posts7
users4
websiteoracle.com

People

Translate

site design / logo © 2022 Grokbase