"ORA-28001: the password has expired" not fixable

Question

I am facing a problem with my production database. The password expired and although I changed the password, it still says it is expired. Even stranger, I have a production web application and a development web application. Both of them access the same database. The production web application works perfectly, and with the development web application I always get:

10:25:42,919 WARN  [JBossManagedConnectionPool] Throwable while attempting to get a new connection: null
org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: ORA-28001: the password has expired
)
    at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:225)
    at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:195)
    at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnectionEventListener(InternalManagedConnectionPool.java:633)
    at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.getConnection(InternalManagedConnectionPool.java:267)
    at org.jboss.resource.connectionmanager.JBossManagedConnectionPool$BasePool.getConnection(JBossManagedConnectionPool.java:622)
    at org.jboss.resource.connectionmanager.BaseConnectionManager2.getManagedConnection(BaseConnectionManager2.java:404)
    at org.jboss.resource.connectionmanager.TxConnectionManager.getManagedConnection(TxConnectionManager.java:381)
    at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:496)
    at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
    at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)
    at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:173)
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
    at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:722)
Caused by: java.sql.SQLException: ORA-28001: the password has expired

    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:439)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:388)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:381)
    at oracle.jdbc.driver.T4CTTIfun.processError(T4CTTIfun.java:564)
    at oracle.jdbc.driver.T4CTTIoauthenticate.processError(T4CTTIoauthenticate.java:431)
    at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:436)
    at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:186)
    at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:366)
    at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:752)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:359)
    at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:531)
    at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:221)
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:503)
    at org.jboss.resource.adapter.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:207)
    ... 41 more

I already logged into the server and did this:

bash
cd /opt/oracle/admin/<SID>
. ./setenv.ora
sqlplus / as sysdba

>sql: ALTER USER <user> IDENTIFIED BY <new password>;

Here's the information requested by Jim:

SQL> select * from dba_users where username = 'user';

USERNAME USER_ID PASSWORD ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE
------------------------------ ---------- ------------------------------ -------------------------------- ------------------- -------------------
DEFAULT_TABLESPACE TEMPORARY_TABLESPACE CREATED PROFILE INITIAL_RSRC_CONSUMER_GROUP
------------------------------ ------------------------------ ---------------------- ------------------------------ ------------------------------
EXTERNAL_NAME
------------------------------------------------------------------------------------------------------------------------------------------------------
PASSWORD E AUTHENTI
-------- - --------
<user> 50 OPEN
<userDAT> TEMP 29.07.2010 17:38:32 DEFAULT DEFAULT_CONSUMER_GROUP

10G 11G N PASSWORD


SQL> select p.* from dba_users u, dba_profiles p where u.profile = p.profile and u.userName = 'user'; 

PROFILE RESOURCE_NAME RESOURCE LIMIT 
------------------------------ -------------------------------- -------- ---------------------------------------- 
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED 
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED 
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED 
DEFAULT CPU_PER_CALL KERNEL UNLIMITED 
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED 
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED 
DEFAULT IDLE_TIME KERNEL UNLIMITED 
DEFAULT CONNECT_TIME KERNEL UNLIMITED 
DEFAULT PRIVATE_SGA KERNEL UNLIMITED 
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED 
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED 
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED 
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED 
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL 
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1 
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7 

16 rows selected. 

Answer 1

The easy way, just do it :)

C:\>sqlplus /nolog
SQL> connect / as SYSDBA
SQL> select * from dba_profiles;
SQL> alter profile default limit password_life_time unlimited;
SQL> alter user hse identified by oracle;
SQL> commit;
SQL> exit;

Answer 2

1.go to your command line interface. 2. then type sqlplus.

Answer 3

just execute this query:

ALTER USER user_name IDENTIFIED BY new_user_name ;
ALTER USER user_name IDENTIFIED BY user_name ;

commit;

Answer 4

Just connect with SQLPlus and the affected user to your DB. SQLPlus will prompt you to change your password.

Answer 5

I did faced similar issue with Oracle of password expiry, to resolve this issue when I tried launching PLSQL, it's prompted me with user name /password and I entered the correct one but system throws me with password expiry error along with password reset input . After I reset my password I was able to connect to oracle database.

Answer 6

Even I was facing same problem. Issue got resolved after following these below mentioned steps,

1. Check to see if any of the accounts are expired

select username, profile, account_status, expiry_date from dba_users;

2. If no accounts are expired, you can skip to step 7
3. Dynamically create SQL that will unexpired the expired accounts. You can unexpired the account by resetting the password. NOTE: You will need to substitute {password} for the password you are using for your user.

select 'ALTER USER ' || username || ' identified by {password};' from dba_users where account_status like 'EXPIRED%' and username != 'XS$NULL';

4. Execute the SQL generated in Step 3
5. Dynamically create SQL that will unlock the locked accounts.

select 'ALTER USER ' || username || ' account unlock;' from dba_users where account_status like 'LOCKED%' and username != 'XS$NULL';

6. Execute the SQL generated in Step 5
7. Modify the profile assigned to the accounts that you don’t want to expire so the PASSWORD_LIFE_TIME is set to UNLIMITED. This will keep them from expiring again. In my case, I needed to update the DEFAULT profile.

alter profile DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED ;

Reference: http://jaredsoablogaz.blogspot.in/2013/04/weblogic-server-not-starting-due-to.html

-Sandeep

Answer 7

Assuming the Oracle DB (should work for Oracle-XE's SAMPLE as well) is on Unix, ssh-in and :

sqlplus /nolog

SQL> connect / as SYSDBA
Connected.

SQL> SELECT username, account_status FROM dba_users WHERE ACCOUNT_STATUS LIKE '%EXPIRED%';
# ... your locked account should be listed ...

SQL> ALTER USER sample IDENTIFIED BY sample;         
User altered.

SQL> ALTER USER sample ACCOUNT UNLOCK;
User altered.

SQL> ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
Profile altered.

SQL> exit

Answer 8

I am 100% sure that my config is correct. I was overwriting all local data with the files from the productive app server. Still no success.

The problem is also this password expiry problem came suddenly while developing, so I am sure that I did not change anything.

However, I logged into the test system and reset the password there. My test system contains like 100 rows, my productive app like 1 million, so I can definitely tell you that I am on the right database.

After resetting the password of the test system, I can log-in again! So this whole story is very strange. Thanks for the support.

Answer 9

Can you post the results of the following? Also, what version of Oracle are you using? I'm assuming 11G?

select * 
  from dba_users 
 where username = '<yourUserName>'

select p.* 
  from dba_users u
     , dba_profiles p 
 where u.profile = p.profile 
   and u.userName = '<yourUserName>'

I'd be curious to see what profile you're using, and what your settings are.