Re: Oracle users and password changes


I'm capable of reading the documentation - thanks for your comment.



Regards,

Dianna Gibbs
Oracle DBA, OCP 8, 8i, 9i, 10g 
Children's Medical Center 
dianna.gibbs@xxxxxxxxxxxxx
214-456-1776 Phone
972-451-3361 Pager



>>> Mladen Gogala <mgogala@xxxxxxxxxxx> 04/04/07 11:26 AM >>>
DIANNA GIBBS wrote:
> We need to set up a process where Oracle
> users (currently few and mostly ODBC using Access) are notified
> and can change their password dynamically every 90 days.
>
> We were wondering what other companies do and any
> best practices?  Any thoughts or comments appreciated.
>
> Thanks.
> Dianna G.
>
>
>   

Most of the other companies have DBA personnel capable of reading 
documentation.
More specifically, I believe that there is a "CREATE PROFILE" statement 
described in the
documentation and that the following options are supported:

FAILED_LOGIN_ATTEMPTS Specify the number of failed attempts to log in to 
the user account before the account is locked.

PASSWORD_LIFE_TIME Specify the number of days the same password can be 
used for authentication. If you also set a value for 
|PASSWORD_GRACE_TIME|, the password expires if it is not changed within 
the grace period, and further connections are rejected. If you do not 
set a value for |PASSWORD_GRACE_TIME|, its default of |UNLIMITED| will 
cause the database to issue a warning but let the user continue to 
connect indefinitely.

PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX  These two parameters must be 
set in conjunction with each other. |PASSWORD_REUSE_TIME| specifies the 
number of days before which a password cannot be reused. 
|PASSWORD_REUSE_MAX| specifies the number of password changes required 
before the current password can be reused. For these parameter to have 
any effect, you must specify an integer for both of them.

    *

      If you specify an integer for both of these parameters, then the
      user cannot reuse a password until the password has been changed
      the password the number of times specified for
      |PASSWORD_REUSE_MAX| during the number of days specified for
      |PASSWORD_REUSE_TIME|.

      For example, if you specify |PASSWORD_REUSE_TIME| to 30 and
      |PASSWORD_REUSE_MAX| to 10, then the user can reuse the password
      after 30 days if the password has already been changed 10 times.

    *

      If you specify an integer for either of these parameters and
      specify |UNLIMITED| for the other, then the user can never reuse a
      password.

    *

      If you specify |DEFAULT| for either parameter, then Oracle
      Database uses the value defined in the |DEFAULT| profile. By
      default, all parameters are set to |UNLIMITED| in the |DEFAULT|
      profile. If you have not changed the default setting of
      |UNLIMITED| in the |DEFAULT| profile, then the database treats the
      value for that parameter as |UNLIMITED|.

    *

      If you set both of these parameters to |UNLIMITED|, then the
      database ignores both of them.

PASSWORD_LOCK_TIME  Specify the number of days an account will be locked 
after the specified number of consecutive failed login attempts.

PASSWORD_GRACE_TIME Specify the number of days after the grace period 
begins during which a warning is issued and login is allowed. If the 
password is not changed during the grace period, the password expires.

There are some other options, too, but those are not for beginners.


--
http://www.freelists.org/webpage/oracle-l

Other related posts: