managing password security and resources
DESCRIPTION
Managing Password Security and Resources. Objectives. After completing this lesson, you should be able to do the following: Manage passwords using profiles Administer profiles Control use of resources using profiles Obtain information about profiles, password management, and resources. - PowerPoint PPT PresentationTRANSCRIPT
14Copyright © Oracle Corporation, 2001. All rights reserved.
Managing Password Security and Resources
14-2 Copyright © Oracle Corporation, 2001. All rights reserved.
Objectives
After completing this lesson, you should be able to do the following:
• Manage passwords using profiles
• Administer profiles
• Control use of resources using profiles
• Obtain information about profiles, password management, and resources
14-3 Copyright © Oracle Corporation, 2001. All rights reserved.
Profiles
• A profile is a named set of password and resource limits.
• Profiles are assigned to users by the CREATE USER or ALTER USER command.
• Profiles can be enabled or disabled.
• Profiles can relate to the DEFAULT profile.
14-5 Copyright © Oracle Corporation, 2001. All rights reserved.
User
Password expiration and aging
Password verification
Password history
Account locking
Setting up profiles
Password Management
14-6 Copyright © Oracle Corporation, 2001. All rights reserved.
• Set up password management by using profiles and assigning them to users.
• Lock, unlock, and expire accounts using the CREATE USER or ALTER USER command.
• Password limits are always enforced.
• To enable password management, run the utlpwdmg.sql script as the user SYS.
Enabling Password Management
14-7 Copyright © Oracle Corporation, 2001. All rights reserved.
Password Account Locking
Parameter
Number of failed login attempts before lockout of the account
Number of days the account is locked after the specified number of failed login attempts
FAILED_LOGIN_ATTEMPTS
PASSWORD_LOCK_TIME
Description
14-8 Copyright © Oracle Corporation, 2001. All rights reserved.
Parameter
Lifetime of the password in days after which the password expires
Grace period in days for changing the password after the first successful login after the password has expired
PASSWORD_LIFE_TIME
PASSWORD_GRACE_TIME
Parameter
Password Expiration and Aging
14-9 Copyright © Oracle Corporation, 2001. All rights reserved.
Password History
Parameter
Number of days before a password can be reused
Maximum number of times apassword can be reused
PASSWORD_REUSE_TIME
PASSWORD_REUSE_MAX
Description
14-10 Copyright © Oracle Corporation, 2001. All rights reserved.
Password Verification
Parameter
PL/SQL function that performs a password complexity check before a password is assigned
PASSWORD_VERIFY_FUNCTION
Description
14-11 Copyright © Oracle Corporation, 2001. All rights reserved.
User-Provided Password Function
This function must be created in the SYS schema and must have the following specification:
function_name(
userid_parameter IN VARCHAR2(30),
password_parameter IN VARCHAR2(30),
old_password_parameter IN VARCHAR2(30))
RETURN BOOLEAN
14-12 Copyright © Oracle Corporation, 2001. All rights reserved.
Password Verification Function VERIFY_FUNCTION
• Minimum length is four characters.
• Password should not be equal to username.
• Password should have at least one alphabetic, one numeric, and one special character.
• Password should differ from the previous password by at least three letters.
14-13 Copyright © Oracle Corporation, 2001. All rights reserved.
CREATE PROFILE grace_5 LIMIT
FAILED_LOGIN_ATTEMPTS 3
PASSWORD_LOCK_TIME UNLIMITED
PASSWORD_LIFE_TIME 30
PASSWORD_REUSE_TIME 30
PASSWORD_VERIFY_FUNCTION verify_function
PASSWORD_GRACE_TIME 5;
Creating a Profile: Password Settings
14-17 Copyright © Oracle Corporation, 2001. All rights reserved.
ALTER PROFILE default LIMIT
FAILED_LOGIN_ATTEMPTS 3
PASSWORD_LIFE_TIME 60
PASSWORD_GRACE_TIME 10;
Altering a Profile: Password Setting
Use ALTER PROFILE to change password limits
14-19 Copyright © Oracle Corporation, 2001. All rights reserved.
DROP PROFILE developer_prof;
DROP PROFILE developer_prof CASCADE;
Dropping a Profile: Password Setting
• Drop the profile using DROP PROFILE command.
• DEFAULT profile cannot be dropped.
• CASCADE revokes the profile from user to whom assigned
14-21 Copyright © Oracle Corporation, 2001. All rights reserved.
Summary
In this lesson, you should have learned how to:
• Administer passwords
• Administer profiles
14-22 Copyright © Oracle Corporation, 2001. All rights reserved.
Practice 14 Overview
This practice covers the following topics:
• Enabling password management
• Defining profiles and assigning to users
• Disabling password management