PASSWORD MANAGEMENT AND CHANGING IN THE DATABASE
DBAsupport.com Forums - Powered by vBulletin
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: PASSWORD MANAGEMENT AND CHANGING IN THE DATABASE

  1. #1
    Join Date
    Jan 2002
    Posts
    474
    Hi all,

    We want to build the password function to our application and this is what we try to do:

    1. we want the user change their password in 60 days, and 10 days before the 60 days period, the users will get the warnings when they log on the database.
    2. the password has to be 8 characters.

    Could someone please let me know what option do we have in Oracle so we can built this function???

    We don't have Oracle Securities management license in our company.

    Thank you all.


  2. #2
    Join Date
    Oct 2001
    Location
    Madrid, Spain
    Posts
    763
    You could use profiles for this.

    Cheers

    Angel

  3. #3
    Join Date
    Jan 2002
    Posts
    474
    aarroyob,

    Thanks for your reply. Profiles is very limited.

    does it give you the warning 10 days before your password expire ??? if it does and then what option??? does it force you to change your password after 60 days ??? Moreover, does profiles will require to have 8 characters for your password???

    may be something I am aware in the profile, Below is the example of the profile:

    CREATE PROFILE TEST
    LIMIT SESSIONS_PER_USER DEFAULT
    CPU_PER_SESSION DEFAULT
    CPU_PER_CALL DEFAULT
    CONNECT_TIME DEFAULT
    IDLE_TIME DEFAULT
    LOGICAL_READS_PER_SESSION DEFAULT
    LOGICAL_READS_PER_CALL DEFAULT
    COMPOSITE_LIMIT DEFAULT
    PRIVATE_SGA DEFAULT
    FAILED_LOGIN_ATTEMPTS DEFAULT
    PASSWORD_LIFE_TIME 60
    PASSWORD_REUSE_TIME DEFAULT
    PASSWORD_REUSE_MAX DEFAULT
    PASSWORD_LOCK_TIME DEFAULT
    PASSWORD_GRACE_TIME 10
    PASSWORD_VERIFY_FUNCTION DEFAULT
    /

    I didn't see any where for the warnings 10 days before the password expire, I don't see places where Oracle will force users to change their password after 60 days;however we don't want to lock their account. What about the 8 characters???

    What is the "PASSWORD_VERIFY_FUNCTION" mean in the profile???

    Thanks



  4. #4
    Join Date
    Oct 2001
    Location
    Madrid, Spain
    Posts
    763
    For your first question the option PASSWORD_GRACE_TIME is the 10 days you want to let the users to change their password after the 60 days.

    Your second question. The PASSWORD_VERIFY_FUNCTION is used to verify that new password is not equal or similar to the old one as you define in your function.

    Read the note 114930.1 in metalink to know more.

    Cheers

    Angel

  5. #5
    Join Date
    Aug 2002
    Location
    Bangalore
    Posts
    52
    u can create a function and set it to the PASSWORD_VERIFY_FUNCTION. So every when the users set their password this function executes.


    password expire warning u can set it using the parameter
    PASSWORD_GRACE_TIME .Set this parameter in number of days.


    correct me if I am wrong.

  6. #6
    Join Date
    Jan 2002
    Posts
    474
    does any body have the function which requires 8 characters for the users' password????

    I just read in Oracle Docs and it refer me to $ORACLE_HOME\rdbms\admin\utlpwdmg.sql

    this function has to run as SYS and it will create the VERIFY_FUNCTION. when I read this function, it's only require that if the password lessthan 4 character and then raise the error. the question is if I want the password to be 8 character, can I modify this funtion and change it to be 8??? Or I have to create the new function????
    If I create the new function, do I have to run the new function as SYS??? or any run the fumction as any users????


    Thanks


    [Edited by ashley75 on 08-08-2002 at 10:34 AM]

  7. #7
    Join Date
    Sep 2000
    Location
    Chicago, IL
    Posts
    316
    I think I have just what you are looking for; follow the steps and your done:

    --SETUP PROFILE:
    create profile USER_DEFAULT_PROFILE
    limit
    PASSWORD_REUSE_MAX 3 -- must change password 3 times, before reusing it
    PASSWORD_REUSE_TIME UNLIMITED
    password_life_time 60 -- (5 mins=5/1440; make it 60 for all users)
    password_grace_time 10; -- (10 mins=10/1440; make it 10 days for all users)

    CREATE OR REPLACE FUNCTION SYS.PASSWD_VERIFY
    (username varchar2,
    password varchar2,
    old_password varchar2)
    RETURN boolean IS
    BEGIN
    --Check if the password is same as the username
    IF password = username THEN
    raise_application_error(-20001, 'Password same as user');
    END IF;
    --Check for the minimum length of the password
    IF length(password) < 8 THEN
    raise_application_error(-20002, 'Password length less than 8');
    END IF;
    --Check if the password is too simple. A dictionary of words may be
    --maintained and a check may be made so as not to allow the words
    --that are too simple for the password.
    IF NLS_LOWER(password) IN ('xxx', 'welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd') THEN raise_application_error(-20002, 'Password too simple');
    END IF;
    RETURN(TRUE);
    END;

    alter profile USER_DEFAULT_PROFILE LIMIT PASSWORD_VERIFY_FUNCTION PASSWD_VERIFY;

    alter user scott profile USER_DEFAULT_PROFILE;

    select * from dba_profiles where profile = 'USER_DEFAULT_PROFILE';

  8. #8
    Join Date
    Jan 2002
    Posts
    474
    Thanks Khussain

  9. #9
    Join Date
    Jan 2002
    Posts
    474
    Khussain,

    Thanks for your help,

    I have another quick question.

    How can ORacle pop the warning message that their password will be expire in 10 days prior to the day the password expire????

    I don't think Oracle will alert the user, so how do we build this on the application side.

    Thanks

  10. #10
    Join Date
    Jan 2002
    Posts
    474
    sorry another question regarding to this issue again. The question is even we had the password_grace_time set, how do we build the function when the users log in and they will get the warnings message instead of Oracle errors b/c it will freak them out if they see oracle errors. Another thing we need to build is let say the password_life_time is 60 and password_grace_time=10, can we do something let say on the 55th days,the user will get the warnings to change their password.

    coudl soneone help me with the function

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width