You can manage passwords to increase the level of security that can be implemented for authentication.
This section provides an overview of password management in TimesTen.
- Password Management Features
Password Management Features
Password management features can enhance the security of your database.
- Password Lifetime and Grace Time
- Limitations on Password Reuse
- Maximum Failed Login Attempts and Password Lock Time
TO CHECK PASSWORD LIMITS
select profile,resource_name,limit from dba_profiles
where resource_type='PASSWORD' and profile='DEFAULT';
PROFILE | RESOURCE_NAME | LIMIT |
---------------- | ---------------- | ---------------- |
DEFAULT | FAILED_LOGIN_ATTEMPTS | 10 |
DEFAULT | PASSWORD_LIFE_TIME | 180 |
DEFAULT | PASSWORD_REUSE_TIME | UNLIMITED |
DEFAULT | PASSWORD_REUSE_MAX | UNLIMITED |
DEFAULT | PASSWORD_VERIFY_FUNCTION | NULL *** |
DEFAULT | PASSWORD_LOCK_TIME | 1 |
DEFAULT | PASSWORD_GRACE_TIME | 7 |
DEFAULT | INACTIVE_ACCOUNT_TIME | UNLIMITED |
CHECK THE DETAILS OF USER
SQL> select username,profile,account_status,lock_date
from dba_users where username='TESDB';
USERNAME PROFILE ACCOUNT_STATUS LOCK_DATE
-------- ---------- ---------------- ---------
TESDB DEFAULT OPEN
RUN THE PASSWORD MANAGER PACKAGE
SQL> @?/rdbms/admin/utlpwdmg.sql;
Profile altered.
TO CHECK PASSWORD LIMITS.
SQL> select profile,resource_name,limit from dba_profiles
where resource_type='PASSWORD' and profile='DEFAULT';
PROFILE | RESOURCE_NAME | LIMIT |
---------------- | ---------------- | ---------------- |
DEFAULT | FAILED_LOGIN_ATTEMPTS | 10 |
DEFAULT | PASSWORD_LIFE_TIME | 180 |
DEFAULT | PASSWORD_REUSE_TIME | UNLIMITED |
DEFAULT | PASSWORD_REUSE_MAX | UNLIMITED |
DEFAULT | PASSWORD_VERIFY_FUNCTION | ORA12C_VERIFY_FUNCTION *** |
DEFAULT | PASSWORD_LOCK_TIME | 1 |
DEFAULT | PASSWORD_GRACE_TIME | 7 |
DEFAULT | INACTIVE_ACCOUNT_TIME | UNLIMITED |
CREATE USERS TO CHECK PASSWORD AUTHENTICATION
SQL> create user tesdba identified by tesdba;
create user tesdba identified by tesdba
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20000: password length less than 8 bytes
SQL> create user tesdba identified by tesdba123;
create user tesdba identified by tesdba123
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20000: password must contain 1 or more special characters
SQL> create user tesdba identified by tesdb_123;
create user tesdba identified by tesdb_123
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20000: password contains the server name
SQL> create user tesdba identified by test_123;
create user tesdba identified by test_123
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20000: password contains the server name
SQL> create user tesdba identified by raju_123;
User created.
SQL>
PASSWORD REUSE:
SQL> alter profile default limit password_reuse_max 2;
Profile altered.
SQL> select profile,resource_name,limit from dba_profiles
where resource_type='PASSWORD' and profile='DEFAULT';
PROFILE | RESOURCE_NAME | LIMIT |
---------------- | ---------------- | ---------------- |
DEFAULT | FAILED_LOGIN_ATTEMPTS | 10 |
DEFAULT | PASSWORD_LIFE_TIME | 180 |
DEFAULT | PASSWORD_REUSE_TIME | UNLIMITED |
DEFAULT | PASSWORD_REUSE_MAX | 2*** |
DEFAULT | PASSWORD_VERIFY_FUNCTION | ORA12C_VERIFY_FUNCTION *** |
DEFAULT | PASSWORD_LOCK_TIME | 1 |
DEFAULT | PASSWORD_GRACE_TIME | 7 |
DEFAULT | INACTIVE_ACCOUNT_TIME | UNLIMITED |
8 rows selected.
ALTER USER PASSWORD
SQL> alter user tesdba identified by raji_123;
User altered.
SQL> alter user tesdba identified by mani_123;
User altered.
SQL> alter user tesdba identified by raji_123;
alter user tesdba identified by raji_123
*
ERROR at line 1:
ORA-28007: the password cannot be reused
SQL>
FAILED_LOGIN_ATTEMPTS:
SQL> alter profile default limit FAILED_LOGIN_ATTEMPTS 2;
Profile altered.
SQL> select profile,resource_name,limit from dba_profiles
where resource_type='PASSWORD' and profile='DEFAULT';
PROFILE | RESOURCE_NAME | LIMIT |
---------------- | ---------------- | ---------------- |
DEFAULT | FAILED_LOGIN_ATTEMPTS | 2** |
DEFAULT | PASSWORD_LIFE_TIME | 180 |
DEFAULT | PASSWORD_REUSE_TIME | UNLIMITED |
DEFAULT | PASSWORD_REUSE_MAX | 2 |
DEFAULT | PASSWORD_VERIFY_FUNCTION | ORA12C_VERIFY_FUNCTION *** |
DEFAULT | PASSWORD_LOCK_TIME | 1 |
DEFAULT | PASSWORD_GRACE_TIME | 7 |
DEFAULT | INACTIVE_ACCOUNT_TIME | UNLIMITED |
SQL> conn tesdba/jill_122;
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn tesdba/jill_121;
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> conn tesdba/jill_112;
ERROR:
ORA-28000: The account is locked.
PASSWORD_VERIFY_FUNCTION nul
SQL> conn / as sysdba
Connected.
SQL> alter profile default limit PASSWORD_VERIFY_FUNCTION null;
Profile altered.
SQL> select profile,resource_name,limit from dba_profiles
where resource_type='PASSWORD' and profile='DEFAULT';
PROFILE | RESOURCE_NAME | LIMIT |
---------------- | ---------------- | ---------------- |
DEFAULT | FAILED_LOGIN_ATTEMPTS | 2 |
DEFAULT | PASSWORD_LIFE_TIME | 180 |
DEFAULT | PASSWORD_REUSE_TIME | UNLIMITED |
DEFAULT | PASSWORD_REUSE_MAX | 2 |
DEFAULT | PASSWORD_VERIFY_FUNCTION | NULL *** |
DEFAULT | PASSWORD_LOCK_TIME | 1 |
DEFAULT | PASSWORD_GRACE_TIME | 7 |
DEFAULT | INACTIVE_ACCOUNT_TIME | UNLIMITED |
8 rows selected.
SQL> create user tesdb_center identified by tesdb_center;
User created.
SQL>