This content has been marked as final. Show 3 replies
Its the price of using a password verify function, unless the user is granted the alter user system privilege (probably not the best work around ;) ) using the alter user for a "regular" database user is no longer an option unless the replace is specified.
how to workaround the ORA-28221
The sqlplus PASSWORD command can be used instead, it prompts for the old password. Or in isqlplus the password change screen works also.
Thank you clcarter!
So indeed, there is no official workaround and "Its the price of using a password verify function".
This means that if the database application wants to verify the password strength by Oracle RDBMS the password change request needs needs to be in format:
ALTER USER <username> IDENTIFIED BY "<new_password>" REPLACE "<old_password>"