managing password security and resources

14Copyright © Oracle Corporation, 2001. All rights reserved.

Managing Password Security and Resources

14-2 Copyright © Oracle Corporation, 2001. All rights reserved.

Objectives

After completing this lesson, you should be able to do the following:

• Manage passwords using profiles

• Administer profiles

• Control use of resources using profiles

• Obtain information about profiles, password management, and resources


Profiles

• A profile is a named set of password and resource limits.

• Profiles are assigned to users by the CREATE USER or ALTER USER command.

• Profiles can be enabled or disabled.

• Profiles can relate to the DEFAULT profile.


User

Password expiration and aging

Password verification

Password history

Account locking

Setting up profiles

Password Management


• Set up password management by using profiles and assigning them to users.

• Lock, unlock, and expire accounts using the CREATE USER or ALTER USER command.

• Password limits are always enforced.

• To enable password management, run the utlpwdmg.sql script as the user SYS.

Enabling Password Management


Password Account Locking

Parameter

Number of failed login attempts before lockout of the account

Number of days the account is locked after the specified number of failed login attempts

FAILED_LOGIN_ATTEMPTS

PASSWORD_LOCK_TIME

Description


Parameter

Lifetime of the password in days after which the password expires

Grace period in days for changing the password after the first successful login after the password has expired

PASSWORD_LIFE_TIME

PASSWORD_GRACE_TIME

Parameter

Password Expiration and Aging


Password History

Parameter

Number of days before a password can be reused

Maximum number of times apassword can be reused

PASSWORD_REUSE_TIME

PASSWORD_REUSE_MAX

Description


Password Verification

Parameter

PL/SQL function that performs a password complexity check before a password is assigned

PASSWORD_VERIFY_FUNCTION

Description


User-Provided Password Function

This function must be created in the SYS schema and must have the following specification:

function_name(

userid_parameter IN VARCHAR2(30),

password_parameter IN VARCHAR2(30),

old_password_parameter IN VARCHAR2(30))

RETURN BOOLEAN


Password Verification Function VERIFY_FUNCTION

• Minimum length is four characters.

• Password should not be equal to username.

• Password should have at least one alphabetic, one numeric, and one special character.

• Password should differ from the previous password by at least three letters.


CREATE PROFILE grace_5 LIMIT

FAILED_LOGIN_ATTEMPTS 3

PASSWORD_LOCK_TIME UNLIMITED

PASSWORD_LIFE_TIME 30

PASSWORD_REUSE_TIME 30

PASSWORD_VERIFY_FUNCTION verify_function

PASSWORD_GRACE_TIME 5;

Creating a Profile: Password Settings


ALTER PROFILE default LIMIT

FAILED_LOGIN_ATTEMPTS 3

PASSWORD_LIFE_TIME 60

PASSWORD_GRACE_TIME 10;

Altering a Profile: Password Setting

Use ALTER PROFILE to change password limits


DROP PROFILE developer_prof;

DROP PROFILE developer_prof CASCADE;

Dropping a Profile: Password Setting

• Drop the profile using DROP PROFILE command.

• DEFAULT profile cannot be dropped.

• CASCADE revokes the profile from user to whom assigned


Summary

In this lesson, you should have learned how to:

• Administer passwords

• Administer profiles


Practice 14 Overview

This practice covers the following topics:

• Enabling password management

• Defining profiles and assigning to users

• Disabling password management

managing password security and resources

Documents