My Oracle Support Banner

ORA-28002 On User Connection Immediately After PASSWORD_LIFE_TIME Changed (Doc ID 162818.1)

Last updated on FEBRUARY 23, 2023

Applies to:

Oracle Database - Enterprise Edition - Version 9.2.0.1 to 12.1.0.1 [Release 9.2 to 12.1]
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Information in this document applies to any platform.
 


Symptoms

You run the utlpwdmg.sql or a custom script in order to enable password management features in your database, with password expiration after 60 days through the PASSWORD_LIFE_TIME limit.

You observe that some users get the following warning while connecting:


but they are still able to connect successfully.



You see the same behaviour when you enable or alter the PASSWORD_LIFE_TIME limit of one of the resource profiles. Users affected are the ones assigned this profile.

The ORA-28002 warning is issued when an account is in the password grace period. The password is about to expire and must be changed within PASSWORD_GRACE_TIME days before it definitely expires (at that point the password change will become mandatory for a successful login).

You would not expect user accounts to expire immediately upon changing the PASSWORD_LIFE_TIME limit of their profile. Instead you would expect that accounts should start expiring at least PASSWORD_LIFE_TIME days after you make this change.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.