Sunday, November 11, 2012

Expiring Passwords

Did you know that the default for passwords in Oracle11 is 180 days?

You can disable this feature, adjust this feature, and even assign a grace period for people to change their passwords after the password has expired.

IF the limit was hit...and you get the warning 'password to expire in '...you will need to reset the passwords.  

CREATE PROFILE prof LIMIT
 FAILED_LOGIN_ATTEMPTS 4
 PASSWORD_LOCK_TIME 30
 PASSWORD_LIFE_TIME 90
 PASSWORD_GRACE_TIME 3;
ALTER USER johndoe PROFILE prof;
 (source: Oracle Documentation)

You can also alter a profile and set any of these parmeters:

ALTER PROFILE DEFAULT LIMIT

alter profile default limit PASSWORD_LIFE_TIME UNLIMITED;

Good luck out there!




Password Complexity

These are the rules for Oracle Passwords:
  • The password contains no fewer than 8 characters and does not exceed 30 characters.
  • The password is not the same as the user name, nor is it the user name spelled backward or with the numbers 1–100 appended.
  • The password is not the same as the server name or the server name with the numbers 1–100 appended.
  • The password is not too simple, for example, welcome1, database1, account1, user1234, password1, oracle,oracle123, computer1, abcdefg1, or change_on_install.
  • The password is not oracle or oracle with the numbers 1–100 appended.
  • The password includes at least 1 numeric and 1 alphabetic character.
  • The password differs from the previous password by at least 3 letters.


    You can make changes to this default behavior by editing the UTLPWDMG.SQL script

    Check my prior blogs on how to disable this feature altogether.  I do this for my training environments.  I wish to use the same password as the user ID and also turn off case-sensitivity...