I am facing a problem with my production database. The password expired and although I changed the password, it still says it is expired. Even stranger, I have a production web application and a development web application. Both of them access the same database. The production web application works perfectly, and with the development web application I always get:
10:25:42,919 WARN [JBossManagedConnectionPool] Throwable while attempting to get a new connection: null
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: ORA-28001: the password has expired
)
at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:225)
at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:195)
at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnectionEventListener(InternalManagedConnectionPool.java:633)
at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.getConnection(InternalManagedConnectionPool.java:267)
at org.jboss.resource.connectionmanager.JBossManagedConnectionPool$BasePool.getConnection(JBossManagedConnectionPool.java:622)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.getManagedConnection(BaseConnectionManager2.java:404)
at org.jboss.resource.connectionmanager.TxConnectionManager.getManagedConnection(TxConnectionManager.java:381)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:496)
at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:173)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:722)
Caused by: java.sql.SQLException: ORA-28001: the password has expired
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:388)
at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:381)
at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:564)
at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:431)
at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:436)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:186)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:366)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:752)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:359)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:531)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:221)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:503)
at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:207)
... 41 more
I already logged into the server and did this:
bash
cd /opt/oracle/admin/<SID>
. ./setenv.ora
sqlplus / as sysdba
>sql: ALTER USER <user> IDENTIFIED BY <new password>;
Here's the information requested by Jim:
SQL> select * from dba_users where username = 'user';
USERNAME USER_ID PASSWORD ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE
------------------------------ ---------- ------------------------------ -------------------------------- ------------------- -------------------
DEFAULT_TABLESPACE TEMPORARY_TABLESPACE CREATED PROFILE INITIAL_RSRC_CONSUMER_GROUP
------------------------------ ------------------------------ ---------------------- ------------------------------ ------------------------------
EXTERNAL_NAME
------------------------------------------------------------------------------------------------------------------------------------------------------
PASSWORD E AUTHENTI
-------- - --------
<user> 50 OPEN
<userDAT> TEMP 29.07.2010 17:38:32 DEFAULT DEFAULT_CONSUMER_GROUP
10G 11G N PASSWORD
SQL> select p.* from dba_users u, dba_profiles p where u.profile = p.profile and u.userName = 'user';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7
16 rows selected.
Assuming the Oracle DB (should work for Oracle-XE's SAMPLE as well) is on Unix, ssh-in and :
sqlplus /nolog
SQL> connect / as SYSDBA
Connected.
SQL> SELECT username, account_status FROM dba_users WHERE ACCOUNT_STATUS LIKE '%EXPIRED%';
# ... your locked account should be listed ...
SQL> ALTER USER sample IDENTIFIED BY sample;
User altered.
SQL> ALTER USER sample ACCOUNT UNLOCK;
User altered.
SQL> ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
Profile altered.
SQL> exit
I am 100% sure that my config is correct. I was overwriting all local data with the files from the productive app server. Still no success.
The problem is also this password expiry problem came suddenly while developing, so I am sure that I did not change anything.
However, I logged into the test system and reset the password there. My test system contains like 100 rows, my productive app like 1 million, so I can definitely tell you that I am on the right database.
After resetting the password of the test system, I can log-in again! So this whole story is very strange. Thanks for the support.
Can you post the results of the following? Also, what version of Oracle are you using? I'm assuming 11G?
select *
from dba_users
where username = '<yourUserName>'
select p.*
from dba_users u
, dba_profiles p
where u.profile = p.profile
and u.userName = '<yourUserName>'
I'd be curious to see what profile you're using, and what your settings are.
Even I was facing same problem. Issue got resolved after following these below mentioned steps,
Check to see if any of the accounts are expired
select username, profile, account_status, expiry_date from dba_users;
If no accounts are expired, you can skip to step 7
Dynamically create SQL that will unexpired the expired accounts. You can unexpired the account by resetting the password. NOTE: You will need to substitute {password} for the password you are using for your user.
select 'ALTER USER ' || username || ' identified by {password};' from
dba_users where account_status like 'EXPIRED%' and username !=
'XS$NULL';
Execute the SQL generated in Step 3
Dynamically create SQL that will unlock the locked accounts.
select 'ALTER USER ' || username || ' account unlock;' from dba_users
where account_status like 'LOCKED%' and username != 'XS$NULL';
Execute the SQL generated in Step 5
Modify the profile assigned to the accounts that you don’t want to expire so the PASSWORD_LIFE_TIME is set to UNLIMITED. This will keep them from expiring again. In my case, I needed to update the DEFAULT profile.
alter profile DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED ;
Reference:
http://jaredsoablogaz.blogspot.in/2013/04/weblogic-server-not-starting-due-to.html
-Sandeep
1.go to your command line interface.
2. then type sqlplus.
Just connect with SQLPlus and the affected user to your DB. SQLPlus will prompt you to change your password.
I did faced similar issue with Oracle of password expiry, to resolve this issue when I tried launching PLSQL, it's prompted me with user name /password and I entered the correct one but system throws me with password expiry error along with password reset input . After I reset my password I was able to connect to oracle database.
just execute this query:
ALTER USER user_name IDENTIFIED BY new_user_name ;
ALTER USER user_name IDENTIFIED BY user_name ;
commit;
The easy way, just do it :)
C:\>sqlplus /nolog
SQL> connect / as SYSDBA
SQL> select * from dba_profiles;
SQL> alter profile default limit password_life_time unlimited;
SQL> alter user hse identified by oracle;
SQL> commit;
SQL> exit;
Related
Steps i did
in CMD
a. sqlplus / as sysdba;
b. alter pluggable database all open;
c. alter pluggable database all save state;
d. connect sys/{passwd}#localhost:1521/xepdb1 as sysdba;
e. alter user hr identified by {passwd};
f. alter user hr account unlock;
g. connect hr/{passwd}#localhost:1521/xepdb1 as sysdba;
h. select * from hr.jobs;
then in add XEPDB1 in tnsnames.ora as below
enter image description here
on SQL Developer typed these
enter image description here
but get ERROR Status : Failure -Test failed: Locale not recognized
Does Oracle 12 support having the old password required when changing a password to a specific user?
What I would like:
ALTER USER user_a IDENTIFIED BY secret123;
-- ERROR, missing old password
ALTER USER user_a IDENTIFIED BY secret456 REPLACE secret123;
-- OK
ALTER USER user_b IDENTIFIED BY secret789;
-- OK, since user_b does not require old password when changing it
Thanks!
Yes, this is supported since Oracle 9i, when a function was introduced that checks a new password for complexity and optionally for difference to the old password. As Oracle stores only hashes, not the passwords, it cannot compare old and new passwords unless the user supplies it during the change.
So, all users with a PROFILE where the PASSWORD_VERIFY_FUNCTION is set are required to have the old password, even if this function doesn't check any passwords:
CREATE OR REPLACE FUNCTION always_true (
username VARCHAR2,
password VARCHAR2,
old_password VARCHAR2) RETURN boolean IS
BEGIN
RETURN TRUE;
END always_true;
/
CREATE PROFILE always_true
LIMIT PASSWORD_VERIFY_FUNCTION always_true;
CREATE USER user_a IDENTIFIED BY secret123 PROFILE always_true;
GRANT CREATE SESSION to user_a;
Now user_a has to specify the old password:
ALTER USER user_a IDENTIFIED BY secret123;
ORA-28221: REPLACE not specified
ALTER USER user_a IDENTIFIED BY secret456 REPLACE secret123;
User altered.
A user with a profile without PASSWORD_VERIFY_FUNCTION or this parameter set to NULL doesn't have to specify the old password:
CREATE PROFILE without_function
LIMIT PASSWORD_VERIFY_FUNCTION NULL;
CREATE USER user_b IDENTIFIED BY secret123 PROFILE without_function;
GRANT CREATE SESSION to user_b;
Now user_b can change his/her password without having the old password:
ALTER USER user_b IDENTIFIED BY secret789;
User altered.
The second option is to have the privilege ALTER USER, but that is only for administrators, as they can change all the passwords of all account.
Oracle docu says
You can omit the REPLACE clause if you are setting your own password for the first time or you have the ALTER USER system privilege and you are changing another user's password. However, unless you have the ALTER USER system privilege, you must always specify the REPLACE clause if a password complexity verification function has been enabled ...
so the answer would be - add a password verification function to those users that should provide the old password (and revoke the password change system privilege from them).
I am an IS auditor and I would like to check how we can retrieve the PASSWORD_VERIFY_FUNCTION assigned to users. I understand the script utlpwdmg.sql can be executed to setup the default password resource limits.
If changes were made using ALTER PROFILE, the script utlpwdmg.sql will not show the latest settings.
Please let me know what SQL commands I can execute to show what is the PASSWORD_VERIFY_FUNCTION stored and used in the system.
You can use this query to see source code of stored proc:
--Source of all password functions.
select *
from dba_source
where owner = 'SYS'
and name in
(
--The name of all password functions in use.
--See DBA_USERS.PROFILE to determine which user is using which profile.
select limit
from dba_profiles
where resource_name = 'PASSWORD_VERIFY_FUNCTION'
--Yes, this is intentionally the string 'NULL', that's what Oracle uses here.
and limit <> 'NULL'
)
order by name, line;
To find out what users are using PASSWORD_VERIFY_FUNCTION, you need to find out which profiles are using the function and then see which users are assigned that profile.
select profile from dba_profiles where limit = 'PASSWORD_VERIFY_FUNCTION';
select username from dba_users where profile = ;
a couple of days ago I installed oracle 12c. I ran it after a days or two but I completely lost my Username, I do remember my password but not username. I there any way by which I can see what username I set
Assuming that you can login as SYS, you can use:
select *
from dba_users
This will give all the users, including the one you defined; here you find something more.
There is new procedure for generating password since Oracle 11g. You can use
create or replace function get_hash_11g(p_password varchar2, p_salt varchar2) return varchar2 is
lv_pwd_raw RAW(128);
lv_enc_raw RAW(2048);
BEGIN
lv_pwd_raw := utl_raw.cast_to_raw(p_password) || hextoraw(p_salt);
lv_enc_raw := sys.dbms_crypto.hash(lv_pwd_raw, 3);
return lv_enc_raw;
end get_hash_11g;
/
Then run select
select w.name from sys.user$ w
where substr(w.spare4, 3, 40) = get_hash_11g(/*your password*/'&pass', substr(spare4, 43, 20));
/
Set up the following environment variables. They are not necessary for the process itself, but will help you navigate. In this case my domain is called "ClassicDomain". Remember to change the value to match your domain.
export MW_HOME=/u01/app/oracle/middleware
export DOMAIN_HOME=$MW_HOME/user_projects/domains/ClassicDomain
Shut down the WebLogic domain.
$ $DOMAIN_HOME/bin/stopWebLogic.sh
Rename the data folder.
$ mv $DOMAIN_HOME/servers/AdminServer/data $DOMAIN_HOME/servers/AdminServer/data-old
Reset the password using the following command. Remember to substitute the appropriate username and password.
$ cd $DOMAIN_HOME/security
$ java weblogic.security.utils.AdminAccount <username> <password> .
If you are able to invoke sqlplus then follow this:
sqlplus:/ as sysdba - this is the command needed to login as sys.
password: - don't give any password. Just hit enter
SQL> select username from dba_users; - this command will give list of users in the database.
I want to unlock one account in SQL Server. Before unlocking I have to check whether that account is locked or not.
I want to unlock only if the account is locked.
Is there any SQL query or stored procedure to get the "Locked" status of SQL user?
Posting Answer on Behalf of Alex K.
SELECT LOGINPROPERTY('loginname', 'IsLocked')
Do you mean a login name that has Login: Denied ? If so you can:
SELECT is_disabled from sys.server_principals WHERE name = #loginname
Listing all logins with unlocked statuses in all Databases (active all logins on all DBs)
SELECT name, is_disabled, LOGINPROPERTY(name, N'isLocked') as is_locked,
LOGINPROPERTY(name, N'LockoutTime') as LockoutTime into #tmp_is_disabled
FROM sys.sql_logins
WHERE LOGINPROPERTY(name, N'isLocked') = 0
select * from #tmp_is_disabled where is_disabled ='false'
~~regarding~~
~~pektas~~