ORA-28002 On User Connection Immediately After PASSWORD_LIFE_TIME Changed (Doc ID 162818.1)

Last updated on SEPTEMBER 28, 2016

Applies to:

Oracle Database - Enterprise Edition - Version 9.2.0.1 to 12.1.0.1 [Release 9.2 to 12.1]
Information in this document applies to any platform.
Checked for relevance on 25-Dec-2011


Symptoms

You run the utlpwdmg.sql or a custom script in order to enable password management features in your database, with password expiration after 60 days through the PASSWORD_LIFE_TIME limit.

You observe that some users get the following warning while connecting:

ORA-28002 the password will expire within 10 days


but they are still able to connect successfully.



You see the same behaviour when you enable or alter the PASSWORD_LIFE_TIME limit of one of the resource profiles. Users affected are the ones assigned this profile.

The ORA-28002 warning is issued when an account is in the password grace period. The password is about to expire and must be changed within PASSWORD_GRACE_TIME days before it definitely expires (at that point the password change will become mandatory for a successful login).

You would not expect user accounts to expire immediately upon changing the PASSWORD_LIFE_TIME limit of their profile. Instead you would expect that accounts should start expiring at least PASSWORD_LIFE_TIME days after you make this change.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms