Problem solve Get help with specific problems with your technologies, process and projects.

Using ALTER USER for changing passwords

We are looking at implementing password profiles on our database users and attaching a password verification function....

I read where ALTER USER does not fully support password verification functions. In what way? I would hate to not be able to use ALTER USER for changing passwords. Oracle Corp. has stated that the only approved methods of changing a password with a password verification function are through the SQL*Plus password command and through the OCIPasswordChange call. If a normal user uses the ALTER USER command and they have a password verification function, then they will receive an error, even if the password passes the verification function. If a DBA user issues the ALTER USER command, then the password verification function is bypassed. This was very frustrating because only SQL*Plus and OCI applications could use the password verfication function. Even Oracle's own products, like Oracle Forms could not have a user change the password if a password verification function was employed.

It took quite some time, but Oracle finally classified this as a bug, Bug #1231172. The Oracle patchset, and Oracle now have the capability to let the user issue a command as follows:

ALTER USER user IDENTIFIED BY 'newpassword' REPLACE 'oldpassword';

This command will let the user issue the ALTER USER command and still employ a password verification function.

Dig Deeper on Oracle database design and architecture