Jared,
Metalink was very helpfull. It said that the new password did not pass
the verification function.
Peter Schauss
------------------------------
*From:* Jared Still [mailto:jkstill@xxxxxxxxx]
*Sent:* Wednesday, May 10, 2006 3:39 PM
*To:* Schauss, Peter
*Cc:* oracle-l@xxxxxxxxxxxxx
*Subject:* Re: Password verification function
I just tried your code on an 8.1.7.4 database.
Changing password via the 'password' command works fine,
however using 'alter user USERNAME identified by PASSWORD'
did not work, raising an ORA-28003.
Perhaps a perusal of MetaLink is in order?
Jared
On 5/10/06, oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx>
wrote:
>
> One further data point. I took the Oracle-supplied code and stripped
> out everything except the part which checks that the password is not the
> same as the userid. If I log in as a regular user, and try to change
> the password I get ORA-28003 regardless of what I enter. If I connect
> as system and try to change the password to equal the username, I get
> ORA-28003 followed by the expected error code and message from
> raise_application_error.
>
> Is this a privilege problem that I am dealing with?
>
> Here is my code:
>
> ------------------------------------------------------------------------
> ------------
> create or replace function dummy_pw_verify
> (username varchar2,
> password varchar2,
> old_password varchar2)
> return boolean is
> BEGIN
> if nls_lower(password) = nls_lower(username) then
> raise_application_error(-20001, 'Password same as
> username');
> end if;
> return(true);
> end;
>
> ------------------------------------------------------------------------
> -------------
>
> Thanks,
> Peter Schauss
>
>
>
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx
> [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Schauss, Peter
> Sent: Wednesday, May 10, 2006 2:24 PM
> To: oracle-l@xxxxxxxxxxxxx
> Subject: Password verification function
>
> I am trying to implement some simple password complexity rules by adding
> a password verification function to the default profile. I am using
> Oracle's sample code (utlpwdmg.sql) as a starting point. Looking at the
> code, I can see that it raises application errors (-20001, -20002 ...)
> for things like a password which is the same as the user name, password
> too short, etc. When I try to change a password, however, all I get is
> the generic ORA-28003 error, even when I try a password which, I
> believe, should pass. What am I missing here?
>
> Environment: Oracle 8.1.7.4 with the cpuJan2006 patches, AIX 5.3.
>
> Thanks,
> Peter Schauss
> --
> //www.freelists.org/webpage/oracle-l
>
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
--
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
