One further data point. I took the Oracle-supplied code and stripped out everything except the part which checks that the password is not the same as the userid. If I log in as a regular user, and try to change the password I get ORA-28003 regardless of what I enter. If I connect as system and try to change the password to equal the username, I get ORA-28003 followed by the expected error code and message from raise_application_error. Is this a privilege problem that I am dealing with? Here is my code: ------------------------------------------------------------------------ ------------ create or replace function dummy_pw_verify (username varchar2, password varchar2, old_password varchar2) return boolean is BEGIN if nls_lower(password) = nls_lower(username) then raise_application_error(-20001, 'Password same as username'); end if; return(true); end; ------------------------------------------------------------------------ ------------- Thanks, Peter Schauss -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Schauss, Peter Sent: Wednesday, May 10, 2006 2:24 PM To: oracle-l@xxxxxxxxxxxxx Subject: Password verification function I am trying to implement some simple password complexity rules by adding a password verification function to the default profile. I am using Oracle's sample code (utlpwdmg.sql) as a starting point. Looking at the code, I can see that it raises application errors (-20001, -20002 ...) for things like a password which is the same as the user name, password too short, etc. When I try to change a password, however, all I get is the generic ORA-28003 error, even when I try a password which, I believe, should pass. What am I missing here? Environment: Oracle 8.1.7.4 with the cpuJan2006 patches, AIX 5.3. Thanks, Peter Schauss -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l