11g密码过期问题
11g密码过期问题
开发反映,应用帐号即将过期,提示修改密码,登录数据库查看用户状态为LOCKED(TIMED)
sys@TYOLAP1(dtydb3)>select * from dba_profiles order by 1;
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
APP_PROFILE PASSWORD_GRACE_TIME PASSWORD DEFAULT
APP_PROFILE PASSWORD_LIFE_TIME PASSWORD DEFAULT
APP_PROFILE FAILED_LOGIN_ATTEMPTS PASSWORD DEFAULT
APP_PROFILE PRIVATE_SGA KERNEL DEFAULT
APP_PROFILE CPU_PER_SESSION KERNEL DEFAULT
APP_PROFILE CONNECT_TIME KERNEL DEFAULT
APP_PROFILE IDLE_TIME KERNEL DEFAULT
APP_PROFILE COMPOSITE_LIMIT KERNEL DEFAULT
APP_PROFILE LOGICAL_READS_PER_CALL KERNEL DEFAULT
APP_PROFILE PASSWORD_REUSE_TIME PASSWORD UNLIMITED
APP_PROFILE PASSWORD_REUSE_MAX PASSWORD UNLIMITED
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
APP_PROFILE PASSWORD_VERIFY_FUNCTION PASSWORD VERIFY_FUNCTION_11G
APP_PROFILE LOGICAL_READS_PER_SESSION KERNEL DEFAULT
APP_PROFILE PASSWORD_LOCK_TIME PASSWORD DEFAULT
APP_PROFILE SESSIONS_PER_USER KERNEL DEFAULT
APP_PROFILE CPU_PER_CALL KERNEL DEFAULT
控制密码过期的策略PASSWORD_LIFE_TIME为DEFAULT,应该没设过期限制,但帐号确实是过期了,
查阅官方材料,11g中确实有了改变,默认参数的值变了,具体如下
因此,为了安全起见,修改密码相关的资源限制为unlimit,密码永不过期,过期后锁定1分钟左右(0.0006天)
ALTER PROFILE APP_PROFILE limit PASSWORD_LIFE_TIME UNLIMITED;
ALTER PROFILE APP_PROFILE limit PASSWORD_LOCK_TIME 0.0006
AUDIT_TRAIL
NONE
DB
O7_DICTIONARY_ACCESSIBILITY
FALSE
FALSE
PASSWORD_GRACE_TIME
UNLIMITED
7
PASSWORD_LOCK_TIME
UNLIMITED
1
FAILED_LOGIN_ATTEMPTS
10
10
PASSWORD_LIFE_TIME
UNLIMITED
180
PASSWORD_REUSE_MAX
UNLIMITED
UNLIMITED
PASSWORD_REUSE_TIME
UNLIMITED
UNLIMITED
REMOTE_OS_ROLES
FALSE
FALSE
