Re: Oracle 8i and password management accross platforms...

Once a user's password has expired, they should not be able to change it themselves. This is usually where a help desk steps in to reset the password, or else the account may be dropped after it's unused for a while longer. Sound like what you need to do is give the users a chance to change their password before it expires, based on the password_grace_time resource limit. As long as the user can still connect (ie, not yet expired), the password can be changed with an 'alter user identified by'. But watch out if you're using the password_verify_function - oracle is saying that with this in place, the 'alter user identified by' no longer works(!) and you must use an OCI function. Check out metalink for more details.

Alan Wilson wrote:
>
> I am trying to implement a 'Security Module' in Oracle that will enable the
> user to manage their own password using either Visual Basic, C++(CGI), or
> JAVA applications. The problem we have had so far is if the user's password
> has expired, they can not log in to Oracle to re-set their password. Would
> it be possible to use stored procedures to manage a user's password that
> could be called from either a VB, C++(CGI), or JAVA application? The stored
> procedure would need to allow the user to re-set their own password should
> it expire. If a stored procedure could be used for managing passwords, is
> there somewhere I could find sample code to help me understand how to create
> such a stored procedure?
Received on Wed May 09 2001 - 06:43:29 CDT