I hate to revive what looks like a much-discussed issue, but we are trying to improve security by implementing password expiration for our users, who connect to 18.104.22.168 and 22.214.171.124 databases using SQL Developer and other tools. We need a method of allowing them to change their passwords themselves and SQL Developer seems the most logical choice for a standard method. We are having the same issue others have reported (Enforcing users to change their password on SQL Developer is the most recent post I found) and I get the same results testing myself. I create a user with a password set to expire on the first login:
create user &username identified by &password default tablespace USERS temporary tablespace TEMP password expire profile &profile_name;
In SQL Plus, I can login to this account and get the password expired message and the prompts to change it, which I can do successfully. In SQL Developer 126.96.36.199, using an 188.8.131.52 instant client against an 184.108.40.206 database, I can successfully test my login and see the message that the password has expired. I then right-click on the Reset Password option and fill in the same prompts I got in SQL Plus (I skipped the change in SQL Plus, so I could try it here). I then get the ORA-01017 error that the username and/or password is invalid:
To confirm that I am using the correct expired password, I go back to the connection properties and click test. I get the message that the password has expired, not that it is incorrect.
Just for grins, I change the password to something I know is incorrect and click test again. I get the message I would expect:
It appears that the Reset Password box is not passing in the same string that I type. Is there a known issue around this? I setup Instant Client according to Jeff's post as well as a more recent one at Oracle Database Admin: RESET EXPIRED PASSWORD USING SQL DEVELOPER. My config works, according to the Test button in Preferences. It looks like this, although I tried this first without the OCI/Thick box checked.
Is there anything else I am missing in configuring this? If we are likely to have mixed results with SQL Developer, has anyone found an easier method users can take to change their own passwords? I am looking for the easiest solution so that we don't create a lot of help desk tickets for individual desktops having issues