Oracle 12c Password (part 2)

Oracle Community

Oracle 12c Password (part 2)

Follow / 11.19.2013 at 11:41pm

Hi,

This blog and next week’s will discuss Oracle12 password stuff.

As discussed last week, Oracle12 has implemented a password complexity scheme. In Oracle12, the password must be at least 8 positions long, and contain a mix of lower case/upper case/and numeric/special characters.

For this reason, I have changed my default training user from USER1 to Student01. I like the passwords to be the same as the user id in class. I also use this syntax to turn off password expiring, password history, and password failed login attempts.

ALTER PROFILE default LIMIT failed_login_attempts unlimited;

ALTER PROFILE default LIMIT password_life_time unlimited;

ALTER PROFILE default LIMIT password_reuse_time 0;

Now, my class passwords will not expire, they can be reset to the same password, and they can try many times to get the password correct.

Oracle11 implemented some of these things as well…such as the expiring passwords. I’ve had to set the password_life_time and failed_logi_attempts on my Oracle11 databases as well.

Here is a chart of the settings, their default values and a brief description of what they mean:

Password Variable

Default Value

Brief Description

FAILED_LOGIN_ATTEMPTS

10

Account locked when this number of failed attempts is reached before a successful login

PASSWORD_LOCK_TIME

1

Number of days the account will be locked after the above failed_login_attempts have been reached

PASSWORD_GRACE_TIME

7

Number of days after password has expired to change the password

PASSWORD_LIFE_TIME

180

Number of days before a password expires

PASSWORD_REUSE_MAX

Unlimited

Number of password changes before the same password can be used again

PASSWORD_REUSE_TIME

Unlimited

Number of days before the same password can be reused

PASSWORD_VERIFY_FUNCTION

Null

Used to implement a stronger password complexity scheme…discussed last week

Have a good week.

Dan Hotka
Oracle ACE Director
Instructor/Author/CEO

 

563 2 /
Follow / 20 Nov 2013 at 3:13am

Actually most of the profile and verification stuff was introduced back in 10g. In fact all the above chart were first available in 10g.

Follow / 20 Nov 2013 at 3:22am

Actually these settings in the chart were all available as far back as 8i!