Raj-- Call me slow, but I'm not following. User password expires, user calls help desk, user gets "temporary" password--what then? Does user keep that password for 60 days or change it using the stored procedure? What about this setup reduces calls to help desk? Paul Baumgartel paul.baumgartel@xxxxxxxxxxxxxxxxx 212.538.1143 -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of rjamya Sent: Friday, March 03, 2006 9:46 AM To: wbfergus@xxxxxxxx Cc: oracle-l@xxxxxxxxxxxxx Subject: Re: password complexity -- implementing security changes Our corporate security requirements state that passwords must be changed every 60 days for user accounts. So, we wrote a stored procedure that changes user password given a userid. Then wrote a small perl script that can be called by guys in Data Center. when a user calls, they verify it is the right user, call a perl program that changes the password to a temp one and give it to the user on the phone, never in the email. Also our application tracks this and starts reminding suer 7 days before the password expiration. Works fine, the data center doesn't get too many phone calls, everyone is happy. Raj ---------------------------------------------- Got RAC? -- //www.freelists.org/webpage/oracle-l ============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ============================================================================== -- //www.freelists.org/webpage/oracle-l