RE: Enforcing password rules in oracle database
- From: "Powell, Mark" <mark.powell2@xxxxxx>
- To: "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Fri, 18 Mar 2011 17:41:51 +0000
I would think you would want to require more than 7 characters especially with
such a long duration which you might consider shortening.
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Mahesh G
Sent: Friday, March 18, 2011 4:31 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Enforcing password rules in oracle database
Hi all,
We have one requirement to enforce below mentioned password rules for all newly
created user accounts in our environment.
1) All passwords must have at least 7 characters in length
2) All Logins will require the use of a password
3) Passwords must not match the username
4) Unsuccessful login attempts must be audited
5) Password duration <= 90 days
6) Failed logins limit = 6
Oracle built-in feature, setting Default profile and calling verify_function
function ($ORACLE_HOME/rdbms/admin/utlpwdmg.sql ) doesnt serve my purpose.
Because 2 rule will be violated for those users who use external password
option. My env is combination of 9i, 10g & 11g version databases.
Can you recommend / suggest any best way to implement the above rules ? It
would be great help.
Regards,
- Mahesh
Other related posts: