Home » RDBMS Server » Security » Password aging without expiry (Oracle 11g)
Password aging without expiry [message #583871] Mon, 06 May 2013 06:42 Go to next message
rashmibs
Messages: 4
Registered: May 2013
Junior Member
Hi All,

We have a requirement that the password of users never expire. But the user is notified when the password has not been changed for a long time. For example: If the user has not changed his password in 100days, he is to be notified that the password is old and he should consider changing it.
Is this possible directly through the password policy configurations? Or will it have to be handled using a separate procedure?
Re: Password aging without expiry [message #583872 is a reply to message #583871] Mon, 06 May 2013 06:46 Go to previous messageGo to next message
John Watson
Messages: 4082
Registered: January 2010
Location: Global Village
Senior Member
I think you can do this with a profile. Set password_life_time to a hundred days, and password_grace_time to unlimited.
Re: Password aging without expiry [message #583873 is a reply to message #583872] Mon, 06 May 2013 06:51 Go to previous messageGo to next message
rashmibs
Messages: 4
Registered: May 2013
Junior Member
Is there an alternate approach? As password_life_time value would still indicate that password has an expiry of 100 days.
Re: Password aging without expiry [message #583874 is a reply to message #583873] Mon, 06 May 2013 06:58 Go to previous messageGo to next message
Michel Cadot
Messages: 57612
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
With a password_grace_time to unlimited it will actually not expire but each time the user connect he will receive a message saying his password is in grace period and so it is older than 100 days.

I think this is the best solution.

Regards
Michel

[Updated on: Mon, 06 May 2013 06:59]

Report message to a moderator

Re: Password aging without expiry [message #583878 is a reply to message #583874] Mon, 06 May 2013 07:29 Go to previous messageGo to next message
John Watson
Messages: 4082
Registered: January 2010
Location: Global Village
Senior Member
Exactly. See this, rashmibs:
orcl>
orcl> alter user jw password expire
  2  ;

User altered.

orcl>
orcl> conn jw/jw
ERROR:
ORA-28001: the password has expired


Changing password for jw
New password:
Your software will have to handle the ora-28001 appropriately. SQL*Plus throws you straight into a prompt to change the password but it sounds as though you want only a message.
Re: Password aging without expiry [message #583908 is a reply to message #583878] Mon, 06 May 2013 23:36 Go to previous messageGo to next message
rashmibs
Messages: 4
Registered: May 2013
Junior Member
Thank you John for the help.
Re: Password aging without expiry [message #583915 is a reply to message #583908] Tue, 07 May 2013 00:04 Go to previous messageGo to next message
Michel Cadot
Messages: 57612
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
So my answers are useless for you... Sad I will remember it.

Regards
Michel
Re: Password aging without expiry [message #583916 is a reply to message #583915] Tue, 07 May 2013 00:17 Go to previous messageGo to next message
rashmibs
Messages: 4
Registered: May 2013
Junior Member
Thank you Michel Smile Sorry I just happened to see only the last message when I logged in.
Re: Password aging without expiry [message #592786 is a reply to message #583916] Mon, 12 August 2013 06:40 Go to previous messageGo to next message
8939513598$
Messages: 101
Registered: July 2013
Location: chennai
Senior Member
Hi John, why you were giving SQL> Alter user jw password expire; you were suggesting password_life_time=100, i couldn't understand the meaning?
Thanks & Regards,
Rajagopal S


Re: Password aging without expiry [message #592789 is a reply to message #592786] Mon, 12 August 2013 06:48 Go to previous message
Michel Cadot
Messages: 57612
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
John just showed what happens when the password expires.

Regards
Michel
Previous Topic: Data Encryption
Next Topic: bad linux login
Goto Forum:
  


Current Time: Sat Apr 19 08:32:06 CDT 2014

Total time taken to generate the page: 0.07937 seconds