Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Password verification function

RE: Password verification function

From: Schauss, Peter <peter.schauss_at_ngc.com>
Date: Wed, 10 May 2006 15:51:29 -0400
Message-ID: <6591F529444E9748A546718B3D1A67010495FC9A@xcgv2605.northgrum.com> 





Jared,
 


Metalink was very helpfull.   It said that the new password did not pass
the verification function.
 


Peter Schauss






From: Jared Still [mailto:jkstill_at_gmail.com] 
Sent: Wednesday, May 10, 2006 3:39 PM


To: Schauss, Peter


Cc: oracle-l_at_freelists.org


Subject: Re: Password verification function




I just tried your code on an 8.1.7.4 database.



Changing password via the 'password' command works fine,
however using 'alter user USERNAME identified by PASSWORD'
did not work, raising an ORA-28003. 



Perhaps a perusal of MetaLink is in order?



Jared





On 5/10/06, oracle-l-bounce_at_freelists.org
<oracle-l-bounce_at_freelists.org> wrote: 



        One further data point.  I took the Oracle-supplied code and
stripped


        out everything except the part which checks that the password is
not the


        same as the userid.  If I log in as a regular user, and try to
change


        the password I get ORA-28003 regardless of what I enter.  If I
connect


        as  system and try to change the password to equal the username,
I get

	ORA-28003 followed by the expected error code and message from
	raise_application_error. 
	
	Is this a privilege problem that I am dealing with?
	
	Here is my code:
	
	


------------------------------------------------------------------------

	------------
	create or replace function dummy_pw_verify 
	(username varchar2,
	        password varchar2,
	        old_password varchar2)
	        return boolean is
	BEGIN
	        if nls_lower(password) = nls_lower(username) then
	            raise_application_error(-20001, 'Password same as 
	username');
	        end if;
	        return(true);
	end;
	
	


------------------------------------------------------------------------

	-------------
	
	Thanks,
	Peter Schauss
	
	
	
	-----Original Message----- 
	From: oracle-l-bounce_at_freelists.org
	[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Schauss,
Peter
	Sent: Wednesday, May 10, 2006 2:24 PM 
	To: oracle-l_at_freelists.org
	Subject: Password verification function
	
	I am trying to implement some simple password complexity rules
by adding
	a password verification function to the default profile.  I am
using 
	Oracle's sample code (utlpwdmg.sql) as a starting point.
Looking at the
	code, I can see that it raises application errors (-20001,
-20002 ...)
	for things like a password which is the same as the user name,
password 
	too short, etc.  When I try to change a password, however, all I
get is
	the generic ORA-28003 error, even when I try a password which, I
	believe, should pass.  What am I missing here?
	
	Environment:  Oracle 8.1.7.4 with the cpuJan2006 patches, AIX


5.3.
        

	Thanks,
	Peter Schauss
	--
	http://www.freelists.org/webpage/oracle-l
	
	
	--
	http://www.freelists.org/webpage/oracle-l
	
	
	







-- 
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist 


--
http://www.freelists.org/webpage/oracle-l


Received on Wed May 10 2006 - 14:51:29 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US