Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Security Management
Continuing on my security related problems.
Thomas, i am going through your article on fine grained access control, and will revert once I have digested it. Thanks a lot for the pointer.
New query:
ALTER PROFILE sms_profile
PASSWORD_VERIFY_FUNCTION fn_verify_pwd
I have borrowed some of the code from utlpwdmg.sql. I have added code to validate that the new password is not present in a list of restricted passwords.
When i use
ALTER USER <username> IDENTIFIED by <newpass>,
the function is triggered, does the required validations, and returns the correct messages.
When i expire the password,
(ALTER USER <username> PASSWORD EXPIRE)
it asks the user to change the password - prompting for the old password and the new. However, this does NOT fire the password verify function. Consequently, my pasword is not validated against the restricted list.
I need to necessarily expire the password at regular intervals - as per our organization's security guidelines. Is there any way that I can get the function to be invoked while changing the password after it expires? Importantly, the ids and passwords are created by a security group, and the user has to be forced to change the password. Am using EXPIRE PASSWORD for this too...
Is this a bug in Oracle, or am I missing something here?
Am using Oracle 8.1.5 EE (8i) on AIX 4.3
Regards,
VJ
Please remove the '00' from my email id for replying. Received on Sun Oct 31 1999 - 10:06:01 CST