The dbms_obfuscation_toolkit didn't work for me in that the encrypted
password returned did not match the encrypted (hashed) password in the
dba_users table, but I did find my answer at http://asktom.oracle.com.
I found it to be very helpful site. THANKS!
Karsten Farrell wrote:
>
> kathleen.m.ranes_at_boeing.com said...
> > 2)To authenticate their old password before allowing the user to change
> > their password to something else.
> >
> > I've read in the Oracle material that ocipasswordchange() can be used to
> > verify the old password, but I'm not using C or Perl and want to be able
> > to run it from a PL/SQL package.
> >
> > Any ideas to accomplish the above would be appreciated.
> >
> Head on over to http://asktom.oracle.com and search for
> "dbms_obfuscation_toolkit" (without quotes). If you pass the clear-text
> password, it will return the encrypted password that Oracle uses and you
> can compare that against dba_users or some such.
>
> For example, I have the following function that returns the encrypted
> password:
>
> create or replace function md5_digest (
> vin_string IN varchar2
> ) return varchar2 IS
> --
> -- Return an MD5 hash of the input string.
> --
> BEGIN
> --
> -- Hash (encrypt) a string using DBMS_OBFUSCATION_TOOLKIT.MD5.
> return lower(dbms_obfuscation_toolkit.md5 (
> input => utl_raw.cast_to_raw(vin_string)
> ));
> --
> END md5_digest;
>
> --
> /Karsten
> DBA > retired > DBA
Received on Tue Apr 15 2003 - 12:36:01 CDT
