My Oracle Support Banner

OUD11gPS3/12c - The Addition of "deprecated-password-storage-scheme" to the Password Policy Results in "pwdReset" Flag Being Set to "true" (Doc ID 2478099.1)

Last updated on AUGUST 20, 2021

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.


As part of a migration from ODSEE to OUD there is a requirement to change the password scheme of some users who use legacy
weak password storage schemes (e.g. SHA-1) to SSHA-512 when they login.

Use of the deprecated-password-storage-scheme password policy attribute was used to achieve this.
After setting that,  a user who has their password stored using the deprecated storage scheme logs in, the user is able to login successfully for
the first time and the password is rehashed using the password storage scheme specified in the password policy (SSHA-512). This is expected.

However, in addition to that, the pwdReset flag is also set to true. This means that on subsequent logins the user is not able to do any other
operation unless they change their password.

The desire is for during the migration the passwords to not be forced to change, but still require password changes following and administrative password reset.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.