Password Management

You can manage passwords to increase the level of security that can be implemented for authentication.

This section provides an overview of password management in TimesTen.

Password Management Features

Password Management Features
Password management features can enhance the security of your database.

Password Lifetime and Grace Time
Limitations on Password Reuse
Maximum Failed Login Attempts and Password Lock Time

TO CHECK PASSWORD LIMITS

	select profile,resource_name,limit from dba_profiles
	where resource_type='PASSWORD' and profile='DEFAULT';

PROFILE RESOURCE_NAME LIMIT
---------------- ---------------- ----------------
DEFAULT FAILED_LOGIN_ATTEMPTS 10
DEFAULT PASSWORD_LIFE_TIME 180
DEFAULT PASSWORD_REUSE_TIME UNLIMITED
DEFAULT PASSWORD_REUSE_MAX UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION NULL ***
DEFAULT PASSWORD_LOCK_TIME 1
DEFAULT PASSWORD_GRACE_TIME 7
DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED

CHECK THE DETAILS OF USER

	SQL> select username,profile,account_status,lock_date
	from dba_users where username='TESDB';

	USERNAME	 PROFILE	ACCOUNT_STATUS		LOCK_DATE
	--------   ----------  ----------------  	---------
	TESDB      	 DEFAULT	      OPEN

RUN THE PASSWORD MANAGER PACKAGE

	SQL> @?/rdbms/admin/utlpwdmg.sql;
	Profile altered.

TO CHECK PASSWORD LIMITS.

	SQL> select profile,resource_name,limit from dba_profiles
	where resource_type='PASSWORD' and profile='DEFAULT';

	
		PROFILE RESOURCE_NAME LIMIT
		---------------- ---------------- ----------------
		DEFAULT FAILED_LOGIN_ATTEMPTS 10
		DEFAULT PASSWORD_LIFE_TIME 180
		DEFAULT PASSWORD_REUSE_TIME UNLIMITED
		DEFAULT PASSWORD_REUSE_MAX UNLIMITED
		DEFAULT PASSWORD_VERIFY_FUNCTION ORA12C_VERIFY_FUNCTION ***
		DEFAULT PASSWORD_LOCK_TIME 1
		DEFAULT PASSWORD_GRACE_TIME 7
		DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED

CREATE USERS TO CHECK PASSWORD AUTHENTICATION

	SQL> create user tesdba  identified by tesdba;
	create user tesdba  identified by tesdba
	*
	ERROR at line 1:
	ORA-28003: password verification for the specified password failed
	ORA-20000: password length less than 8 bytes


	SQL> create user tesdba identified by tesdba123;
	create user tesdba identified by tesdba123
	*
	ERROR at line 1:
	ORA-28003: password verification for the specified password failed
	ORA-20000: password must contain 1 or more special characters

	SQL> create user tesdba identified by tesdb_123;
	create user tesdba identified by tesdb_123
	*
	ERROR at line 1:
	ORA-28003: password verification for the specified password failed
	ORA-20000: password contains the server name

	SQL> create user tesdba identified by test_123;
	create user tesdba identified by test_123
	*
	ERROR at line 1:
	ORA-28003: password verification for the specified password failed
	ORA-20000: password contains the server name

	SQL> create user tesdba identified by raju_123;
	User created.

	SQL>

PASSWORD REUSE:

	SQL> alter profile default limit password_reuse_max 2;
	Profile altered.

	SQL> select profile,resource_name,limit from dba_profiles
	where resource_type='PASSWORD' and profile='DEFAULT';

	
		PROFILE RESOURCE_NAME LIMIT
		---------------- ---------------- ----------------
		DEFAULT FAILED_LOGIN_ATTEMPTS 10
		DEFAULT PASSWORD_LIFE_TIME 180
		DEFAULT PASSWORD_REUSE_TIME UNLIMITED
		DEFAULT PASSWORD_REUSE_MAX 2***
		DEFAULT PASSWORD_VERIFY_FUNCTION ORA12C_VERIFY_FUNCTION ***
		DEFAULT PASSWORD_LOCK_TIME 1
		DEFAULT PASSWORD_GRACE_TIME 7
		DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED
	
	8 rows selected.

ALTER USER PASSWORD

	SQL> alter user tesdba identified by raji_123;
	User altered.

	SQL> alter user tesdba identified by mani_123;
	User altered.

	SQL> alter user tesdba identified by raji_123;
	alter user tesdba identified by raji_123
	*
	ERROR at line 1:
	ORA-28007: the password cannot be reused

	SQL>

FAILED_LOGIN_ATTEMPTS:

	SQL> alter profile default limit FAILED_LOGIN_ATTEMPTS 2;
	Profile altered.

	SQL> select profile,resource_name,limit from dba_profiles
	where resource_type='PASSWORD' and profile='DEFAULT';
	
		PROFILE RESOURCE_NAME LIMIT
		---------------- ---------------- ----------------
		DEFAULT FAILED_LOGIN_ATTEMPTS 2**
		DEFAULT PASSWORD_LIFE_TIME 180
		DEFAULT PASSWORD_REUSE_TIME UNLIMITED
		DEFAULT PASSWORD_REUSE_MAX 2
		DEFAULT PASSWORD_VERIFY_FUNCTION ORA12C_VERIFY_FUNCTION ***
		DEFAULT PASSWORD_LOCK_TIME 1
		DEFAULT PASSWORD_GRACE_TIME 7
		DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED
	
	SQL> conn tesdba/jill_122;
	ERROR:
	ORA-01017: invalid username/password; logon denied
	Warning: You are no longer connected to ORACLE.

	SQL> conn tesdba/jill_121;
	ERROR:
	ORA-01017: invalid username/password; logon denied

	SQL> conn tesdba/jill_112;
	ERROR:
	ORA-28000: The account is locked.

	PASSWORD_VERIFY_FUNCTION   nul

	SQL> conn / as sysdba
	Connected.

	SQL> alter profile default limit PASSWORD_VERIFY_FUNCTION null;
	Profile altered.

	SQL> select profile,resource_name,limit from dba_profiles
	where resource_type='PASSWORD' and profile='DEFAULT';
	
		PROFILE RESOURCE_NAME LIMIT
		---------------- ---------------- ----------------
		DEFAULT FAILED_LOGIN_ATTEMPTS 2
		DEFAULT PASSWORD_LIFE_TIME 180
		DEFAULT PASSWORD_REUSE_TIME UNLIMITED
		DEFAULT PASSWORD_REUSE_MAX 2
		DEFAULT PASSWORD_VERIFY_FUNCTION NULL ***
		DEFAULT PASSWORD_LOCK_TIME 1
		DEFAULT PASSWORD_GRACE_TIME 7
		DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED
	
	8 rows selected.

	SQL> create user tesdb_center identified by tesdb_center;
	User created.

	SQL>