-
Hi all,
We want to build the password function to our application and this is what we try to do:
1. we want the user change their password in 60 days, and 10 days before the 60 days period, the users will get the warnings when they log on the database.
2. the password has to be 8 characters.
Could someone please let me know what option do we have in Oracle so we can built this function???
We don't have Oracle Securities management license in our company.
Thank you all.
-
You could use profiles for this.
Cheers
Angel
-
aarroyob,
Thanks for your reply. Profiles is very limited.
does it give you the warning 10 days before your password expire ??? if it does and then what option??? does it force you to change your password after 60 days ??? Moreover, does profiles will require to have 8 characters for your password???
may be something I am aware in the profile, Below is the example of the profile:
CREATE PROFILE TEST
LIMIT SESSIONS_PER_USER DEFAULT
CPU_PER_SESSION DEFAULT
CPU_PER_CALL DEFAULT
CONNECT_TIME DEFAULT
IDLE_TIME DEFAULT
LOGICAL_READS_PER_SESSION DEFAULT
LOGICAL_READS_PER_CALL DEFAULT
COMPOSITE_LIMIT DEFAULT
PRIVATE_SGA DEFAULT
FAILED_LOGIN_ATTEMPTS DEFAULT
PASSWORD_LIFE_TIME 60
PASSWORD_REUSE_TIME DEFAULT
PASSWORD_REUSE_MAX DEFAULT
PASSWORD_LOCK_TIME DEFAULT
PASSWORD_GRACE_TIME 10
PASSWORD_VERIFY_FUNCTION DEFAULT
/
I didn't see any where for the warnings 10 days before the password expire, I don't see places where Oracle will force users to change their password after 60 days;however we don't want to lock their account. What about the 8 characters???
What is the "PASSWORD_VERIFY_FUNCTION" mean in the profile???
Thanks
-
For your first question the option PASSWORD_GRACE_TIME is the 10 days you want to let the users to change their password after the 60 days.
Your second question. The PASSWORD_VERIFY_FUNCTION is used to verify that new password is not equal or similar to the old one as you define in your function.
Read the note 114930.1 in metalink to know more.
Cheers
Angel
-
u can create a function and set it to the PASSWORD_VERIFY_FUNCTION. So every when the users set their password this function executes.
password expire warning u can set it using the parameter
PASSWORD_GRACE_TIME .Set this parameter in number of days.
correct me if I am wrong.
-
does any body have the function which requires 8 characters for the users' password????
I just read in Oracle Docs and it refer me to $ORACLE_HOME\rdbms\admin\utlpwdmg.sql
this function has to run as SYS and it will create the VERIFY_FUNCTION. when I read this function, it's only require that if the password lessthan 4 character and then raise the error. the question is if I want the password to be 8 character, can I modify this funtion and change it to be 8??? Or I have to create the new function????
If I create the new function, do I have to run the new function as SYS??? or any run the fumction as any users????
Thanks
[Edited by ashley75 on 08-08-2002 at 10:34 AM]
-
I think I have just what you are looking for; follow the steps and your done:
--SETUP PROFILE:
create profile USER_DEFAULT_PROFILE
limit
PASSWORD_REUSE_MAX 3 -- must change password 3 times, before reusing it
PASSWORD_REUSE_TIME UNLIMITED
password_life_time 60 -- (5 mins=5/1440; make it 60 for all users)
password_grace_time 10; -- (10 mins=10/1440; make it 10 days for all users)
CREATE OR REPLACE FUNCTION SYS.PASSWD_VERIFY
(username varchar2,
password varchar2,
old_password varchar2)
RETURN boolean IS
BEGIN
--Check if the password is same as the username
IF password = username THEN
raise_application_error(-20001, 'Password same as user');
END IF;
--Check for the minimum length of the password
IF length(password) < 8 THEN
raise_application_error(-20002, 'Password length less than 8');
END IF;
--Check if the password is too simple. A dictionary of words may be
--maintained and a check may be made so as not to allow the words
--that are too simple for the password.
IF NLS_LOWER(password) IN ('xxx', 'welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN raise_application_error(-20002, 'Password too simple');
END IF;
RETURN(TRUE);
END;
alter profile USER_DEFAULT_PROFILE LIMIT PASSWORD_VERIFY_FUNCTION PASSWD_VERIFY;
alter user scott profile USER_DEFAULT_PROFILE;
select * from dba_profiles where profile = 'USER_DEFAULT_PROFILE';
-
-
Khussain,
Thanks for your help,
I have another quick question.
How can ORacle pop the warning message that their password will be expire in 10 days prior to the day the password expire????
I don't think Oracle will alert the user, so how do we build this on the application side.
Thanks
-
sorry another question regarding to this issue again. The question is even we had the password_grace_time set, how do we build the function when the users log in and they will get the warnings message instead of Oracle errors b/c it will freak them out if they see oracle errors. Another thing we need to build is let say the password_life_time is 60 and password_grace_time=10, can we do something let say on the 55th days,the user will get the warnings to change their password.
coudl soneone help me with the function
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|