Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Moving users between profiles - PW issues?
"Sybrand Bakker" <gooiditweg_at_sybrandb.nospam.demon.nl> a écrit dans le message de
news:sbj6tvcn4kf0l7kvut9u4hhhlgujfqpq9a_at_4ax.com...
> On 7 Dec 2003 07:32:42 -0800, jcsanne_at_yahoo.com (jay) wrote:
>
> >My company has created a profile that all Oracle databases must
> >implement. The main purpose of this profile is to enforce stronger
> >password standards. The corporate folks have a new
> >PASSWORD_VERIFY_FUNCTION that will enforce longer password lengths,
> >ensure at least one special character, and at least one numeric.
> >
> >I manage a database that has about 300 folks in the DEFAULT profile
> >without anything specified for PASSWORD_VERIFY_FUNCTION. I'm assuming
> >that many of my users don't have passwords that meet all of the
> >standards above.
> >
> >Before I blindly shift 300 accounts to this new profile I want to know
> >what will happen to users with passwords that will "fail" new
> >PASSWORD_VERIFY_FUNCTION.
> >
> >For instance, if the new PASSWORD_VERIFY_FUNCTION says 6 characters,
> >but the user's password is 3 characters, what happens? Will Oracle
> >force a "graceful" password change or is the account locked out?
> >
> >Does anyone has experience with this?
> >
> >Thanks.
>
> IIRC the password verify function is only invoked when changing the
> password, so current passwords shouldn't be affected. The verify
> function isn't called at logon, as you seem to imply.
> It also *DOESN'T work with ALTER USER identified by, you'll need to
> use the password command (sql*plus) or a specific OCI, which I can't
> remember, but which is documented.
>
>
>
> --
> Sybrand Bakker, Senior Oracle DBA
Hi Sybrand,
Did you say if i execute an ALTER USER the verify function is not invoked? If so, i'm not agree with you (Oracle8iR3, Windows NT4, SQL*Plus):
817> CREATE OR REPLACE FUNCTION verify_function
2 (username varchar2,
3 password varchar2,
4 old_password varchar2)
5 RETURN boolean IS
6 BEGIN
7 -- Check if the password is same as the username 8 IF password = username THEN 9 raise_application_error(-20001, 'Password same as user'); 10 END IF; 11 12 -- Check for the minimum length of the password 13 IF length(password) < 4 THEN 14 raise_application_error(-20002, 'Password length less than 4'); 15 END IF; 16 17 -- Everything is fine; return TRUE ; 18 RETURN(TRUE);
Fonction créée.
817> CREATE PROFILE TST LIMIT
2 PASSWORD_VERIFY_FUNCTION verify_function;
Profil créé.
817> alter user test profile tst;
Utilisateur modifié.
817> alter user test identified by test;
alter user test identified by test
*
ERREUR à la ligne 1 :
ORA-28003: Echec de la vérification du mot de passe indiqué
ORA-20001: Password same as user
Michel Cadot Received on Sun Dec 07 2003 - 11:36:17 CST