Script:
-- Create function which prevents a user from changing his password
-- Use of a specific USER PROFILE to activate the function
-- GM/ELN - 02/03/01
-- must be connected internal or sys
--
set term on
set echo on
CREATE OR REPLACE FUNCTION verify_function_fix_pwd (username VARCHAR2,
password VARCHAR2, old_password VARCHAR2) RETURN boolean IS
BEGIN
raise_application_error(-20009, 'SORRY, PASSWORD CANNOT BE CHANGED') ;
END ;
/
--
-- Create a profile which has a limit PASSWORD_VERIFY_FUNCTION
-- associated to the previously cretaed function.
-- This profile must be given to all users who are not allowed to change
-- their password
--
DROP PROFILE FIXPWD CASCADE;
CREATE PROFILE FIXPWD LIMIT PASSWORD_VERIFY_FUNCTION verify_function_fix_pwd;
Sample Output:
DROP USER test_pwd;
CREATE USER test_pwd IDENTIFIED by test_pwd DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP ACCOUNT UNLOCK;
GRANT CONNECT TO test_pwd;
ALTER USER test_pwd PROFILE fixpwd;
The piece of code below shows an example of implementation. A user TEST_PWD
was created and granted the profile FIXPWD as above. Now he cannot change his
password, neither with command ALTER USER nor with command PASSWORD (note
that REPLACE keyword is required in 9.2 to prevent getting ORA-28221).
SQL> connect test_pwd/test_pwd@adm
Connected.
SQL> ALTER USER test_pwd IDENTIFIED BY test REPLACE test_pwd;
ALTER USER test_pwd IDENTIFIED BY test REPLACE test_pwd
*ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20009: SORRY, PASSWORD CANNOT BE CHANGED
SQL> password
Changing password for TEST_PWD
ERROR:
ORA-28003: password verification for the specified password failed
ORA-20009: SORRY, PASSWORD CANNOT BE CHANGED
Password unchanged
Disclaimer
EXCEPT WHERE EXPRESSLY PROVIDED OTHERWISE, THE INFORMATION, SOFTWARE,
PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. ORACLE EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. ORACLE MAKES NO WARRANTY THAT: (A) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SOFTWARE WILL BE ACCURATE OR RELIABLE; OR (B) THE INFORMATION, OR OTHER MATERIAL OBTAINED WILL MEET YOUR EXPECTATIONS. ANY CONTENT, MATERIALS, INFORMATION OR SOFTWARE DOWNLOADED OR OTHERWISE OBTAINED IS DONE AT YOUR OWN DISCRETION AND RISK. ORACLE SHALL HAVE
NO RESPONSIBILITY FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY CONTENT, MATERIALS, INFORMATION OR SOFTWARE. ORACLE RESERVES THE RIGHT TO MAKE CHANGES OR UPDATES TO THE SOFTWARE AT ANY TIME WITHOUT NOTICE.
Limitation of Liability
IN NO EVENT SHALL ORACLE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF, THE SOFTWARE. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY. ACCORDINGLY, SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.
-- Create function which prevents a user from changing his password
-- Use of a specific USER PROFILE to activate the function
-- GM/ELN - 02/03/01
-- must be connected internal or sys
--
set term on
set echo on
CREATE OR REPLACE FUNCTION verify_function_fix_pwd (username VARCHAR2,
password VARCHAR2, old_password VARCHAR2) RETURN boolean IS
BEGIN
raise_application_error(-20009, 'SORRY, PASSWORD CANNOT BE CHANGED') ;
END ;
/
--
-- Create a profile which has a limit PASSWORD_VERIFY_FUNCTION
-- associated to the previously cretaed function.
-- This profile must be given to all users who are not allowed to change
-- their password
--
DROP PROFILE FIXPWD CASCADE;
CREATE PROFILE FIXPWD LIMIT PASSWORD_VERIFY_FUNCTION verify_function_fix_pwd;
Sample Output:
DROP USER test_pwd;
CREATE USER test_pwd IDENTIFIED by test_pwd DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP ACCOUNT UNLOCK;
GRANT CONNECT TO test_pwd;
ALTER USER test_pwd PROFILE fixpwd;
The piece of code below shows an example of implementation. A user TEST_PWD
was created and granted the profile FIXPWD as above. Now he cannot change his
password, neither with command ALTER USER nor with command PASSWORD (note
that REPLACE keyword is required in 9.2 to prevent getting ORA-28221).
SQL> connect test_pwd/test_pwd@adm
Connected.
SQL> ALTER USER test_pwd IDENTIFIED BY test REPLACE test_pwd;
ALTER USER test_pwd IDENTIFIED BY test REPLACE test_pwd
*ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20009: SORRY, PASSWORD CANNOT BE CHANGED
SQL> password
Changing password for TEST_PWD
ERROR:
ORA-28003: password verification for the specified password failed
ORA-20009: SORRY, PASSWORD CANNOT BE CHANGED
Password unchanged
Disclaimer
EXCEPT WHERE EXPRESSLY PROVIDED OTHERWISE, THE INFORMATION, SOFTWARE,
PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. ORACLE EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. ORACLE MAKES NO WARRANTY THAT: (A) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SOFTWARE WILL BE ACCURATE OR RELIABLE; OR (B) THE INFORMATION, OR OTHER MATERIAL OBTAINED WILL MEET YOUR EXPECTATIONS. ANY CONTENT, MATERIALS, INFORMATION OR SOFTWARE DOWNLOADED OR OTHERWISE OBTAINED IS DONE AT YOUR OWN DISCRETION AND RISK. ORACLE SHALL HAVE
NO RESPONSIBILITY FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY CONTENT, MATERIALS, INFORMATION OR SOFTWARE. ORACLE RESERVES THE RIGHT TO MAKE CHANGES OR UPDATES TO THE SOFTWARE AT ANY TIME WITHOUT NOTICE.
Limitation of Liability
IN NO EVENT SHALL ORACLE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF, THE SOFTWARE. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY. ACCORDINGLY, SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.