My Oracle Support Banner

OUD 11gPS3/12C - Adding Deprecated-Password-Storage-Scheme To Password Policy Results in pwdReset Flag Being Set to a Value of "true" (Doc ID 2478099.1)

Last updated on NOVEMBER 18, 2019

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.


As part of a migration from ODSEE to OUD there is a requirement to change the password scheme of some users who use legacy
weak password storage schemes (e.g. SHA-1) to SSHA-512 when they login.

Use of the deprecated-password-storage-scheme password policy attribute was used to achieve this.
After setting that,  a user who has their password stored using the deprecated storage scheme logs in, the user is able to login successfully for
the first time and the password is rehashed using the password storage scheme specified in the password policy (SSHA-512). This is expected.

However, in addition to that, the pwdReset flag is also set to true. This means that on subsequent logins the user is not able to do any other
operation unless they change their password.

The desire is for during the migration the passwords to not be forced to change, but still require password changes following and administrative password reset.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.