Re: Possible? Manually set EXPTIME in USER$ to set EXPIRY_DATE in DBA_USERS

Hmmm... yes... by reading through the view definition for DBA_USERS I learnt a great deal about how Oracle answers the "when does this user's password expire?" question. Seems the USER$.EXPTIME column is *not* referenced when the user's account status is OPEN. Instead, an on-the-fly join is done to the definition of the user's PROFILE (in PROFILE$), where the appropriate LIMIT# value (which contains the password lifetime) is compared with the last date on which the user changed his/her password (in USER$.PTIME).

The net effect is that if you want to make a move from having no password expiration, to having one, you (a) necessarily have to use a PROFILE with a password lifetime; and (b) it's highly likely that the large majority of your users will *immediately* be expired when you implement the PROFILE.

So... I think the next thing I'll try is to set the PTIME in USER$. One way or another I'm trying to fool it into smoothing this transition.

"Nuno Souto" <nsouto_at_optushome.com.au.nospam> wrote in message news:3ca7a92c.2785649_at_news-vip.optusnet.com.au...
> Kai-Joachim Kamrath doodled thusly:
>
> >I know that it's possible, though *highly* (and rightly) discouraged, to
> >tamper with Oracle's underlying database definition tables (meta data),
> >owned by SYS. But just maybe...
>
> Hmmm, maybe. But not in this case, I'd think.
>
> >passwords... yet Oracle gives me just one option to do so: ALTER USER
> >username PASSWORD EXPIRE. This takes effect immediately. I'd prefer to
> >give the users some warning, and allow them to warm up to the idea. I'd
>
> I suppose one alternative would be to use a login trigger that checks
> if user's password is about to "expire" and warns the user
> accordingly?
>
>
> Cheers
> Nuno Souto
> nsouto_at_optushome.com.au.nospam
Received on Mon Apr 01 2002 - 09:33:14 CST