Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Password management using profiles

Password management using profiles

From: Ana Choto <achoto_at_american.edu>
Date: Tue, 20 Jan 2004 11:34:45 -0800
Message-ID: <F001.005DDABA.20040120113445@fatcity.com>

I have set up a profile where the passwords expire in 30 days, 6 characters minimum, grace period before the account locks to 6 days. It works as expected when the user logs in to our web site and tries to change the password. Users receive error messages whenever their password doesn't comply with the rules we have set up in the profile. We use the verify_function.

The only problem I have is that when the users go to our web site they are presented with a login screen. If their account is locked or expired, or it is within the grace period before the account expires they don't receive a message to that account. If the account is expired the login screen resets and prompts for user id and password over and over.

I have opened a TAR wit Oracle support, but they don't have an answer to that effect. They say it is an application issue. I've researched everywhere I could think of and everything I have found is the same, use profiles and the verify_function function. I've also read the documentation regarding password management, but I couldn't find anything of help.

Our database is 8.1.7.2, and we're in Unix 5.8. We're using 9iAS release 1. We have created a DAD to connect to the database. When users click on our link then they see the login screen, just the same way as Metalink's. Only if they sign on successfully and try to change the password the profile works as a charm.

I guess we need something that checks for the password status once the user enters id and password in the login screen.

I'd appreciate any help in finding documents or web sites I can visit to find a solution to this problem. We'd like to enforce our password policies as soon as possible, but upper management doesn't want me to do it until we can display the information regarding password status. Users may be at a loss if they just see the login screen resetting without knowing why, and our Help Desk would be inundated with calls.

Thanks again for any suggestions!

Ana E. Choto
Systems Programmer
American University
e-Operations - Information Technology
Phone (202) 885-2275
Fax (202) 885-2224

--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: Ana Choto
  INET: achoto_at_american.edu

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Tue Jan 20 2004 - 13:34:45 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US