Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.tools -> Re: Password management in Oracle 8

Re: Password management in Oracle 8

From: Brian Peasland <peasland_at_edcmail.cr.usgs.gov>
Date: 2000/06/23
Message-ID: <3953892F.665C9F73@edcmail.cr.usgs.gov>#1/1 






All of this is possible with Oracle 8 and higher. You will need to set
up a profile which has all the settings you want and then assign that
profile to the user(s). For example:



  CREATE PROFILE user_profile


  LIMIT



  PASSWORD_LIFE_TIME 90



  FAILED_LOGIN_ATTEMPTS 3


  PASSWORD_LOCK_TIME unlimited
  PASSWORD_REUSE_MAX 2
  PASSWORD_VERIFY_FUNCTION pswd_verify;





  ALTER USER username PROFILE user_profile;



> 1. Is there any setting to disable a user account if the user has

> repeated login failure? e.g., disable the account if 3 continuous fails?




My above example will lock the user's account after 3 failed login
attempts. When the account is locked, it is locked for the
PASSWORD_LOCK_TIME amount of time. Meaning you can determine how long
the user must wait before attempting to log in again if their account
was locked due to failed login attempts. In my example, the account will
be locked until the DBA manually unlocks the account. 
 


> 2. Do Oracle keep any password history? We want to know the 3 previous

> password. At least, we want to prevent the user change the password to

> the original one.




In my example, Oracle will keep track of the last two passwords
(PASSWORD_REUSE_MAX) and will not let the user change their password to
one of these passwords.



You can also supply your own password verification function (pswd_verify
in my example). For instance, you may want the passwords to be at least
6 characters but no more than 10, and contain a number, but not the
first character. You can write the PL/SQL function yourself. By adding
that function to the profile (PASSWORD_VERIFY_FUNCTION) you can force
the users to conform to standards you have set up.



There is lots more on this subject and you'll probably want to refer to
the Oracle documentation.



> Or these should be done by the frontend application?




If you are on Oracle 7, then you'll have to code this in your appl. If
you are in Oracle 8 or 8i, then you can let Oracle handle it for you.



HTH,



Brian


-- 
========================================
Brian Peasland
Raytheons Systems at
  USGS EROS Data Center
These opinions are my own and do not
necessarily reflect the opinions of my 
company!
========================================


Received on Fri Jun 23 2000 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US