| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: enable password life time
On 12 Apr 2004 09:09:27 -0700, stjanda_at_yahoo.com (Stephen) wrote:
>when setting password_life_time for a profile, will that cause
>everyone's password to expire immediately if it is old or start
>counting from the day it is enabled??
Hi Stephen,
None of the two.
You have to count in PASSSWORD_GRACE_TIME to answer the question :
If you set PASSWORD_LIFE_TIME without setting PASSSWORD_GRACE_TIME(it defaults to UNLIMITED), no accounts will really expire. Their accounts will be *marked* expired next time they login, but they can still login without ever changing passwords.
if you set PASSSWORD_GRACE_TIME < UNLIMITED, the users will have PASSSWORD_GRACE_TIME days to change their login *after their first login attempt after the expiration date* (got that?)
Example :
One user hasn't changed his password for 30 days. Yoy change his profile to PASSWORD_LIFE_TIME = 7 and PASSSWORD_GRACE_TIME = 3.
First time the user logs in after this, Oracle detects that he must change his password. He will then get a warning, but he can still login for 3 days after this login attempt. After that he must change his password to be able to login.
This applies to 9i.
 |
 |