I am going to simulate a scenario when an account owner would like to change the password of his account by himself.

—– as sys user or user with “DBA” role i will create an account “dropme”:

SQL> create user dropme identified by drop23_k23;

SQL> grant create session to dropme;

exit

—– i will now connect using the account “dropme” against DB1 database:

sqlplus dropme/drop23_k23@DB1

SQL> alter user dropme identified by kitk38_x9 ;

an error ORA-28221 is thrown !!!

To fix that you need to specify the old password:

SQL> alter user dropme identified by kitk38_x9 REPLACE drop23_k23;

Unfortunately some third party applications (from my experience) , the “REPLACE” command clause won’t be executed through the application (password change will be through the application) ……. How to solve that in this case ??

1. You can either grant the account “alter user” permission temporarily:

SQL> grant alter user to dropme;

OR

2. Remove the password verify function  (set it to NULL) from the profile…the user is assigned to:

SQL> ALTER PROFILE “DEFAULT” LIMIT

  SESSIONS_PER_USER UNLIMITED

  CPU_PER_SESSION UNLIMITED

  CPU_PER_CALL UNLIMITED

  CONNECT_TIME UNLIMITED

  IDLE_TIME UNLIMITED

  LOGICAL_READS_PER_SESSION UNLIMITED

  LOGICAL_READS_PER_CALL UNLIMITED

  COMPOSITE_LIMIT UNLIMITED

  PRIVATE_SGA UNLIMITED

  FAILED_LOGIN_ATTEMPTS 3

  PASSWORD_LIFE_TIME UNLIMITED

  PASSWORD_REUSE_TIME UNLIMITED

  PASSWORD_REUSE_MAX UNLIMITED

  PASSWORD_LOCK_TIME UNLIMITED

  PASSWORD_GRACE_TIME 5

  PASSWORD_VERIFY_FUNCTION NULL;