Password control
Effective with Oracle8, the DBA can establish a password policy through the use of profiles. The user profile has been extended to include parameters that control a password’s lifetime, ability to be reused, and even its length and format. There are also parameters that allow you to lock out an account if unsuccessful attempts are made to connect to it.
The password control parameters include the following:
- FAILED_LOGIN_ATTEMPTS
The number of failed login attempts before the account is locked. Value is in failed attempts. This parameter is primarily used to lock an account in the event of an apparent break-in attempt. Once an account is locked, it remains locked for the time specified in PASSWORD_LOCK_TIME.
- PASSWORD_GRACE_TIME
The number of days after the password has expired during which you are allowed to continue to connect to the database. During the grace period, an error message is returned upon login that warns you to change your password. The grace period begins the first time a user connects after the password has expired. Value is in days.
- PASSWORD_LIFE_TIME
The number of days that a password, once set, is valid. This allows you to establish a password policy that requires passwords to be changed on a regular interval. Value is in days.
- PASWORD_LOCK_TIME
The length of time an account is locked after the FAILED_LOGIN_ATTEMPTS maximum is exceeded. Once an account is locked, it can be unlocked either by waiting for the number of days specified in the PASSWORD_LOCK_TIME ...
Get Oracle Database Administration: The Essential Refe now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
