Getting 'old_password' into profile-based verify function ...
Environment: Oracle 11.2.0.3 EE on Solaris 10<something>
I am currently using a slightly modified version of the supplied password verify function seen in $ORACLE_HOME/rdbms/admin/utlpwdmg.sql to verify new passwords. I need to add the logic that checks for the new password changing by more than 'x' characters, in my case four (4).
I can obviously do it if I use a script that prompts for the old password and the new password.
However, I'd like to have the password verify function specified in the users's profile so it will be invoked if anyone executes a 'ALTER USER ....' from say SQL*Plus.
Even though there is an input parameter for the old password, when the function is specified in the profile, the old_password parameter is always passed as a NULL.
Is there any way of getting the old password passed to the verify function to be compared with the new one?
I assume it has to be clear text to do the character check.
Any work-arounds available to show an auditor-type that any new passwords have been changed by at least four (4) characters when the password is changed using any means available like SQL*Plus, SQL*Developer, TOAD, etc.
Thanks very much for the help!!
GO GIANTS in Super Bowl XLVI in Indy!!!
-gary