Database Reference
In-Depth Information
Number 3: Time limitation from password expiry has some good points and is easier to enforce. Password expiry
has the added benefit of resetting shared passwords to be unshared again, thus reducing the risk of leavers having
access to active accounts.
These tasks (2 + 3) are achieved using profiles and a password verification function, which has been updated in
12c beta and again for the 12.1 GA.
Enable profiles by executing as the SYS user the following standard
.sql
file provided with the install:
/home/oracle/app/oracle2/product/12.1.0/dbhome_2/rdbms/admin/utlpwdmg.sql
To Oracle's credit, all the code controlling passwords in this file is easily readable by the user and editable so
that a DBA can set the controls themselves in collaboration with security, compliance, and auditor staff as well as the
customer user teams, who actually have to put up with the effects of controlled password changes. Some accounts will
need to be exempted, e.g., application accounts with static passwords, but these should never be used by humans out
of release anyway. This can be checked by auditing and by using the wonderful new
LAST_LOGIN
from
DBA_USERS
.
SQL> desc dba_users;
Name Null? Type
----------------------------------------- -------- ----------------------------
USERNAME NOT NULL VARCHAR2(128)
USER_ID NOT NULL NUMBER
PASSWORD VARCHAR2(4000)
ACCOUNT_STATUS NOT NULL VARCHAR2(32)
LOCK_DATE DATE
EXPIRY_DATE DATE
DEFAULT_TABLESPACE NOT NULL VARCHAR2(30)
TEMPORARY_TABLESPACE NOT NULL VARCHAR2(30)
CREATED NOT NULL DATE
PROFILE NOT NULL VARCHAR2(128)
INITIAL_RSRC_CONSUMER_GROUP VARCHAR2(128)
EXTERNAL_NAME VARCHAR2(4000)
PASSWORD_VERSIONS VARCHAR2(12)
EDITIONS_ENABLED VARCHAR2(1)
AUTHENTICATION_TYPE VARCHAR2(8)
PROXY_ONLY_CONNECT VARCHAR2(1)
COMMON VARCHAR2(3)
LAST_LOGIN TIMESTAMP(9) WITH TIME ZONE
ORACLE_MAINTAINED VARCHAR2(1)
This
LAST_LOGON
is echoed to the user when they log on through SQL*PLUS (unless you are using a < 12c client).
sqlplus vpdtest/lowsec@192.168.1.3/pdborcl
SQL*Plus: Release 12.1.0.1.0 Production on Mon Aug 12 21:31:02 2013
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Last Successful login time: Mon Aug 12 2013 21:28:35 +01:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
