Defining password complexity and its action on “grace” state USERS
-
24-02-2021 - |
Вопрос
I have Oracle USERS linked to external applications that came to "grace" status. I tried to change the assword time expiration to unlimited but it doesn't apply to those account (considering I guess that the "grace" status is responsible for that)
So, in order to keep the application's configuration the same, I wish to renew the passwords without changing them but the complexity policy doesn't allow it (two special characters or/and two capital letters)
ORA-20000: password must contain 2 or more special characters
28003. 00000 - "password verification for the specified password failed"
*Cause: The new password did not meet the necessary complexity
specifications and the password_verify_function failed
*Action: Enter a different password. Contact the DBA to know the rules for
choosing the new password
For info, I migrated the database from 11c to 18 and those policies were simpler on the previous database..
- So, first I am wondering how to edit the complexity policy
- And also if it would apply to USERS that are in "grace" status ?
Thank you very much for your help
Have a nice day
Решение
The password complexity is managed by a function. You can edit the function to fit your requirements or disable it at all.
Check this link : https://docs.oracle.com/en/database/oracle/oracle-database/18/dbseg/configuring-authentication.html#GUID-A39E191B-4A06-442D-94C7-5882B73DDCFA On the section "Managing the Complexity of Passwords"
For the password "grace" time, you should check the Profiles and modify them accordingly. On the same link check for "PASSWORD_GRACE_TIME"
If you want, you can disable the password verify function, assuming the all your users are in the default profile, alter profile default limit PASSWORD_VERIFY_FUNCTION NULL;