RE: Enforcing password rules in oracle database
- From: John Hallas <John.Hallas@xxxxxxxxxxxxxxxxxx>
- To: "gmaheshji@xxxxxxxxx" <gmaheshji@xxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Fri, 18 Mar 2011 09:16:15 +0000
The creation of external users would be managed by the DBA who is yourself
presumably. If that is your policy then do not create externally identified
users.
The sample verify function provided by oracle is a good starting point but
there are others available on the net which you can customise to your specific
requirements.
Step 4 is done by the use of audit, all the profile can do is restrict access
after x number of failed attempts
www.jhdba.wordpress.com
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Mahesh G
Sent: 18 March 2011 08:31
To: oracle-l@xxxxxxxxxxxxx
Subject: Enforcing password rules in oracle database
Hi all,
We have one requirement to enforce below mentioned password rules for all newly
created user accounts in our environment.
1) All passwords must have at least 7 characters in length
2) All Logins will require the use of a password
3) Passwords must not match the username
4) Unsuccessful login attempts must be audited
5) Password duration <= 90 days
6) Failed logins limit = 6
Oracle built-in feature, setting Default profile and calling verify_function
function ($ORACLE_HOME/rdbms/admin/utlpwdmg.sql ) doesnt serve my purpose.
Because 2 rule will be violated for those users who use external password
option. My env is combination of 9i, 10g & 11g version databases.
Can you recommend / suggest any best way to implement the above rules ? It
would be great help.
Regards,
- Mahesh
______________________________________________________________________
Wm Morrison Supermarkets Plc is registered in England with number 358949. The
registered office of the company is situated at Gain Lane, Bradford, West
Yorkshire BD3 7DL. This email and any attachments are intended for the
addressee(s) only and may be confidential.
If you are not the intended recipient, please inform the sender by replying to
the email that you have received in error and then destroy the email.
If you are not the intended recipient, you must not use, disclose, copy or rely
on the email or its attachments in any way.
This email does not constitute a contract in writing for the purposes of the
Law of Property (Miscellaneous Provisions) Act 1989.
Our Standard Terms and Conditions of Purchase, as may be amended from time to
time, apply to any contract that we enter into. The current version of our
Standard Terms and Conditions of Purchase is available at:
http://www.morrisons.co.uk/gscop
Although we have taken steps to ensure the email and its attachments are
virus-free, we cannot guarantee this or accept any responsibility,
and it is the responsibility of recipients to carry out their own virus checks.
______________________________________________________________________
Other related posts:
