ORA-28002 On User Connection Immediately After PASSWORD_LIFE_TIME Changed
(Doc ID 162818.1)
Last updated on FEBRUARY 01, 2022
Applies to:Oracle Database - Enterprise Edition - Version 22.214.171.124 to 126.96.36.199 [Release 9.2 to 12.1]
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Information in this document applies to any platform.
You run the utlpwdmg.sql or a custom script in order to enable password management features in your database, with password expiration after 60 days through the PASSWORD_LIFE_TIME limit.
You observe that some users get the following warning while connecting:
but they are still able to connect successfully.
You see the same behaviour when you enable or alter the PASSWORD_LIFE_TIME limit of one of the resource profiles. Users affected are the ones assigned this profile.
The ORA-28002 warning is issued when an account is in the password grace period. The password is about to expire and must be changed within PASSWORD_GRACE_TIME days before it definitely expires (at that point the password change will become mandatory for a successful login).
You would not expect user accounts to expire immediately upon changing the PASSWORD_LIFE_TIME limit of their profile. Instead you would expect that accounts should start expiring at least PASSWORD_LIFE_TIME days after you make this change.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!