Defining password complexity and its action on “grace” state USERS

Question

I have Oracle USERS linked to external applications that came to "grace" status. I tried to change the assword time expiration to unlimited but it doesn't apply to those account (considering I guess that the "grace" status is responsible for that)

So, in order to keep the application's configuration the same, I wish to renew the passwords without changing them but the complexity policy doesn't allow it (two special characters or/and two capital letters)

    ORA-20000: password must contain 2 or more special characters
    28003. 00000 -  "password verification for the specified password failed"
    *Cause:    The new password did not meet the necessary complexity
               specifications and the password_verify_function failed
    *Action:   Enter a different password. Contact the DBA to know the rules for
               choosing the new password

For info, I migrated the database from 11c to 18 and those policies were simpler on the previous database..

• So, first I am wondering how to edit the complexity policy
• And also if it would apply to USERS that are in "grace" status ?

Thank you very much for your help

Have a nice day

Answer 1

The password complexity is managed by a function. You can edit the function to fit your requirements or disable it at all.

Check this link : https://docs.oracle.com/en/database/oracle/oracle-database/18/dbseg/configuring-authentication.html#GUID-A39E191B-4A06-442D-94C7-5882B73DDCFA On the section "Managing the Complexity of Passwords"

For the password "grace" time, you should check the Profiles and modify them accordingly. On the same link check for "PASSWORD_GRACE_TIME"

If you want, you can disable the password verify function, assuming the all your users are in the default profile, alter profile default limit PASSWORD_VERIFY_FUNCTION NULL;