RE: Enforcing password rules in oracle database
From: Powell, Mark <mark.powell2_at_hp.com>
Date: Fri, 18 Mar 2011 17:41:51 +0000
Message-ID: <7C4BF3B32B80CC44AE37D31B17241593745A09F9D4_at_GVW1337EXC.americas.hpqcorp.net>
I would think you would want to require more than 7 characters especially with such a long duration which you might consider shortening.
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Mahesh G Sent: Friday, March 18, 2011 4:31 AM
To: oracle-l_at_freelists.org
Subject: Enforcing password rules in oracle database
Date: Fri, 18 Mar 2011 17:41:51 +0000
Message-ID: <7C4BF3B32B80CC44AE37D31B17241593745A09F9D4_at_GVW1337EXC.americas.hpqcorp.net>
I would think you would want to require more than 7 characters especially with such a long duration which you might consider shortening.
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Mahesh G Sent: Friday, March 18, 2011 4:31 AM
To: oracle-l_at_freelists.org
Subject: Enforcing password rules in oracle database
Hi all,
We have one requirement to enforce below mentioned password rules for all newly created user accounts in our environment.
- All passwords must have at least 7 characters in length
- All Logins will require the use of a password
- Passwords must not match the username
- Unsuccessful login attempts must be audited
- Password duration <= 90 days
- Failed logins limit = 6
Oracle built-in feature, setting Default profile and calling verify_function function ($ORACLE_HOME/rdbms/admin/utlpwdmg.sql ) doesnt serve my purpose. Because 2 rule will be violated for those users who use external password option. My env is combination of 9i, 10g & 11g version databases.
Can you recommend / suggest any best way to implement the above rules ? It would be great help.
Regards,
- Mahesh
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Mar 18 2011 - 12:41:51 CDT